Skip to main content

The King of Spam Gets Personal

A few months ago, the King of Spam took a hit in the cojones, and in an effort to strike back, the beloved Inbox molester is attacking end-users on a personal level.

Within the last few weeks, consumers have discovered that Spam King minions have kicked in full gear, tossing out junk emails like heat-seeking missiles and steadily getting better with aim. Lately consumers have noticed that many of these electronic nuisances seem more personalized, flowing into email clients bearing their actual email addresses or bearing some type of familiar, personal information. Their tailor-made messages - a method called spear-phishing - are coming in at an alarming rate, attacking personal and business accounts alike, and shows no sign of easing up.

"Spear-phishing measures currently represent about one percent of all phishing campaigns, but are expected to become more prevalent," reports Cisco Systems in its 2008 Annual Security Report. "This trend bears close monitoring, because the attacks are becoming more sophisticated: Criminals are investing the time and resources in personalizing spam and making the messages seem credible. Why? Because jackpots are higher when they succeed in obtaining sensitive personal data from specially targeted, attractive victims."

According to the company, the typical spear-phishing attack consists of four steps:

(1) Obtain a specialized distribution of valid email addresses, either by launching malware, hacking into networks or actual purchasing the lists;
(2) Register a domain and build a fake-but legitimate looking website that will receive the email-directed recipients;
(3) Send phishing emails to the distribution list;
(4) Receive the collected data, such as login or other account details, and steal funds and/or data once they access the website.

While most consumers use some type of spam protection (usually embedded in security suites or antivirus software), most of these messages slip under the radar undetected, thus escaping the fiery pits of Spam Folder hell. Cisco also reports that currently 90 percent of all emails sent worldwide - roughly 200 billion messages per day - are defined as spam. This number has nearly doubled since 2007, representing 200 spam emails per day for every Internet user on the planet. In real-world numbers, that's quite a lot of money Uncle Sam will never see since these messages don't require stamps.

Consumers should keep aware that not all spam remains within the Internet realm; some find their way onto cell phones via SMS. Cisco highlights several spear-phishing campaigns, including SMS messages sent from the same area code, emails from the consumers current or prior university (whether as a student, faculty or alumni), Google Adwords account messages wanting login credentials, and messages targeting specific top executives called "whaling," usually reporting that there's a problem with their personal bank account, or that their business is currently under FBI investigation.

"The spam that does ultimately make it into recipients inboxes is becoming ever more dangerous and attractive, and thus likely to be opened," says the company in the report. "Newer spam campaigns typically include "blended threat" spam messages, which incorporate URLs to entice recipients to click through to malware-distributing or phishing websites."

Of course, religious fanatics will probably shout scripture from Revelations; many believe that Satan controls the Internet, and the enticing spam flooding inboxes is just another means of temptation. And while skeptics may reject the idea of an evil entity attacking faithful souls though Internet messaging, consumers should consider the future, consider what lies ahead in 2009 in regards to security and financial stability. Consumers should stay alert and question each incoming message.

Granted the Spam King is probably the Anti-Christ in disguise, the only way to defeat the evil beast is for Uncle Sam to step in, and charge consumers for every email sent - an electronic stamp. Then again, Sam sounds like Spam, so its quite possible that the government is behind it all, looking for a way to repay the now-dried-up Social Security fund.