Spammers exploit festivals to grab attention

Of all spam messages in March were scam and phishing, which was two percentage points lower than in February. (AFP)

Spammers moved their focus from tragic earthquakes in Haiti and Chile to seasonal and calendar events such as Easter Holiday to deliver spam messages in March.

Symantec's state of spam and phishing report for April said that scam and phishing messages in March accounted for 17 per cent of all spam, which was two percentage points lower than in February. The Europe, Middle East and Africa (Emea) further solidified its status of "king" in the origin of spam as it sent 44.7 per cent of worldwide spam in March, which represents 1.5 percentage point increase.

In Emea, top 10 countries (the Netherlands, Germany, United Kingdom, Poland, France, Romania, Italy, Spain, Russia and Czech Republic) made up more than 62 per cent of the region's volume, the report said.

The report highlighted a sizeable increase in the size of spam messages that stood between 5kb and 10kb (up over 10 percentage points) during this period. This, it said, correlates to an increase in attachment spam. Overall, spam made up 89.3 per cent of all messages in March, compared with 89.9 per cent in February.

Symantec observed a three per cent decrease from the previous month in all phishing attacks. This was primarily due to a decrease in volume of attacks generated from automated toolkits.

Nine per cent of phishing URLs were generated using automated phishing toolkits, a decrease of 35 per cent from the previous month.

However, there was an increase in the volume of unique URL and IP attacks. Unique URLs increased by 1.5 per cent and IP attacks increased by nearly four per cent from the previous month. A nine per cent decrease was observed in non-English phishing sites from the previous month.

The decrease was due to a fall in the number of phishing attacks in French and Italian. There was a slight increase in the number of attacks in Chinese that was primarily in the e-commerce sector. More than 95 web hosting services were used, which ac-counted for 12 per cent of all phishing attacks.

Symantec saw a mass phishing attack on two major brands that provide retail electronic payment services for banks across the globe. Phishers initiated a massive attack that made up 4.4 per cent of all unique phishing websites. (Fraudsters developed the phishing websites in non-English languages as well, with French being the most utilised.)

The phishing websites were targeted toward customers by spam mails containing the subject "your XXX card 4XXX XXXX XXXX XXXX: possible fraudulent transaction ID".

Another unique trend observed was the phishing attacks on Indian job sites.

Despite the global economic slowdown, India saw a high number of new jobs in the country during the first quarter of 2010. With the job market looking positive, job sites seem to have benefited with more users accessing their websites.

According to the report, the increase in the number of candidates seeking jobs in India led to the launch of phishing attacks on Indian job sites. The phishing page in the above example is asking for potential employers' login credentials. The phishing website was created on servers located in the Netherlands. The credentials consist of a username and password as well as the employer's e-mail ID and password.

After stealing these credentials, fraudsters send targeted spam messages to the employers. The spam message states that the employer is required to pay an amount to upgrade or continue his access of particular recruitment solutions.

The link provided to make the payment leads to a phishing page that asks for confidential information such as credit card numbers, pin number, etc.

Attackers also masquerade as the employer to send spam containing fake job opportunities to job seeking candidates – an action that means the attackers are always seeking financial gain.

In last two reports, Symantec kept an eye on the sharp decline in spam containing .cn URLs as well as associated increase in spam messages with .ru domains.

China Internet Network Information Centre's action to tighten registration of .cn domains had a huge impact on spam messages containing .cn URLs. Unfortunately, spammers have found themselves a refuge in .ru domains as spam messages containing .ru domains increased dramatically. Spammers have either given up on finding a loophole for .cn domains or are currently happy with .ru domains.


Print Email