The Spam Invasion
By Steve Lalino, Director of Computer Forensics
Spam, no not that wonderful mystery meat in a can, the annoying unsolicited and unwanted e-mail messages that have been filling up inboxes around the world has reached epic proportions. Nearly 38 percent of all Internet e-mail received is spam - up from 7 percent in late 2001, according to a recent study conducted by Kessler International.
According to Ferris Research, the average American white collar worker spends a quarter of their workday sifting through their inbox. If nearly half of those emails are spam, approximately one hour per day is being spent deleting the offensive messages, with no relief in sight. According to a survey conducted by Kessler International, the percentage of spam received in inboxes is rising at a rate of approximately 5 percent per month, although it should eventually reach a saturation point.
The problem has also gone beyond losing valuable employee time sifting through the seemingly endless bombardment of spam, this year has marked an increase in messages that are much more aggressive and malicious in nature. Spammers are becoming increasingly creative and technologically savvy, which has produced a whole new breed of threats and scams looming in unsuspecting inboxes.
Anatomy of the Scams
"Kick-Through" ads are one such breed of spam where the user discovers that the simple act of passing their mouse pointer over an area of a message triggers a slew of popup windows containing advertisements, special offers, and in some instances pornographic images.
A recent Discover card scam was uncovered where unsuspecting people were e-mailed a message stating, "Due to inactivity your account has been put On Hold. To remove this status you have to Log In to your account and review the Discover Privacy Policy." This scam has appeared in less sophisticated form in the past, where an official looking website was created to trick users into providing their personal information. This particular scammer linked directly to the content on Discover Card's official website and wrapped the form users filled out in a hidden submission. Upon submission the form was redirected to an e-mail account set up by the scammer.
The most notorious of all scams, the Nigerian scam, is predicted to gross more than $2 billion in 2003 according to MessageLabs, an email scanning service. A recent report by the U.K. National Criminal Intelligence Service stated that as many as five Americans per day have been seen waiting in London hotel lobbies to meet people connected with the scam.
|
Protect Yourself From The Proliferation of Spam:
Kessler International recommends the following procedures to help reduce the proliferation of spam:
1. Never reply to spam. Do not click the links requesting removal from the spammers list that typically appear at the bottom of every spam message. This only confirms to marketers that they have reached a "live" e-mail address. Sure, they will remove you from receiving future mailings of the spam you just replied to, but now they, as well as anyone they sell your name off to, have a legitimate e-mail address. Replying back to these spam messages will actually increase the volume of spam you are likely to receive.
2. Setup a throwaway e-mail address. Many people have separate addresses for their work and personal e-mail. Now it's time to create a third. Use this address for any "public" use such as subscribing to e-mail newsletters, providing contact information for web purchases, or for posting on message boards.
3. Do not open messages known to be spam. An overwhelming amount of spam messages now contain "remote images". Once opened, these messages contact a remote web server, which then displays the image or advertisement in the body of your message. This is now another way in which marketers are confirming their messages have targeted a "live" address. Once this message requests that remote image, the spammer has all your contact information including the IP address you are using to access the web server containing the image.
4. Never buy anything from a spam message. Marketers would love nothing more than to determine they have hit on a "live" e-mail address and generated a sale. This will ensure you will be on every spam list on the planet. Also, depending on the legitimacy of the site, you leave yourself open to credit card fraud.
Fighting Back:
If you fall victim to the constant barrage of offers to refinance your home or enlarge certain portions of your anatomy there are ways to fight back:
1. Register with SpamCop. This is a free service that investigates all instances of spam they receive from users and have been successful in having spammers knocked off of Internet Service Providers. Their service is available at: http://www.spamcop.net.
2. Deploy a spam blocking method. The increase of the spam epidemic has also spurred the emergence of numerous filtering services and software solutions.
Fighting Corporate spam.
Here are a few steps which can be implemented immediately to reduce the volume of spam:
1. Have a written company policy on e-mail and web usage. A good policy should specify whether employees are authorized to sign up for newsletters or web sites that require e-mail addresses.
|
