Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.

Spam levels – Country wise for January 2011

1. Oman – 88.8%
2. China – 84.6%
3. Hungary – 83.3%
4. Luxembourg – 82.8%
5. Kuwait – 81.9%
6. South Africa – 80.0%
7. US – 78.8%
8. UK – 78.7%
9. Canada – 78.3%
10. Australia – 77.3%

Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:

• UK – 1 in 188.6 emails
• Canada – 1 in 204.6 emails
• UAE – 1 in 247.3 emails
• Oman – 1 in 248.4 emails

Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.

Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.

Getting access to the computer of a well settled person is like getting access to his wallet. Since there is no complete solution for internet vandalism yet, awareness of the methods of exploitation is what can be helpful in present day situation. In our earlier article we have discussed on Website Spoofing. This article is about eMail spoofing – one of the common methods used by cyber criminals.

Understanding eMail Spoofing
A spoofed email is simply – an email sent impersonating a legitimate source. Generally, the sender will change the FROM address and other parts of the e-mail header like Return-Path, Reply-To, etc to make it appear that it originated from some other. This is generally done by adjusting settings of the email client like Mozilla Thunderbird, Outlook Express, Eudora, etc. There are a few websites too that offer sending of emails where the sender has option to enter any email address in the FROM or Reply-To fields.

Common Deceptive Tactics Used in eMail Spoofing
A standard email function like SMTP is used in email spoofing. The email programs allows them to modify email headers and thus forge the email originating identity. The most common deceptive tactic is that the spoofer sends out emails to thousands, even millions, of email accounts spoofed in name of a well-known company. The typical phishing email will contain a clever story designed to lure people into some action like clicking a link or button in the email or calling a phone number.

The link in the email might redirect you to a spoofed website which in turn will be used to capture data.

Possible Spammers intention behind a spoofed eMail
Though sending of spoofed emails is very simple compared to many of other deceptive online tactics, it has much higher potential to gain profits for the spoofer. Email spoofing is generally used for obtaining login details of financial information of a person. Once they have access to the account they can make withdrawals from the account or authorize payments for online purchases.

Identifying Spoofed eMails
Common methods to identify a spoofed email is as follows:

• Emails from banks or finance related sources that do not address you by the name you registered with them can be suspected as a spoofed email. Ebay, PayPal and banks will never send out general emails saying “Dear valued customer”, or “Dear member” etc…
• You can quickly tell if the link in the email is a spoof by hovering your mouse over the link in the email and comparing it with the link appearing in the status bar.
• View the “FULL message header” to know where the email came from
• Read your email carefully and look for any spelling or grammatical mistakes.
• Consider any website asking for your PIN (personal identification number) as a spoof.
• Some spoof sites will include pop-up message boxes. It is better if you do not entertain such emails.
• Most spoof emails will create a false sense of urgency like a message saying that your account will be locked out or deleted if you don’t act quickly.

Also read about website spoofing.

This matter has to be taken up seriously these days. The daily flood of junk email has an adverse effect on the corporations by clogging their networks and filling up mail server bandwidth. It can also act as a gateway for serious network related threats such as Trojans, viruses, worms, and phishing scams that penetrate corporate networks. The cost of spam not just involves the cost of providing the extra bandwidth but also encompasses all the IT Departments protecting their organizations from the various threats as just seen.

Spam is a driving force behind the increasing number of data breaches in the corporate world. The impact of international awareness and the enforcement of anti-spam laws in countries like USA have forced the spammers to shift their operations to countries where the law is less regulated. According to the IT security firm Sophos, the spam operators are working hand in glove with hackers and virus’ writers with 60 percent of all spam coming from computers infected with malware. According to Webroot Software’s State of Spyware report 2005 was considered as the biggest year yet for spyware.

