The Haiti earthquake had an unintended consequence of driving up phishing and scam attacks across the Internet in the first month of this year. In the days after the Haiti quake, scammers asked users to donate money to a charity however any donation disappeared into an offshore bank account. Building on this, spammers began to send phishing messages, pretending to be from legitimate organisations like UNICEF. Hackers also took advantage of the tragedy to deliver malware. In one example, users download a Trojan when they click on the link to view a supposed video of the earthquake damage. The findings were in the monthly State of Spam and Phishing report from Symantec. (photo by alex_lee2001)
The report found both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to a month earlier. The total of scam and phishing messages came in at 21 percent of all spam, which is the highest level recorded since the inception of the report. As well as Haitian scams, the report found the well-known Nigerian 419 scam (named for the section of the Nigerian penal code which addresses fraud schemes) was on the rise again as was online pharmacy spam.
Symantec say spammers have changed their tactics regarding online pharmacy spam. They have now taken to using subject lines such as “Must-Know Rules of Better Shopping” and “You Must Know About This Promotion” which are vaguer than “RE: SALE 70% OFF on Pfizer.” Other misleading subject lines such as “Confirmation Mail” and “Special Ticket Receipt” were also used for online pharmacy spam messages.
They also say phishing attacks are getting more and more targeted in nature and are focused on attacking major brands rather than being mass attacks. Symantec observed a 25 percent decrease from the previous month in all phishing attacks. The decline was primarily due to a decrease in the volume of phishing toolkit attacks which have halved from the previous month. A 16 percent decrease was observed in non-English phishing sites as well. More than 95 Web hosting services were used, which accounted for 13 percent of all phishing attacks, a decrease of 12 percent in total Web host URLs when compared to the previous month.
The US remains the most likely point of origin of spam. Approximately one in four of all spam is American-based with Brazil next most likely far behind in second place with just 6 percent. India, Germany and Netherlands are responsible for 5 percent each. The US is even more dominant in the categories of geo-location of phishing lures and hosts with 52 percent of the former category and 49 percent of the latter. Germany is second far behind with 6 percent in both categories.
Symantec notes that China has clamped down on spamming by suspending new overseas .cn domain registrations. The China Internet Network Information Center stated this suspension will allow them to implement a better procedure to verify registrant information from overseas registrations. This was a follow-up action to a related move in mid-December that required additional paperwork with registrations. As a result, spam messages with .cn domain URL dropped by more than half in January, compared to December with a steep drop towards end of January.
The report also found a new trend in adult oriented phishing. The phishing site tempts the unwary by promising free pornography after logging in or signing up. These scams affect users who enter their credentials in the hopes of obtaining pornography. Upon entering login credentials, the site redirects to a pornographic website before leading to a fake antivirus site containing malicious code. An incredible 92 percent of adult phishing scams were on social networking sites. The phishing sites were created using free webhosting services.
The report offers advice so familiar it beggars belief so many people are still falling victims. It talks about unsubscribing from lists, keeping your mail address secret, deleting all spam, avoid clicking on suspicious links and email attachments or replying to spam, don’t fill in forms online that ask for personal information and finally don’t forward virus warnings which are usually hoaxes. Spamming is a multi-billion dollar industry that relies on the truth of the hoary phrase that “there’s a sucker born every minute”.