August 2009 Report #32

Similar documents
July 2009 Report #31

The State of Spam A Monthly Report June Generated by Symantec Messaging and Web Security

November 2009 Report #35

The State of Spam A Monthly Report August Generated by Symantec Messaging and Web Security

June 2009 Report #30

October 2009 Report #34

May 2009 Report #29. The following trends are highlighted in the May 2009 report:

Security & Phishing

Phishing Activity Trends Report March, 2005

South Central Power Stop Scams

State of Spam Report A Monthly Report

FAQ. Usually appear to be sent from official address

Online Scams. Ready to get started? Click on the green button to continue.

NOT PROTECTIVELY MARKED PHISHING. July 2016

Machine-Powered Learning for People-Centered Security

Phishing Activity Trends Report October, 2004

Cyber Security Guide for NHSmail

How to recognize phishing s

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

Common Scams and Fraud. Charlottesville/Albemarle County TRIAD Group

Phishing Activity Trends Report January, 2005

Newcomer Finances Toolkit. Fraud. Worksheets

Protect Yourself From. Identify Theft

Cyber Security Guide. For Politicians and Political Parties

August 2009 Report #22

Your security on click Jobs

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Personal Cybersecurity

Cyber Hygiene Guide. Politicians and Political Parties

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Phishing Activity Trends

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

CE Advanced Network Security Phishing I

Phishing: When is the Enemy

Office 365 Buyers Guide: Best Practices for Securing Office 365

Webomania Solutions Pvt. Ltd. 2017

December 2009 Report #26

Risk Outlook Anti money Laundering and Cybercrime. Steve Wilmott and George Hawkins

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

TRUECALLER INSIGHTS SPECIAL REPORT: THE TOP 20 COUNTRIES AFFECTED BY SPAM CALLS

October 2009 Report #24

New Zealand National Cyber Security Centre Incident Summary

FRAUDULENT TRAVEL SCAMS

Who We Are! Natalie Timpone

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

Phishing Activity Trends Report August, 2006

Evolution of Spear Phishing. White Paper

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Phishing Activity Trends

Symantec Protection Suite Add-On for Hosted Security

IMPORTANT SECURITY INFORMATION PHISHING

Phishing Activity Trends Report August, 2005

Target Breach Overview

It pays to stop and think

What is Spam? Spam is unsolicited in the form of: Commercial advertising Phishing Virus-generated Spam Scams

Creating and Protecting Your Online Identity for Job Search. A guide for newcomers to British Columbia

The Dilemma: Junk, Spam, or Phishing? How to Classify Unwanted s and Respond Accordingly

Spam Evolution Report: October 2009

When you provide personal information to us it will only be used in the ways described in this privacy policy.

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Why you MUST protect your customer data

Online Security and Safety Protect Your Computer - and Yourself!

TIPS TO AVOID PHISHING SCAMS

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Create strong passwords

The 12 scams of Christmas

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

GRANDPARENT S GUIDE TO TECHNOLOGY VOLUME 2

But it Was Such a Little Phish February 2016 Webinar

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Frequently Asked Questions Mobile Banking App

Phishing Read Behind The Lines

Webroot Phishing Threat Trends

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Mavenir Spam and Fraud Control

Financial scams. What to look for and how to avoid them.

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

Spam Protection Guide

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

Protection FAQs

MailChimp Basics. A step by step guide to MailChimp Course developed by Virginia Ridley

Security Awareness. Chapter 2 Personal Security

Toolkit for March Fraud Prevention Month 2017 Senior Support. FRAUD Recognize It Reject It Report It.

Phishing Activity Trends Report November, 2004

Schemes, Scams, Plots: PowerPoint Discussion Notes

Phishing Activity Trends

ELECTRIC APP - PRIVACY POLICY

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

How to Stay Compliant with SMS Marketing

Providing Continuous Customer Service since 1976

Online Threats. This include human using them!

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

KASPERSKY SECURITY FOR MICROSOFT OFFICE s are sent every second. It only takes one to bring down your business.

