The Gmail spam trap
Posted on 29 Jul 2010 at 14:43
Spammers are making their messages look like Gmail to try and fool filters
A security trends report I read recently suggests that spammers are now employing techniques that make it look as though their messages have originated from Gmail accounts, either by using actual compromised accounts or just by knocking up a template that copies the message style used by this service.
Commtouch Labs reckons that somewhere between 5% and 10% of all spam by volume is now designed to give the impression of coming from Gmail – but why bother doing this, you may be wondering?
Spammers have been spurred on to this new trend in deceptive legitimisation of their output
Well, it all comes down to what I call “deceptive legitimacy”. Global spam volumes are running as high as 200 billion messages per day, depending upon whose statistics you believe, and according to the eSoft Threat Center stats, some 70% of those messages can be accounted for by just one category: pharmacy spam.
Most of these are messages from fake pharmacy sites that try to sell you fake drugs (or else to just rip off your credit card number with no intention of selling you anything at all). The trouble is that we’ve all become rather immune to spam, almost to the point where it appears to have vanished from our view.
In truth this is just a magic trick performed by our email clients, which nowadays employ server-side filtering tools or standalone antispam filters to make sure we never see the stuff. The real volume of spam being pushed around the internet, and which costs our ISPs a small fortune in wasted bandwidth, certainly isn’t shrinking: an average of 305,000 new spam zombies are being activated every day just to support the malicious activity that leads to spam.
It’s as a consequence of this magic trick that makes us end users so much less likely to see spam, that the spammers have been spurred on to this new trend in deceptive legitimisation of their output. They absolutely have to find increasingly ingenious methods to circumvent the filters and get their obnoxious messages in front of our eyes, because if they don’t they’ll go out of business. We can but dream.
So now spam output is legitimised by sending it from compromised real email and social networking accounts. Many of us tell our email clients not to treat messages from certain trusted senders as spam under any circumstances, since we don’t want to miss out on important communications from business colleagues or friends. It’s quite common practice to simply exclude all messages coming from anyone who’s in your contacts list from the spam-filtering process, which is why compromised accounts are so sought after.
Get your hands on one of these lists and recipients on that list are almost certain to read your message, because they’ve become conditioned to trust that such contacts aren’t spammers. All the more reason to value your login data, dear reader, and that goes for social networks and forums as well as mail.
Direct messaging spam is on the increase and is another trend the spammers are exploiting. Even when your account hasn’t been compromised, the most savvy spammers are now applying a deceptive legitimacy approach by using Gmail, Facebook and PayPal templates among others to make messages appear, at first glance, to be something they’re not. Those elements within the text that look most “spammy” and “phishy” when subjected to a closer examination are now played down in an effort to circumvent filters.
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to turn off Google Location Tracking
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Microsoft backtracks on blocking out-of-date Java
- Gartner: time to start planning your Windows 7 upgrade
- Still on IE8? You've got 18 months to upgrade
- Who's buying Chromebooks? American schools
- Microsoft targets Windows in next Patch Tuesday
- Microsoft to block old ActiveX controls in security push
- Samsung and Apple call off all legal disputes, except in the US
- Microsoft ordered to hand over European data