The problem is bad enough for people at home, with spam messages dropping regularly into personal email inboxes. At work, however, spam presents a much bigger problem, clogging up corporate servers and accounts and distracting employees from their work.
To address the issue, the vast majority of companies have implemented anti-spam technology, and many manage it internally. But spam is not constant – the goalposts are continually changing as spammers develop new and more innovative tricks to get past the filters. Organisations have to battle to stay one step ahead. Furthermore, the best technology in the world can only be as good as its users, and many businesses also have to battle to ensure end-users follow basic guidelines to minimise junk mail.
When spam first became a real problem it could, at that time, be categorised in one of two ways – it was generally either trying to sell you something, or con you out of something. Annoying though the notorious Nigerian 419 scams or the promises of low-priced medicines were, they essentially targeted human gullibility, rather than being serious security threats. More concerning, if less frequent, were the denial of service attacks large enterprises were subjected to, in which spammers tried to flood the company’s mail servers with junk, thereby making them crash.
But over the past year or so, it has become clear that the threat of spam is evolving to become much more of a problem. As people have learned how to avoid the initial scams and stopped falling for the ‘too good to be true’ offers, the spammers have evolved their techniques to incorporate areas such as social engineering to help them reach their ultimate target – the naive end-user.
To make things even worse, we have seen more and more spam that conceals even greater threats such as viruses, spyware and phishing. These blended attacks are taking the basic con tricks of previous years to the next level – and organisations must keep up.
An even clearer demonstration of how the threats are changing has been the recent attacks on mobile phones and similar devices. Spam and other email-borne threats are no longer confined to the PC. Messaging on mobile phones for example has replicated the development of email: from initially handling only plain text messages, they can now handle attachments, multi-media and even active content such as embedded scripts or Java code. For the spammers, this is a whole new temptation. It is an area where users don’t expect to be at risk from attacks, and many have a false sense of security and are happy to open any messages even if they don’t know the sender. It’s no wonder that spammers are beginning to target this type of technology.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.