Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:19 PM
Connect Directly

Reports: Spammers Cooking Up More Financial Fraud

Financial spam scams tripled so far this year over last, spammers to target 'tiny URLs'

It didn't take long for spammers to jump on the financial crisis bus: A little more than one week into the New Year, financial spam has tripled over the same time last year, according to new spam data released today.

And in the wake of the recent Twitter phishing hack, look for the bad guys this year to start exploiting those convenient and cute "tiny URLs" (tinyurl.com).

These are among the big trends in spamming highlighted by Symantec, MXLogic, and MessageLabs (now part of Symantec) in their latest spam trend reports and forecasts. McAfee, which will release its spam report next week, also points to financially related spam, such as do-it-yourself home businesses aimed at the unemployed, and expects targeted phishing and corporate blackmail to jump this year as well.

MessageLabs says financial scam spams so far have tripled this month over the same period last January. This type of spam -- such as "Congratulations New Year winner! You have won the UK National Lottery" -- currently makes up around 10 percent of all email, according to MessageLabs, versus 3.1 percent during the same period in 2008, and 4.2 percent in December 2008.

"The new year means new opportunities for spammers," says Paul Wood, senior analyst with MessageLabs. "As the economic climate continues to be frosty and the inability to secure credit through official channels remains, spammers are tempted by the possibility that consumers facing uncertain futures may be more tempted by some of these hard-to-resist offers."

The overall percentage of spam was down slightly in December '08, according to MXLogic -- to 85.1 percent of all global email in December versus 86.3 percent in November.

Symantec reports that aside from financial spam, the other major types were spam relating to the Internet (24 percent), leisure-related spam (18 percent), product spam (18 percent), and health-related spam (11 percent).

And according to Symantec, the U.S. is the No. 1 region sending spam, with 27 percent, followed by China and Brazil, each with 7 percent, and South Korea and Russia, each with 4 percent. MXLogic also found the U.S. as the No. 1 spammer, followed by Brazil, the Russian Federation, Poland, and Ukraine.

According to MessageLabs, the takedown of rogue hosting provider McColo in November resulted in a 65 percent decrease in global spam, and spam volume has yet to fully recover to its previous levels. Its parent company, Symantec, meanwhile, says spam is at about 80 percent of its volume prior to McColo's shutdown, while McAfee says spam levels are 40 percent less than they were prior to McColo's demise.

MXLogic speculates that botnet herders trying to boost their bot populations in the wake of the McColo takedown were behind the worms seen last month in spammed fake e-cards and promotional messages using brands like Coca-Cola and McDonald's.

Another big trend is spammers trying to piggyback on legitimate email newsletters, according to Symantec. This is where spammers insert spam images into templates of legit newsletters and ads. That ensures the spam gets past filters, for instance.

"Just like news on the economy, the new year brings little good news when referring to the spam landscape. In addition to spam levels creeping back up, spammers continue to hide behind the reputation of legitimate senders and social networking sites," says Dermot Harnett, principal analyst for antispam engineering at Symantec.

Says Jeff Green, senior vice president, McAfee Avert Labs: "With more people out of work or self-employed going into 2009, beware of communication offering low-cost degrees and do-it-yourself kits, as well as any requests for financial information from what looks like your bank, school, or investment firm."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.