Symantec just released it’s monthly spam report. I always find these reports a valuable tool to see exactly what trends the cybercriminal and less than ethical e-commerce communities have been up to in the past month.
Although most of us view spam as a major nuisance, the fact remains that spam is the preferred vehicle of marketing garbage and ripping off human beings on the Internet.
This month continues a nasty trend where spammers and phishermen (identity and information thieves) continue to manipulate Google’s search engine:
For some time, spammers have used reputable brands to try and deliver spam and phishing messages to end-users. In the last year, Google has become a favorite target for some spammers. In November 2007, Symantec reported the emergence of a technique where spammers manipulated Googleâ€™s advanced search query and the â€œIâ€™m feeling luckyâ€ option to direct users to a spam site. In February 2008, Symantec reported that spammers had manipulated parameters in Google URLs used for AdSense and redirected unsuspecting end-users to a spam website. In April 2008 phishing emails purporting to come from the Google AdWords service have emerged. Google AdWords is a service that allows advertisers to intelligibly connect with individuals who search using Google. In the Google AdWords phishing samples that have emerged, the end-user is encouraged to click on a link to update their billing information and/or renew their account. The link in these phishing emails leads to a fraudulent website where personal information is requested and harvested.
Spear phishing, where specific people are targeted arrived in inboxes in the form of fake government subpoenas addressed to corporate executives. Also seen were come-ons to become a movie star, spam being sent in the form of instant messages and the 419 (Advance Fee) boys inserting calendar reminders in their spam to remind people send them their money.
While closely related to the long known use of job sites to gather information to commit identity theft, a new twist has been noted where professional networking sites are used for this purpose, also.
From the May report:
One of the side effects stemming from the growth of personal and professional networking sites is the increase in unsolicited emails that operate under the guise of connecting business professionals with their peers. The recipient is asked to join the â€œinner circleâ€ and is encouraged to supply the network with their professional history by clicking on a URL which brings the user to a registration page. The page requests personal information that could be used for identity theft and could fuel future spam attacks.
In these monthly reports, Symantec normally has one twist with a particularly ghoulish or amusing angle. This month is no exception and they are reporting an IRS spam campaign that leads to a site where you can raise a vampire from the dead:
This time, instead of the refund link taking you to a site to steal your credentials, the link takes you to a popular web-based game in which you incarnate a vampire. The vampire gains more power every time end-users click on his link. Itâ€™s a rough, dark world out thereâ€¦ be warned.
I found this especially ironic because scammers and spammers are often referred to as ghouls or vampires when being described in literary terms. So far as the connection to all of this with the IRS, I’ll leave that to the reader’s imagination.
The IRS having their name spammed is nothing new. As predicted, there is an IRS spam (phishing) campaign going on right now using the tax stimulus program as a come-on to steal personal and financial information, which will probably be used to commit financial crimes. I’m predicting this might be a topic of interest on the June Spam Report.
The full report on the State of Spam for the month of May may be seen courtesy of Symantec, here.