Spam/Phishing — What's Happening Lately? (2009)
As if you didn't know, spam, phishing and hacks continue to plague internet users.
Our small-scale spam study shows spam has been declining over the last few years, and anecdotally it seems to be less of a problem for users. But the major spam-filtering vendors report spam is increasing, despite the arrest of various spam-barons and the closure of the rogue networks that generate the stuff. One explanation for this is that the spam filtering vendors, by definition, are studying the spam-infested emails their customers have asked them to filter. You wouldn't pay for a spam-filtering service unless you had a major problem with it. Spam for ordinary users seems to have been reduced to a light buzzing.
Correspondingly the number of phishing emails we logged dropped also, from almost 2 per day in 2007, 0.75 per day in 2008 to 0.5 per day in 2009. Phishing is an attempt, usually via email, to trick you into revealing some personal information, like banking passwords. The dichotomy in the current situation is that, if users receive fewer phish emails, they might become less wary over time and fall victim more readily, so it is worth renewing your acquaintance with this phenomenon.
Strangely enough, some very old viruses, like Netsky (which is almost 6 years old), have reappeared via email. These have been dressed up as password-reset tools for things Facebook and MySpace, with convincing-looking emails, complete with logos and matching fonts. Why anybody thinks Netsky will get past modern antivirus systems is a mystery, but email-borne viruses have been rare for a few years, and users may be similarly blasé about them.
Another scam that is suddenly popular is emails asking you to upgrade your Acrobat software. These usually lead to a site where you can pay for the free Adobe Acrobat Reader, or buy some third-party Acrobat clone. These scams seem not to contain malicious payloads, but are simply seeking to trick you out of some of your dosh. And of course there’s no telling what might happen to your credit card number later.
There has also been a surge in the “fake-antivirus” scam. This is where you are merrily surfing the web and get a message that shows all the errors on your system and offering a download to help fix it. But this is a scam also. The “scan” that it displays is just a generic animated graphic, and it has no ability to check inside your system. And the software they offer is a scam also, which will find all sorts of errors and ask for your credit card in order to fix them. There are also many programs which claim to fix driver errors, or registry problems, or make your system run faster.
The usual response to these waves of people trying to rob you is to ignore unsolicited emails, ignore warnings you receive on the internet and never give out your credit card number unless you are certain it is a trusted vendor, say, like Amazon. Ask us if you're not sure.
The threat landscape has changed in recent years. Rather than bored hackers in the proverbial “parents' basement”, the Internet is now awash with real criminals, who want your money. Mostly these crooks operate in countries with poor, nonexistent or unenforced cybercrime-type laws. One thing you can do if you feel you’ve fallen victim to some sort of Internet scam is to have your credit card cancelled and change your passwords. It’s a hassle, obviously, but it's much better than finding fraudulent charges on your statement for years to come.