Spamming and Phishing Get Targeted
Spamming and phishing are becoming much more sophisticated. Spam emails use highly topical subject lines, often related to current news events. The content in the message looks and sounds much more legitimate and professional than it used to. Spam often closely mimics legitimate senders' messages—not just in style but by "spoofing" the sender information, making it look like it comes from a reputable sender.
The increasing personalization and sophistication of spam messages benefits the spammer in two ways:
- If it looks more like legitimate traffic, modern spam is more likely to slip past antispam software.
- Because of the targeted content, more people will actually open the message. More messages getting through filters and more messages opened means increased profits for the spammer.
The majority of spam is still classified as mass mailing spam, for example, billions of copies of messages for illegal pharmaceutical sites or the venerable get-rich-quick scams. The original mass mailers would send large volumes of the same message from a few source locations on the Internet. But these types of campaigns are relatively easy for spam filters to block through keyword analysis and blacklists of the mailing sources. Modern mass mailing spam still involves billions (yes, billions) of messages per attack, but they typically come from millions of different sources—coordinated by botnets—to obscure their origin. A modern mass mailer can also include tens of thousands of variations in the content, to defy keyword or signature filters.
In addition to the increasingly sophisticated camouflage techniques of the high-volume spammers, more and more spam campaigns are aimed at specific groups, such as sports fans, or at people in certain geographic regions. These campaigns are even harder to detect due to the low volume associated with a targeted attack. Figure 8-2 shows the increasing trend of targeted attacks over time.
Figure 8-2 Targeted Attacks as a Percentage of Overall Spam
For phishing spam that's aimed at obtaining personal or financial information, targeted phishing—also known as spear-phishing—has become the norm. Figure 8-3 shows how spear-phishing has become more frequent, and more lucrative, than traditional spam campaigns.
Figure 8-3 Spear-Phishing Attacks Versus Traditional Spam
Some recent spear-phishing campaigns involved personalized messages sent to customers of specific banks or frequent flyer programs to prompt them to log in or input their account information on a phishing website. Other campaigns are based on personalized emails sent to company executives, claiming they were subpoenaed or needed to give information to tax authorities. Figure 8-4 shows a sample targeted phishing email.
Figure 8-4 Example of a Targeted Phishing Email
Criminals aren't solely depending on email and websites to practice their craft. Text messaging to mobile phones, combined with fake call-center setups, are another way they gather information. For instance, they send an SMS (Short Message Service, or text message) that claims to be from a regional bank to mobile phone numbers in a certain area code. The SMS asks recipients to call a number to confirm their account information, but of course, the number isn't actually that of the bank. It's staffed by criminals.