The Fight Against Spam

Article Tools

• October 2006 Issue
• Post a Comment
• Print This Article
• Email This Article to a Friend
• Save This Article
• Order a Reprint

From the Oct. 2006 Issue

In January 2004, a senior executive from a well-known technology company boldly proclaimed that “spam will soon be a thing of the past.” Wow! Wouldn’t that be nice? While significant strides have been made in the fight against spam, it is now three-quarters of the way through 2006 and Brittany Spears, herbal remedies, can’t-miss-stock tips, discount mortgage offers, and the like are still showing up in way too many mailboxes. (My personal favorite is the message that offered the lucky recipient cash for selling their organs!) Just as annoying and far more sinister are phishing and malware scams that threaten even the most savvy computer users with identity theft and financial loss. As if the assault on e-mail boxes isn’t sufficient, SPIM (spam over instant messaging) and SPIT (spam over Internet telephony) offer new challenges and threats to data security. Spam, SPIM, SPIT … what could possibly be next?
Unfortunately, spam-free utopia has not yet arrived. Great awareness, caution and the proper use of technology are more essential than ever to protect vital information and electronic assets.

THE PROBLEM
According to a recent article posted on Information Week’s website by Christopher Heun, the current state of spam in 2006 is a good news/bad news situation. Consider the following:

• Spam accounted for about 80 percent of all the e-mail traffic on the Internet during the first quarter of 2006. (I understand it will never reach 100 percent, though [wink]!)
• Microsoft and AOL block nearly 5 billion pieces of spam every day.
• Nearly 90 percent of messages at Microsoft’s MSN Hotmail are spam; 95 percent of these messages never reach their target.

These statistics prompted the question, “If billions of spam messages travel throughout the Internet every day, but consumers see just a few of them in their inboxes, do they really exist?”
The good news, due to improved filtering from ISPs, corporate environments and personal computers, is that the amount of spam reaching individuals has been greatly reduced. The bad news is that the amount of spam and mediums through which it is sent continue to increase.

PHISHING
Compounding the bad news, the frequency and sophistication of “phishing” is on the rise, as well. According to the “Anti-Phishing: Best Practices for Institutions and Consumers” McAfee Research Technical Report #04-004, security experts at McAfee define phishing as “a form of Internet scam in which the attackers try to trick consumers into divulging sensitive personal information. The techniques usually involve fraudulent e-mails and websites that impersonate both legitimate e-mail and websites.” Another tact is to dupe users into clicking on links or visiting websites that will plant malware such as key loggers or Trojan software on machines for use in future scams. These types of scams, which have also infiltrated instant messaging, are no longer limited to sophisticated hackers or organized crime rings. You, too, can follow the readily available instructions on the Internet and design your own phishing scam!
In large part to phishing, identity theft is the fastest growing crime in the United States. According to the NYPD Cyber Squad, the average identity theft case costs the victim $808 and 175 hours to clean up (“Phishing: 21st-Century Organized Crime,” CipherTrust, Inc.).

NEWER FORMS OF Spam — SPIM & SPIT
No longer confined to e-mail, spam has also infiltrated instant messaging platforms. Users of public IM systems (e.g., MSN, AOL, Yahoo!) with public profiles may receive unsolicited advertisements in real time. While SPIM is less common than spam, it can also be more intrusive and dangerous. Whereas e-mail can be quickly scanned and deleted at any time, SPIM must be dealt with in real time. And while e-mail users generally know to be aware of spam, IM users expect to receive messages from personal contacts (“buddies”) and are more likely to be duped by a spimmer. Even a file or link from a known contact could be harmful as it could be a worm replicating itself through their contact list.

SPIT has not yet proven to be a significant problem. But as the popularity of Internet telephony grows, SPIT is sure to follow. Similar to its spam cousins, SPIT offers a unique “opportunity” for low-cost marketing on a global scale. At the push of a button, spammers could launch an entire telemarketing campaign to IP telephones across the globe.