The Gmail spam trap
Posted on 29 Jul 2010 at 14:43
Spammers are making their messages look like Gmail to try and fool filters
A security trends report I read recently suggests that spammers are now employing techniques that make it look as though their messages have originated from Gmail accounts, either by using actual compromised accounts or just by knocking up a template that copies the message style used by this service.
Commtouch Labs reckons that somewhere between 5% and 10% of all spam by volume is now designed to give the impression of coming from Gmail – but why bother doing this, you may be wondering?
Spammers have been spurred on to this new trend in deceptive legitimisation of their output
Well, it all comes down to what I call “deceptive legitimacy”. Global spam volumes are running as high as 200 billion messages per day, depending upon whose statistics you believe, and according to the eSoft Threat Center stats, some 70% of those messages can be accounted for by just one category: pharmacy spam.
Most of these are messages from fake pharmacy sites that try to sell you fake drugs (or else to just rip off your credit card number with no intention of selling you anything at all). The trouble is that we’ve all become rather immune to spam, almost to the point where it appears to have vanished from our view.
In truth this is just a magic trick performed by our email clients, which nowadays employ server-side filtering tools or standalone antispam filters to make sure we never see the stuff. The real volume of spam being pushed around the internet, and which costs our ISPs a small fortune in wasted bandwidth, certainly isn’t shrinking: an average of 305,000 new spam zombies are being activated every day just to support the malicious activity that leads to spam.
It’s as a consequence of this magic trick that makes us end users so much less likely to see spam, that the spammers have been spurred on to this new trend in deceptive legitimisation of their output. They absolutely have to find increasingly ingenious methods to circumvent the filters and get their obnoxious messages in front of our eyes, because if they don’t they’ll go out of business. We can but dream.
So now spam output is legitimised by sending it from compromised real email and social networking accounts. Many of us tell our email clients not to treat messages from certain trusted senders as spam under any circumstances, since we don’t want to miss out on important communications from business colleagues or friends. It’s quite common practice to simply exclude all messages coming from anyone who’s in your contacts list from the spam-filtering process, which is why compromised accounts are so sought after.
Get your hands on one of these lists and recipients on that list are almost certain to read your message, because they’ve become conditioned to trust that such contacts aren’t spammers. All the more reason to value your login data, dear reader, and that goes for social networks and forums as well as mail.
Direct messaging spam is on the increase and is another trend the spammers are exploiting. Even when your account hasn’t been compromised, the most savvy spammers are now applying a deceptive legitimacy approach by using Gmail, Facebook and PayPal templates among others to make messages appear, at first glance, to be something they’re not. Those elements within the text that look most “spammy” and “phishy” when subjected to a closer examination are now played down in an effort to circumvent filters.
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Microsoft slashes custom XP support price
- Ubuntu LTS Server 14.04 extends cloud support
- Intel: PC sales are "encouraging"
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Dropbox boosts app line-up with Carousel and Mailbox for Android
- BlackBerry CEO says not selling off phones "any time soon"
- Microsoft halts business downloads of Windows 8.1 Update
- Raspberry Pi targets business with Compute Module
- Microsoft releases final patches for Windows XP