Apart from just the security threats the firms face from spam, there are concerns that are even more serious the firms face. In today’s world where corporate ethics matter a lot, firms are increasingly accountable for the actions of their employees. Any offensive message from a disgruntled employee can tarnish the name of the organization. Since there can be no definitive solution, the only way to reduce the threats of the email related threats is to deploy ever more sophisticated server side filtering to filter out spam and malicious emails from reaching the network.

A survey of Bank of Scotland (BoS) has found that about 37% of UK small firms were badly hit due to unsolicited spam, viruses, and faxes. The study has found that though the cost of minor data losses and firewalls is less than 1000 Pounds a year for two-thirds of small firms a full-scale virus attack can be terminal on entrepreneurs on tight budgets. For over fifty firms polled, it was found that there was one firm approximately, for which the cost of the viruses exceeded 10,000 Pounds a year. A further 40 percent of the managers claimed that junk email significantly added to their costs, while one in ten lost an estimated 10,000 Pounds a year through lost productivity and purchasing email filtering systems. Though laws have come up which state that individuals are not allowed to send emails or any other means of communication without prior permission, these are valid only in the UK and did not provide any help in reducing the flood of spam in the USA.

According to Eddie Morrison of BoS computer viruses are clearly one of the scourges of our business age. He observes that it has become increasingly easy for small firms to be bombarded with multiple unsolicited emails and faxes for advertising and other purposes.

Small firms are even more vulnerable to spam with a junk of them still without a junk email policy. The research conducted by Clearswift has found that 34 percent of small companies do not have measures in place to combat spam, while a further 57 percent of firms with a policy of not communicating about it to the staff.

Related Links:
Claims software
Wan optimization

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.

There are many freebie accounts available in the market today, the primary of which are AOL/AIM, AOL My eAddress, Excite, Fast Mail, Google Mail, Goowy, Hotmail/MSN Inbox, Lycos, MyWay Mail, Rock.com, and Yahoo!

If a user plans to use a freebie account as his main account, it is recommended that he use Gmail. Google Mail is arguably the most productive well thought out free email offering available, with highly efficient spam filters, loads of disk space for messages, and has Google with third party plug-ins to increase productivity.

There are also expendable email address services that have more selective disabling features than regular free email accounts. Having your own domain might include 50 to 100 email addresses as part of your hosting package. You can use these addresses for newsletter or shopping sign ups and redirect each account to a main account.

Whatever you may go about doing, never publish your main email address anywhere online. You can use freebie accounts, which can be dropped when necessary. Use a CAPTCHA image based code to separate spambots from human visitors. Encode your email address like me*AT#hotmail#DOT*COM so that humans can easily read them.

Few of the ISPs add junk mail header status information to messages passing through their mail servers. If the email client is suitable, you can write a “filter rule” to ditch any message whose header includes “X-Spam-Status:Yes”. The disadvantage is that there could be false positives on spam needing you to check the spam folder on a weekly basis.

You can also write your own command line email filters in a scripting language like Perl or Python; both of which have superior regex pattern matching abilities. Write a program to grab your email (copies) off POP or IMAP email servers. Build a frequency table for the keywords by saving the IPAddress information for each message. If the data is saved for long term profiling keep the spam information in a separate database. If some words in the message raise flags, compare their frequency counts against other words. This step should be manual until you build up long-term profiles. If its spam, delete the original copy of your mail server. An Operating System like Linux gives you the facility to integrate custom filters into your email client.

But, “We advise everybody not to fall for such things because you will be very disappointed,” says Sorin Mustaca of Avira.

According to what he wrote in Avira’s blog

“And now, as usual, comes the funny part, as in any scam attempt we’ve seen.

• Despite the fact that it is mentioned in the picture the “Asia-Pacific agent” for the VISA processing, the contact email addresses are in … Europe. They belong to a free web mail system in the Czech Republic.
• The text is very hard to read because it is full of grammatical mistakes and sentences which don’t make too much sense.”

The image of this scam email is attached below.

Courtesy: Avira Blog.