Last month, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read “Urgent — employment issue,” and the sender listed on the message was at dekalb.org, which is the domain the medical centre uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.
And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.
Score another one for spammers.
Called targeted spam or spear phishing, this type of spam that’s currently on the rise is particularly vexing because the spammer is able to “spoof” the sending e-mail address to make it look like it’s coming from within the organization of the recipient, making it difficult for spam filters to catch.
“We blocked a ton of spam at our e-mail gateway because the [sender] addresses are not valid, but these were,” says Sharon Finney, information security administrator at Dekalb Medical Center that has 3,500 employees.
Finney got on the phone with Proofpoint, the company’s messaging security vendor, which used its automatic update service to add a rule to its customers’ antispam filters that blocked e-mails containing the same link in attempts to protect others from the scam. Although these e-mails are highly targeted to their recipients and are sent in trickles instead of blasts, they’re becoming more and common.
Officials with Proofpoint, Dekalb Medical Center’s messaging security vendor, agree that targeted spam is on the rise.
“We’re seeing this more and more, typically either in large organizations or with very well-known brands,” says Rami Habal, director of product marketing with Proofpoint. Once the company has been alerted to the scam, blocking it is easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases; gone are the days of simply filtering for the word “Viagra”.
Proofpoint’s technology catches so much spam that Finney isn’t fazed by these few that slipped by. However, she is concerned that the nature of spam is changing, making it more dangerous and harder to catch.
“Spam is something that is such a cheap method of intrusion, I think in the long term…spam…is going to get stealthier and more targeted, and the payload is going to be more about gathering information” than selling products, she says. “The more targeted spam becomes and the more specific to each industry, the harder it’s going to be for [antispam] companies to detect it.”