INFORMATION ABOUT SCAMS FOR RESIDENTS

The Cyber War on Small Business

REPORT. Year In Review. proofpoint.com

Chapter 6 Network and Internet Security and Privacy

Protecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013

Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER

Transcription:

August 2009 Report #32 While overall spam volumes averaged 89 percent of all email messages in July 2009, spam volumes continue to fluctuate. During July 2009, image spam continued to have an impact reaching 17 percent of all spam during one point in July. Health spam decreased by 17 percent, while product and 419 spam both saw increases of eight and three percent respectively month over month. The following trends are highlighted in the August 2009 report: Spammer s Opinion Poll: President Obama and Michael Jackson Spammers Cast Their Spells to Produce Harry Potter Spam July 2009: Spam Subject Line Analysis Spying Can Be Dangerous Scammers Try to Sneak In Unvoiced Using Voice over IP Services Spam Percentage: The model used to calculate spam percentage now factors in network layer blocking in addition to SMTP layer filtering, and as a result represents a more accurate view into the actual spam percentage on the Internet. Dylan Morss Executive Editor Antispam Engineering Dermot Harnett Editor Antispam Engineering Cory Edwards PR Contact cory_edwards@symantec.com

Spammer s Opinion Poll: President Obama and Michael Jackson Much has been made about the importance of the 200 day mark of the Obama Administration on August 6, 2009. With all the talk about health care reform and health insurance in the United States right now, the majority of the spam messages that reference President Obama are promoting health spam. Yet, ironically, with all of the talk of health care, this category saw a 17 percent decline in spam during the past month. In the hours after his death on June 25, 2009, several Michael Jackson-related spam and malware campaigns emerged. While several variations of Michael Jackson spam and malware have been observed, it seems that as the general public s interest in the drama surrounding his death dissipates, spammers too are moving away from using his name in attacks. For a time it seemed that Michael Jackson-related spam was more popular than President Obama-related spam. Regardless of what opinion polls are showing about President Obama s popularity, it is clear that spammers, much like tabloid magazines, are still giving him their vote and have some confidence that his name will continue to help them to distribute some of their messages. Following are the top 5 spam messages we ve observed in July about President Obama and Michael Jackson.

Spammers Cast Their Spells to Produce Harry Potter Spam It seems that in connection with the release of the latest Harry Potter movie, spammers believe that there is benefit in using the movie and its leading actors to promote various spam products and services. The top Harry Potter-related subject lines included: Full ebook Harry Potter Harry Potter interactive ebook See Emma Watson exposed Emma Watson exposed again See Emma Watson's xxx! Emma Watson exposed again! Which Harry Potter Character Are You? Harry Potter Sneak Peek and Top 5 Movie Soundtrack Your Harry Potter Prize Recent spam messages indicate that Emma Watson, who plays the character of Hermione Granger, is the spammers favorite target. Other messages that have emerged included Harry Potter- related 419 and health spam. In the Harry Potter 419 message, the name Potter is misspelled as Porter. Below is an example of the scam email: Harry Potter- related health spam used phrases such as Harry Potter ebook. The email body is in the form of a legitimate newsletter in which the URLs try to entice users to open a link to an online pharmacy website.

July 2009: Spam Subject Line Analysis In this August 2009 State of Spam Report, Symantec is taking a closer look at the top subject lines that are appearing in spam messages. With spam levels so high, it is interesting, but not altogether surprising, that the top subject lines used by spammers are often subject lines used in legitimate messages by valid companies. There are multiple reasons why spammers might use such common subject lines such as Hey or Hi: 1. Spammers want to evade antispam filters to get the spam message into a user s inbox. As security companies and the Internet community pay more attention to the reputation of websites and email senders, spammers are not only hiding behind well-established and reputable brands, but they are also using a mixture of spam and legitimate tactics to try and evade antispam filtering to ensure the delivery of their message. Using subject lines often observed in legitimate messages is one tactic that spammers continue to use. 2. Spammers want the end user to open their message. By using subject lines that are often used in personal legitimate messages, a user is more likely to open the spam message.

