You’re going to be assaulted by just as much spam in 2005 as you were last year – and as much as three times more of it will be in the form of phishing emails.
Email filtering company Postini analysed the 95bn emails it processed last year and, in its Annual Threat Report, published today, warns that phishing is only going to get worse. Worryingly, insecure home PCs may be helping spammers target us more effectively.
Although many of us are already on the alert for scam emails, it seems we’re not doing all we can to prevent these malicious messages from arriving in our inboxes in the first place. Yet logic dictates that if you don’t receive the spam messages, you can’t be fooled into following their links and be diddled out of your savings.
What’s more, ‘blended’ threats that combine spam messages with Trojan applicationss that sneak in and secretly install themselves are becoming more prevalent. Antivirus and anti-spyware programs can be used to detect these, but the concern is that huge numbers of our home PCs are already infected. Postini claims more than a million PCs in the US are being used – without their owners’ knowledge – as zombie machines.
Once installed the Trojans can be remotely controlled – along with other zombie PCs that have been similarly compromised – and their combined power used to target office email servers and retrieve staff and business partners’ email addresses.
Usually, spammers have to send out hundreds of emails and blithely hope some of them are active accounts. DHA (directory harvesting attacks), however, provide spammers with email addresses they can be sure exist while bounce backs generated by mail servers not only clog up the bandwidth needed to deliver legitimate traffic but also help spammers refine their target lists for future attacks on other companies’ networks.
Postini spokesman Scott Petry believes DHAs were the least visible and most underreported threat of 2004.
Small businesses, in particular, receive vast amounts of spam, probably because spammers assume their security provision will be less robust and because small companies have to do more in the way of self-promotion to compete with larger rivals and are more likely to list staff contact details on websites and elsewhere.