Bloomberg Businessweek (North America)
Bespoke spam knows how to get around your e-mail filter
Hacking ▶ Scammers are using small-batch attacks to evade filters ▶ “This shows they are getting more concerned about quality”
Unlike the early days of the Internet, most e-mail in-boxes are no longer clogged with poorly worded come-ons for Viagra or Nigerian banking scams. Modern e-mail filters block more than 99.99 percent of the 400 billion spam messages sent around the globe daily. But crude efforts to swipe people’s data are still big business—86 percent of the world’s e-mail traffic, worth $200 million a year—and the scammers who use them are getting smarter, according to a report prepared for Bloomberg Businessweek by researcher Agari Data in San Mateo, Calif.
Instead of blasting fake e-mails to millions of people at a time, hackers are increasingly targeting groups of a couple hundred or thousand, the Agari report says. By sending the spam in relatively tiny batches and using e-mail accounts hosted through small companies not typically listed among known cyberthreats, the senders have been able to evade detection by filters and get their messages to people’s in-boxes. Industry researchers call it “snowshoe spam,” because it’s relatively small compared with the Zamboni-size conventional spam blast.
“Spammers are getting much more focused, much more targeted,” says Vidur Apparao, Agari’s chief technology officer. “This shows they are getting more concerned about quality.”
One of the more successful attacks Agari examined was a series of 5,000 e-mails sent to Apple customers in France last October. The e-mails, purporting to be from Apple, contained links to a fake itunes login page. The Agari report says most found their way to the intended recipients’ in-boxes using accounts hosted by an obscure Belgian cloud company. Attacks frequently involve small hosting providers that don’t have the same kinds of checks Amazon.com or
Google have in place to detect scammers, Apparao says.
Agari says it took e-mail filters eight hours to start catching on to the French itunes scam. By spamming standards, that’s a success, though Agari couldn’t determine how many of the 5,000 people fell for it and gave up their passwords.
A separate attack, also in October, involved 169 e-mails targeting Italian users of Paypal with a similar set of phony links and logins. Links are a more effective spammer tool than attached files because they take longer for e-mail filters to assess as threats. Many filters, including most used by smaller e-mail providers, don’t even bother to deal with links.
Snowshoe attacks are causing serious problems for spam filters, says Craig Williams, a senior manager at Talos, a cybersecurity research division of Cisco Systems. He says the amount of snowshoe spam has more than doubled in the past two years and accounts for more than 15 percent of the world’s junk messages.
As artisanal spam becomes a bigger problem, the $84 billion cybersecurity industry is advocating that e-mail operators adopt new protections. Among the more radical ideas: creating a global registry for banks, retailers, and other companies that send mass mailings. The companies would register the servers they use to send their own junkier e-mails, such as those advertising clothing sales or refinancing rates; the e-mail systems would then block any other addresses purporting to send such messages.
Getting all the interested parties on board for a global registry has been a challenge, especially outside the U.S. For now, Agari recommends the usual defenses: Closely scrutinize the e-mail addresses that purport to be from a company you know, and when in doubt, don’t click any links. “It’s a numbers game,” Williams says. Even if the scammers boost their spam returns by only 1 percent, “1 percent of a billion e-mails is a pretty good number.”
The bottom line So-called snowshoe spam now accounts for more than 15 percent of the 400 billion junk e-mails sent around the world each day.
Edited by Jeff Muskus Bloomberg.com