How long before the US adopts its 51 st State: Spam, capital city, Phishville. A State which is over run by zombies, employing many address harvesters in local industry and administered by Mayor F Raud.
What is this tired analogy all about? Well, Symantec's monthly spam report – “The State of Spam” - revealed that a whopping 80% of emails for the month of April were identified as spam. Almost one fifth of these were phishing emails and legitimate business brands were dragged through to mud in the name of conning innocent people out of their cash. (Link)
One of the spam email subject lines reported in the above story as a means to prise personal information from people was “Do you want to be a movie extra?”
Maybe it's just me but I wonder if the ten bucks in the bank accounts of bored students and unemployed layabouts is really worth the trouble for the spammers.
Phishing made easy
Want to be a phisher? Well, you can! It's easy with our new Online Phishing Kit – and it's free!
Sound like the intro to a bad infomercial? Unfortunately it's true. PandaLabs discovered such kits online that enable anyone to create spoof bank pages and emails, online pay platforms, Gmail and Yahoo!Mail mail accounts, online games and blogs. (Link)
Luis Corrons tells us:
"The really amazing thing is, these kits are free. Due to the simplicity of the tools, the number of phishing attacks increases, causing companies and consumers large losses. According to a study conducted by Gartner, phishing attacks caused U.S. consumers losses for US$3.2 billion in 2007."
How long before these kits actually become phishing tools to phish the other wannabe-phishers?
Legit spamming?
Here is an interesting story – spammers are now going “legit”.
MessageLabs have identified that a new spamming technique is taking advantage of Yahoo! Authenticated Mail system which in turn ensures that the email is signed correctly using DomainKeys Identified Mail (DKIM). (Link)
DKIM (along with Domain Keys) is the email authentication system employed by Brandmail Solutions. So now spammers are using DKIM – albeit on a low profile, very specific platform – how could one differentiate their DKIM-signed mail from a legitimate one?
I know – how about a brand in the inbox that guarantees that the email is genuine and from whom it says it is?
Revolutionary!
Isn’t it ironic, doncha think?
I love a nice chunk of irony, especially when served prior to a slice of humble pie.
This week’s “funny story” (cue canned laughter) comes once again from Ireland where the Data Protection Commissioner (DPC) – an office responsible for protecting citizen’s privacy – was unable to protect its own annual report.
Top Irish blogger Damien Mulley used that nefarious hacking technique of, um, incrementing the DocID pointer by 1 in the site’s http address to access the DPC Annual Report for 2007 the night before it was due to be made “live” on the site.
On a radio interview the next day, the Data Protection Commissioner Billy Hawkes took the only approach he could, labelling Mulley’s blatant disregard for privacy a “wonderful illustration of how all organisations can be the victims of security breaches”. We believe it was cherry-flavoured humble pie. Yum.
