Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Security Insights Blog

What’s New in the Spam Market?

The Underground Economy, Pt. 11
Created: 20 Aug 2014
Satnam Narang's picture
+2 2 Votes
Login to vote

We’ve always had “spam” in one form or another, from junk mail to unwanted telephone calls to today’s ubiquitous spam emails. In recent years, we’ve actually seen the volume of email-based spam taper off from its highest levels, which has led some to wonder, is the spam market dying? From what we’ve seen at Symantec, while the market has receded, it is far from dead and has been evolving.  

In this year’s Symantec Internet Security Threat Report we found that spam in business email decreased marginally by 3 percent, from 30 billion spam emails per day in 2012, to 29 billion in 2013. This encompasses a variety of spam types from popular diet, pharmaceutical, and adult and dating spam that can be an incredible nuisance, to the more dangerous malicious spam that is laden with malware attachments.

This second type of spam, used to distribute malware, has become increasingly popular. Many spammers that previously used their botnets to push nuisance spam are now focused on bundling different types of malware together or running phishing scams. Cyber-crooks looking to distribute malware can pay someone with a spam bot to get malware installed on large network of computers. For instance, last year tens of millions of customers in the UK were targeted by Cryptolocker malware through a mass spam campaign. Clearly, spam can still be profitable for cybercriminals in some cases and presents a threat that users and businesses need to protect against.

Social Media Spam

While we’re all familiar with email-based spam, the spam that we’re seeing today is not just email anymore. As millions of internet users embraced social media and email clients and providers got better at detecting and filtering spam, spammers moved to social networks where they have a better chance of going undetected. In fact, Nexgate's 2013 State of Social Media Spam Report found that as much as 1 in 200 social media posts is spam and 5 percent of all social media apps are spammy. We’ve already seen spammers infiltrating almost every social media community, including Twitter, Facebook, YouTube, Pinterest, Tumblr, Snapchat and even the mobile dating app Tinder.  

Twitter.png

Pinterest.png

What is driving this increase in spam on social networking sites? Affiliate marketing and its incentives for getting users to fill out surveys, buying products, lead generation and purchasing tangible goods. Social networks provide a perfect haven for spammers because of their reach, as one post can reach thousands compared to email only reaching one user at a time. It’s also harder to detect and can include everything from links, to fake accounts to spammy apps.

Initially many spammers would rely on fake accounts to drive spam, but recently we’ve seen more and more spam originating from accounts that belong to real users. The accounts, from average users to public figures, have been compromised to push spam, which may indicate a growing market among spammers for stolen online credentials that can help them pose as real users.

Obviously, spam is here to stay, but you can use these tips to help protect yourself and your network:

  • Make sure you’re using e-mail anti-spam products like Symantec Email Security.cloud
  • Never open, click on, or respond to anything you suspect is spam
  • Always remember: If it sounds too good to be true, it is
  • Make sure your password on all social networks is strong and unique
  • If available, enable two factor authentication as an added security measure
  • If clicking a link unexpectedly takes you to a social network login page, don’t input your login details – it’s a phishing attempt
  • Keep your browser updated to ensure it has the latest security patches