July 2009: Spam Subject Line Analysis With image spam reaching a maximum of 17 percent of all spam during July 2009, it is also interesting to look at the top subject lines for these messages. Again, Symantec has observed that the top Image spam subject lines included common phrases that would often be observed in legitimate mail.

Spying Can Be Dangerous Have you ever dreamt of owning a device that could help you spy like a secret agent in a spy movie? With gadgets such as cameras, voice recorders or memory devices dropping to small sizes, it is possible, and spammers are trying to convince of it. Spammers are offering a solution for those who wish to eavesdrop on another s phone. The solution is not a bug to be attached to a phone, but software that once installed on the target phone sends back information of all the calls and messages originating from the original phone to the user phone. This offer entices users with the option of peeping into someone s phone to get desired information. Spammers claim that the surveillance functions of the target phone (after installation) can be used to obtain valuable information from subjects such as names and numbers of significant others, managers, key employees and business partners. Valuable information includes listening to outgoing calls, receiving copies of incoming and outgoing SMSs, and tracking precise locations of the phone device using GPS satellites. However, there are few steps to be able to start using the functions of the target mobile device. The user has to first install the so-called unique MMS phone interceptor loader on their phone and then execute. This is a potentially dangerous step towards installing malware. Earlier this month, Symantec published a blog on a mobile threat delivered with the help of SMSs. As mobile threats rise in 2009, users are advised against falling prey to the offer shown in the example below:

Scammers Try to Sneak In Unvoiced Using Voice over IP Services 419 spam, which in July accounted for nine percent of all spam, has been a nuisance to email users for years. Traditionally, 419 scammers have reached out to email users through textbased emails, word processing documents, PDF formats and increasingly they have their sites set on social networking sites. However, all these approaches to sending 419 spam have one thing in common fraudulent stories of a huge money inheritance, kinship and financial assistance that is communicated via typed messages. Spammers are constantly in search of techniques that will allow them to reach users inboxes by evading antispam filters. Recently, Symantec observed a new variant of 419 spam where spammers tried to exploit VoIP (Voice over Internet Protocol) services. The spammers created fake accounts on sites providing VoIP services and then, using these fake accounts, sent invitations to users using the invite friends functionality within these VoIP services. This spam message invite contained some of the elements typically seen in legitimate VoIP invitations, however spammers continued to insert the 419 rhetoric regarding a story of some unclaimed funds or inheritance within the email message invite.

Metrics Digest: Regions of Origin Defined: Region of origin represents the percentage of spam messages reported coming from certain regions and countries in the last 30 days.

Metrics Digest: URL TLD Distribution Metrics Digest: Average Spam Message Size Metrics Digest: Percent URL Spam

Metrics Digest: Global Spam Categories: Internet Email attacks specifically offering or advertising Internet or computer-related goods and services. Examples: web hosting, web design, spamware Health Email attacks offering or advertising health-related products and services. Examples: pharmaceuticals, medical treatments, herbal remedies Leisure Email attacks offering or advertising prizes, awards, or discounted leisure activities. Examples: vacation offers, online casinos Products Email attacks offering or advertising general goods and services. Examples: devices, investigation services, clothing, makeup Financial Email attacks that contain references or offers related to money, the stock market or other financial opportunities. Examples: investments, credit reports, real estate, loans Scams Email attacks recognized as fraudulent, intentionally misguiding, or known to result in fraudulent activity on the part of the sender. Fraud Email attacks that appear to be from a well-known company, but are not. Also known as brand spoofing or phishing, these messages are often used to trick users into revealing personal information such as E-mail address, financial information and passwords. Examples: account notification, credit card verification, billing updates 419 spam Email attacks is named after the section of the Nigerian penal code dealing with fraud, and refers to spam email that typically alerts an end user that they are entitled to a sum of money, by way of lottery, a retired government official, lottery, new job or a wealthy person that has that has passed away. This is also sometimes referred to as advance fee fraud. Political Email attacks Messages advertising a political candidate s campaign, offers to donate money to a political party or political cause, offers for products related to a political figure/campaign, etc. Examples: political Adult Email attacks containing or referring to products or services intended for persons above the age of 18, often offensive or inappropriate. Examples: porn, personal ads, relationship advice

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback