A recent headline from CBR read, “SPAM IN EMAIL TRAFFIC DECLINES DURING AUGUST”. Citing a report that stated roughly 68 percent of all email traffic in August consisted of unsolicited emails showed a decrease of 3.2 percent.
So the person who doesn’t read beyond the headline wrongly assumes, again, that spammers are losing and email is becoming safer. Unfortunately for those who deal with email security, this story is a repeat. Many times before we have seen claims that spam is on the decline, and every time you can be assured that someone making budgetary decisions based their security numbers on these claims.
Again, reading further on down the story it becomes clear that while unsolicited emails might be down in numbers malicious emails are actually on the rise. According to the same report from Kapersky the rate of phishing emails grew more than 10 times compared to the same time a year ago. Adding to this, the number of spam messages that contained malicious attachments rose 2.5 times. These harmful file attachments now make up 5.6 percent of all email sent on a daily basis.
But more importantly than the rise in other types of illegitimate email messages is what can be taken from the headline itself. It alone is rather misleading.
When organizations track malicious emails they are only accounting for the ones that have been stopped by a filtering solution, and they are only accounting for the ones captured by other organizations who have chosen to report this information.
To say that all anti-spam solutions are equal would be absurd. What one company reports as a decline in spam might just be a decline in its anti-spam filter’s ability to identify malicious messages. Take the keyword solution as an example.
For a long time, anti-spam filters stopped malicious emails based on the message contents containing a certain number of words that were associated with spam. The ever cunning spammers took notice and soon started substituting characters for letters in these keywords. For example, the word loan could become l0an or even lo@n without a human reader losing the context. Now, every email that used this method to bypass the anti-spam filters made it look as if spam was on the decline. After all, not as much spam was being detected as before.
The problem is, junk emails were getting through but anyone analyzing the stats could be under the impression that spam prevention efforts were paying off from the lower numbers.
Another serious flaw in this thinking is the fact that spam has forked into a number of different species. At one time any unsolicited email was thrown into the category of spam. Now, it gets broken down into advertising spam, phishing and spear-phishing. You also have sms spam, which are messages sent via text message to a victim’s cell phone. This type of spam is especially hard to stop because providers fear liability in the event a false positive message is blocked because it is thought to be spam.
Another variant of spam is sent via social media channels. This type of spam spreads through social networks and other social sharing tools and is often compounded by bad guys hijacking user accounts and sending the spam to their friends and followers this way. The result is that those who see it are under the impression that it is a legitimate posting and trust the message and link because it comes from their friend.
Social spam has become so successful that it has risen 355% in the first half of this year. But don’t expect this type of spam to replace email spam just yet. Most of the time the account credentials are stolen via keystroke logging software that is installed onto the victim’s computer. This software is one of the typical pieces of malware that comes via a malicious email attachment.