The Gmail spam trap
Posted on 29 Jul 2010 at 14:43
Spammers are making their messages look like Gmail to try and fool filters
A security trends report I read recently suggests that spammers are now employing techniques that make it look as though their messages have originated from Gmail accounts, either by using actual compromised accounts or just by knocking up a template that copies the message style used by this service.
Commtouch Labs reckons that somewhere between 5% and 10% of all spam by volume is now designed to give the impression of coming from Gmail – but why bother doing this, you may be wondering?
Spammers have been spurred on to this new trend in deceptive legitimisation of their output
Well, it all comes down to what I call “deceptive legitimacy”. Global spam volumes are running as high as 200 billion messages per day, depending upon whose statistics you believe, and according to the eSoft Threat Center stats, some 70% of those messages can be accounted for by just one category: pharmacy spam.
Most of these are messages from fake pharmacy sites that try to sell you fake drugs (or else to just rip off your credit card number with no intention of selling you anything at all). The trouble is that we’ve all become rather immune to spam, almost to the point where it appears to have vanished from our view.
In truth this is just a magic trick performed by our email clients, which nowadays employ server-side filtering tools or standalone antispam filters to make sure we never see the stuff. The real volume of spam being pushed around the internet, and which costs our ISPs a small fortune in wasted bandwidth, certainly isn’t shrinking: an average of 305,000 new spam zombies are being activated every day just to support the malicious activity that leads to spam.
It’s as a consequence of this magic trick that makes us end users so much less likely to see spam, that the spammers have been spurred on to this new trend in deceptive legitimisation of their output. They absolutely have to find increasingly ingenious methods to circumvent the filters and get their obnoxious messages in front of our eyes, because if they don’t they’ll go out of business. We can but dream.
So now spam output is legitimised by sending it from compromised real email and social networking accounts. Many of us tell our email clients not to treat messages from certain trusted senders as spam under any circumstances, since we don’t want to miss out on important communications from business colleagues or friends. It’s quite common practice to simply exclude all messages coming from anyone who’s in your contacts list from the spam-filtering process, which is why compromised accounts are so sought after.
Get your hands on one of these lists and recipients on that list are almost certain to read your message, because they’ve become conditioned to trust that such contacts aren’t spammers. All the more reason to value your login data, dear reader, and that goes for social networks and forums as well as mail.
Direct messaging spam is on the increase and is another trend the spammers are exploiting. Even when your account hasn’t been compromised, the most savvy spammers are now applying a deceptive legitimacy approach by using Gmail, Facebook and PayPal templates among others to make messages appear, at first glance, to be something they’re not. Those elements within the text that look most “spammy” and “phishy” when subjected to a closer examination are now played down in an effort to circumvent filters.
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Nokia XL review: first look
- IDC: iPad intertia opens door for Windows tablets
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- Office 365 gets two-factor authentication