It's Time to Cut Down on Spam


It’s no secret that spammers count on current events to hoodwink email users. In recent years, everything from the Beijing Olympics to the presidential campaign of Barack Obama to the Oscar ceremonies has provided fodder for their scams. But with the economy in a tailspin, spammers are redoubling their efforts. Continue reading to learn about the latest email threats and what you can do to slow down and effectively block them.

Beware of ‘economic spam’

As economic concerns mount across the globe and media coverage of the downturn intensifies, it’s clear that more and more spammers view “economic spam” as a useful vehicle. According to a recent Symantec State of Spam Report, emails with subject lines such as “HURRY! I found you a new job” and “Global job vacancy - apply now” are becoming increasingly common.
With more people looking for employment, some spammers have even resorted to using the rejection letter to dupe users. As the March 2009 State of Spam Report explained:
“In the particular spam message observed, the messages states that ‘Unfortunately we have to inform you that your qualifications and experience does not fit the position you applied for.’ The URL links in the spam message point back to a legitimate site of a particular company or recruitment firm. The spam message indicates that ‘We have attached a copy of your application you sent for us.’ If human curiosity prevails and the recipient opens the attachment, the user’s system becomes the subject of an attack from the Hacktool.Spammer malicious virus. Hack-tool.Spammer is a program that hackers use to attack mail boxes by flooding them with email.”
Messages that purport to be from the Internal Revenue Service are another common ploy of spammers to gain personal information, especially Tax Day in April. Lately, however, spammers have started varying that tactic by encouraging recipients to “Submit Your Economic Stimulus Payment Form.” One message claims that “Economic Stimulus Grants are now available” from the IRS. To claim this funding, the recipient is urged to follow a Web link included in the message. According to a “testimonial” on the spam link, “I found the grant I needed and filled out the forms and sent them in and in about two weeks I received a check in my hand for $100,000.”
It should be noted that the IRS states on its website that it “does not initiate communication with taxpayers through email.”

Other recent scams

The dark cloud of the global recession may be providing spammers with a silver lining, but that doesn’t mean they’re ignoring other tactics. Among the recent scams observed by Symantec researchers:
  • Swine Flu spam. The Swine Flu outbreak in Mexico and across the world has been making news headlines, with updates coming out from the Centers for Disease Control and Prevention and the World Health Organization. Symantec has been monitoring these messages closely and has found that the top spam subject lines related to this news coverage include certain keywords such as: “Jolie caught swine flu,” “Swine flu in NY,” “Madonna caught swine flu,” and “America against swine flu.”
  • Russian bride spam. Following closely on the heels of Valentine’s Day spam, a new wave of Russian bride spam has emerged. Previously, recipients were encouraged to communicate over email with a prospective bride. However, those who availed themselves of this offer couldn’t be confident they were speaking with a prospective bride. In recent Russian spam messages, live video streaming has been suggested as a way to overcome this issue. According to one spam email viewed by Symantec, “Adding Live Video Streaming to your Live Chat session is just like going on a date.”
  • Spring break spam. Always timely, spammers are reminding us that Spring is here with various vacation “offers.” The most popular vacation offers are for Mexico (Cancun in particular), Lake Tahoe, Arizona, South Carolina, and multiple timeshares, with subject lines such as “Looking for savings on a Mexico vacation? Book online” and “Visit Cancun With A 3 Night Free Stay - No Purchases Required.”
  • Phony offers to pay bloggers. Blogs are all the rage these days, so it was only a matter of time before spammers jumped on the bandwagon. One spam message observed by Symantec indicated that “Freelance Writers Were Needed” to post in blogs “in order to get paid 12 - 50 per hour.” However, logging in to the “exclusive, members-only area” of the website requires recipients to divulge personal contact information and credit card details. The site creates a false sense of security by featuring two logos that tout the supposed reliability of dealing with this site.
  • Lawsuit scams. With this kind of spam, it’s the spammers who are the “ambulance chasers.” Take the case of Avandia, a drug first approved by the Food and Drug Administration in 1999 to treat diabetes. In February 2009, a spam message relating to this drug was reported with the following subject line: “Have You Taken AVANDIA? Important Lawsuit Information.” It indicates that “If you or someone you know has taken Avandia you or that someone or their family may be entitled to monetary damages.”

High-performance protection against spam

Of course, spam isn’t just a distraction to employees; it’s also a resource drain to IT departments and a risk to information loss if an effective solution isn’t in place. Symantec has several offerings to protect organizations from spam, including Mail Security for Microsoft Exchange with Premium AntiSpam and Brightmail Gateway Small Business Edition. These leading antispam and email security products detect spam with more than 97% effectiveness and false positives of only one out of every million legitimate emails scanned. Mail Security for Microsoft Exchange is also part of the Symantec Protection Suite Small Business Edition.
In recent interviews with organizations that have deployed Symantec antispam technologies, research firm IDC has reported the following benefits (“Uncovering the Hidden Costs of Spam,” IDC, February 2009):
  • Cost avoidance by not having to add antispam servers and email servers, which increases energy consumption and administration staff. This was accomplished despite the significant growth in spam volumes during the past several years and the steady growth in email users and subscribers.
  • Cost reduction by reducing the time spent by IT staff dealing with spam, email delivery, and denial of service (DoS) attacks.
  • Improved anti-spam efficiency and greater customer satisfaction by reducing the amount of spam reaching user and subscriber mailboxes.

Conclusion

If the latest Symantec Internet Security Threat Report is any indication, spammers have never been more active. Over the past year, Symantec observed a 192% increase in spam detected across the Internet, from 119.6 billion messages in 2007 to 349.6 billion messages in 2008. In addition, bot networks were responsible for the distribution of approximately 90% of all spam email last year.
For small and midsize businesses in particular, spam should not be viewed as “merely” an irritation. Spam squanders IT resources and is a serious risk to information loss unless you take steps to stop it. As it continues to clog networks, servers, and inboxes with unwanted and often malicious content, spam needs to be high up the priority lists of IT managers.
Organizations looking for cost-effective ways to minimize the number of spam messages that reach email servers and user mailboxes should consider Symantec Mail Security for Microsoft Exchange with Premium AntiSpam or Symantec Brightmail Gateway Small Business Edition. These products provide high-performance mail protection against spam, virus threats, and security risks while enforcing internal policies for email communication.