The Gmail spam trap
Posted on 29 Jul 2010 at 14:43
Spammers are making their messages look like Gmail to try and fool filters
A security trends report I read recently suggests that spammers are now employing techniques that make it look as though their messages have originated from Gmail accounts, either by using actual compromised accounts or just by knocking up a template that copies the message style used by this service.
Commtouch Labs reckons that somewhere between 5% and 10% of all spam by volume is now designed to give the impression of coming from Gmail – but why bother doing this, you may be wondering?
Spammers have been spurred on to this new trend in deceptive legitimisation of their output
Well, it all comes down to what I call “deceptive legitimacy”. Global spam volumes are running as high as 200 billion messages per day, depending upon whose statistics you believe, and according to the eSoft Threat Center stats, some 70% of those messages can be accounted for by just one category: pharmacy spam.
Most of these are messages from fake pharmacy sites that try to sell you fake drugs (or else to just rip off your credit card number with no intention of selling you anything at all). The trouble is that we’ve all become rather immune to spam, almost to the point where it appears to have vanished from our view.
In truth this is just a magic trick performed by our email clients, which nowadays employ server-side filtering tools or standalone antispam filters to make sure we never see the stuff. The real volume of spam being pushed around the internet, and which costs our ISPs a small fortune in wasted bandwidth, certainly isn’t shrinking: an average of 305,000 new spam zombies are being activated every day just to support the malicious activity that leads to spam.
It’s as a consequence of this magic trick that makes us end users so much less likely to see spam, that the spammers have been spurred on to this new trend in deceptive legitimisation of their output. They absolutely have to find increasingly ingenious methods to circumvent the filters and get their obnoxious messages in front of our eyes, because if they don’t they’ll go out of business. We can but dream.
So now spam output is legitimised by sending it from compromised real email and social networking accounts. Many of us tell our email clients not to treat messages from certain trusted senders as spam under any circumstances, since we don’t want to miss out on important communications from business colleagues or friends. It’s quite common practice to simply exclude all messages coming from anyone who’s in your contacts list from the spam-filtering process, which is why compromised accounts are so sought after.
Get your hands on one of these lists and recipients on that list are almost certain to read your message, because they’ve become conditioned to trust that such contacts aren’t spammers. All the more reason to value your login data, dear reader, and that goes for social networks and forums as well as mail.
Direct messaging spam is on the increase and is another trend the spammers are exploiting. Even when your account hasn’t been compromised, the most savvy spammers are now applying a deceptive legitimacy approach by using Gmail, Facebook and PayPal templates among others to make messages appear, at first glance, to be something they’re not. Those elements within the text that look most “spammy” and “phishy” when subjected to a closer examination are now played down in an effort to circumvent filters.
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Chromebooks get version of Photoshop
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Microsoft backtracks on blocking out-of-date Java