By Joaquim P. Menezes -
I’ve been following Symantec’s monthly ‘State of Spam’ reports since they were first published, in January. They don’t make for a very scintillating read, but in their own pedestrian way chronicle key developments in the spam landscape.
Over the months if there’s one thing these reports have made abundantly clear it’s that spammers are on the ball – they’re getting increasingly sophisticated, better organized, and more innovative.
They’re also alert to measures being taken to counter them, and keep varying their approaches so as to stay one step ahead of security companies. An example of this change of approach is the sudden, seeming abandonment of “image spam” as a leading strategy.
Image spam constituted 52 per cent of all spam in January, according to Symantec. A McAfee post put the number even higher – as steep as 60 per cent in the first quarter of this year. Now suddenly that number has plummeted to just 8 per cent in mid July, according to the latest Symantec spam report.
But as overall spam levels have remained constant, this seeming decline simply means image spammers are adopting new – and more effective – techniques. For instance, they are starting to include a link to a hosted image rather than directly embedding it in an e-mail.
Here are other trends the latest Symantec report highlights:
- PDF image spam which started making an appearance in June continued to increase and in July, accounting for between 2% and 8% of all spam.
- Excel and Zip files are increasingly being used as spam receptacles
- Greeting card spam remains a spammer favorite. Major spam categories are: Products and services (28 per cent); Financial – 18 per cent; Internet – 17 per cent, and Health – 13 per cent.
While online crooks are getting adept in tricking spam filters, merely showing up in your Inbox - would get them nowhere. The reason they’re still in business is because there are suckers who fall for the scams they perpetrate. Remember the Nigerian hoax. An email purporting to be from a former dignitary of the Nigerian government tells you of piles of cash the official has stashed away – and needs a foreign bank to be transferred to. If the user could be so kind as to provide they’re bank account number they’ll be entitled to millions.
This spam type has been around for years, and security experts have tracked umpteen variants of this scam featuring authors from deposed African leaders and Afghan refugees to U.S. Special Forces commandos, from a son of former Congo dictator Mobutu Sese-Seko, to the daughter of a deceased Angolan rebel leader, who seeks to prevent the government from seizing the $8.5 million her father left behind. That there are folk out there who actually fall for these rackets never ceases to befuddle me.