Spam Volumes Continue to Decline in November

The holidays are prime time for spammers. That’s become even more so in recent times with so much shopping being conducted online and so many consumers constantly on the prowl around the Internet for bargains.

While many organizations frown on employees burning business time for personal shopping, if a message arrives in a worker’s inbox with a tantalizing subject line about a deal on a hot item, the temptation may be too great to resist.

The good news for administrators, however, is that fewer of those tempting messages from spammers may be winding up in their charges’ inboxes this year. That’s because spam volumes continue to decline and November — the month with the biggest shopping days of the year: Black Friday and Cyber Monday — was no exception.

During that month, spam as a percentage of all Internet traffic dropped 5.1 points, to 62.9 percent, compared to October, according to the monthly spam report released Dec. 19 by Kaspersky Lab.

One popular pitch by spammers during the holidays is for event management services for corporate New Year’s and Christmas parties, the report noted.

Hurricane Sandy and Domincan Republic flood scams continued to be popular in November, Kaspersky reported. Under the pretext of raising money to help rebuild the infrastructure in those disaster areas, Internet con artists used spam to steer victims to websites where their credit card numbers could be pinched.

Phishing email during the period declined, too, according to Kaspersky. Only half the amount of phishing mail sent in October was sent in November.

The number one phishing target in November was Facebook, Kaspersky reported. Such attacks increased by 13.2 points during the period, compared to October.

Ironically, phishing attacks on Web retailers declined in November, a month when not only would shopping traffic to those sites be high, but many of those sites would be pushing email offers to their customers — a perfect subterfuge for spammers.

Most phishing attacks during November were aimed at social networks (29.91 percent), Kaspersky noted, followed by assaults on epay organizations and banks (19.91 percent), online stores and auctions (13.53 percent) and search engines (13.25 percent).

Phishers appear to have really soured on search engines in November, dropping their attacks on ferreting sites by 5.4 points, compared to October.

Despite the decline in search engine phishing, some researchers believe it will continue to grow in 2013.

Originally, Internet bandits created web page with outrageous deals on them hoping they’d appear in the results of a search engine and lure bargain hunters to the site where they could pry personal information from a target through social engineering.

In recent times, though, the attacks have been refined. Those refined attacks will increase in 2013, according to a report [PDF] recently released by Georgia Tech.

Now cyber criminals create networks of pages that boost the search engine ranking of a malicious page. Once the target lands on the page, malware is pushed to the victim’s computer clandestinely.

Search engine managers have developed ways of identifying that trick so cyber crooks have turned to infecting legitimate websites with links that perform the same task that their gangs of malicious networks used to do.

The next step in the evolution of search engine phishing will be to poison a user’s search history, Georgia Tech reported. Since a user’s search history is often stored in an online profile, it travels with a user, regardless of what device they’re using.

“If you compromise a computer, the victim can always switch to a clean machine and your attack is over,”  Wenke Lee, a professor at Georgia Tech’s College of Computing, noted in the report.

“If you compromise a user’s search history and hence his online profile,” he continued, “the victim gets the malicious search results no matter where he logs in from.”

Written by John P Mello Jr

John Mello is a freelance writer who has written about business and technical subjects for more than 25 years. He is frequent contributor to the ECT News Network and his work has appeared in a number of periodicals, including Byte magazine, PC World, Computerworld, CIO magazine and the Boston Globe

2 Comments

  1. Landon Bright · January 16, 2013

    I don’t really believe that there’s a decline in spamming levels. A lot of so-called experts are claiming that, but seriously many still receive tons of them on a daily basis. However, I would also like to think that more e-mail users are becoming cleverer when it comes to dealing with them. Of course, they don’t filter all those spam messages, but once they receive one, they immediately hit Report Spam to avoid receiving them ever again. We also have websites like this that provide timely information and educate users how to e-mail more effectively.

  2. David Black · January 16, 2013

    If the data is true, this probably means the economy is so bad that even spammers have given up. :) Seriously, I don’t think that spam, if declining at all, is doing it that rapidly – c’mon 5 percentage points for a month is too good to be true! If we continue at this rate, very soon spam will be found only in museums – I’m not buying it.

Leave A Reply