The holidays are prime time for spammers. That’s become even more so in recent times with so much shopping being conducted online and so many consumers constantly on the prowl around the Internet for bargains.
While many organizations frown on employees burning business time for personal shopping, if a message arrives in a worker’s inbox with a tantalizing subject line about a deal on a hot item, the temptation may be too great to resist.
The good news for administrators, however, is that fewer of those tempting messages from spammers may be winding up in their charges’ inboxes this year. That’s because spam volumes continue to decline and November — the month with the biggest shopping days of the year: Black Friday and Cyber Monday — was no exception.
During that month, spam as a percentage of all Internet traffic dropped 5.1 points, to 62.9 percent, compared to October, according to the monthly spam report released Dec. 19 by Kaspersky Lab.
One popular pitch by spammers during the holidays is for event management services for corporate New Year’s and Christmas parties, the report noted.
Hurricane Sandy and Domincan Republic flood scams continued to be popular in November, Kaspersky reported. Under the pretext of raising money to help rebuild the infrastructure in those disaster areas, Internet con artists used spam to steer victims to websites where their credit card numbers could be pinched.
Phishing email during the period declined, too, according to Kaspersky. Only half the amount of phishing mail sent in October was sent in November.
The number one phishing target in November was Facebook, Kaspersky reported. Such attacks increased by 13.2 points during the period, compared to October.
Ironically, phishing attacks on Web retailers declined in November, a month when not only would shopping traffic to those sites be high, but many of those sites would be pushing email offers to their customers — a perfect subterfuge for spammers.
Most phishing attacks during November were aimed at social networks (29.91 percent), Kaspersky noted, followed by assaults on epay organizations and banks (19.91 percent), online stores and auctions (13.53 percent) and search engines (13.25 percent).
Phishers appear to have really soured on search engines in November, dropping their attacks on ferreting sites by 5.4 points, compared to October.
Despite the decline in search engine phishing, some researchers believe it will continue to grow in 2013.
Originally, Internet bandits created web page with outrageous deals on them hoping they’d appear in the results of a search engine and lure bargain hunters to the site where they could pry personal information from a target through social engineering.
In recent times, though, the attacks have been refined. Those refined attacks will increase in 2013, according to a report [PDF] recently released by Georgia Tech.
Now cyber criminals create networks of pages that boost the search engine ranking of a malicious page. Once the target lands on the page, malware is pushed to the victim’s computer clandestinely.
Search engine managers have developed ways of identifying that trick so cyber crooks have turned to infecting legitimate websites with links that perform the same task that their gangs of malicious networks used to do.
The next step in the evolution of search engine phishing will be to poison a user’s search history, Georgia Tech reported. Since a user’s search history is often stored in an online profile, it travels with a user, regardless of what device they’re using.
“If you compromise a computer, the victim can always switch to a clean machine and your attack is over,” Wenke Lee, a professor at Georgia Tech’s College of Computing, noted in the report.
“If you compromise a user’s search history and hence his online profile,” he continued, “the victim gets the malicious search results no matter where he logs in from.”