Spam rates hit five-year low, but phishing is on the rise

Spam percentages have dropped over 70 percent over the past year, but cyber criminals continue to hone their tactics

Thanks to successful botnet shutdowns, the amount of spam oozing through the Internet has dropped considerably over the past year, driving the overall percentage of unwanted email messages to depths unseen since 2006. Phishing, however, is on the rise, according to Symantec's June 2011 "State of Spam & Phishing Report" (PDF).

Spam rates dropped 10 percent from April to May of this year. Between May 2010 and May 2011, spam rates plummeted 70.65 percent, according to Symantec. Those percentages appear a bit less impressive, however, when you consider that spam still made up 72.14 percent of all email messages in the month of May. Still, compared to spam rates of more than 90 percent witnessed repeatedly over the past three years, it's a heartening trend.

Spam rates hit five-year low but phishing is on the rise

Less heartening, however: The overall phishing landscape increased by 6.67 percent between April and May, according to Symantec. Phishing websites built with automated toolkits jumped 24.82 percents, and the number of non-English phishing sites surged 17.73 percent, with Portuguese, French, Italian, and Spanish among the popular languages.

Spammers and phishers are employing both familiar and new techniques to dupe users -- spam messages promoting pharmaceutical products remain popular, for example. Symantec witnessed in May an increase in pharmacy spam abusing a "well-known online video sharing site." The message would say that the recipient's video had been removed, for example, prompting the curious to click a link within the message supposedly going to the video site. Instead, the user would end up going to a Canadian pharmacy Web page.

Additionally, Symantec saw an increase in spam designed to exploit end-users' familiarity with Wikipedia by duping them into visiting a site called WikiPharmacy. Designed to resemble Wikipedia, the site promotes pharmacy products at discount prices.

Phishers, meanwhile, launched a couple of new campaigns last month. One phishing attack was designed to lure victims into surrendering their online banking information and other confidential data to a spoofed Reserve Bank of India website, under the guise of expediting their tax refunds.

Additionally, phishers took advantage of tragedies in Japan by spoofing the websites of charitable organizations and banks. Upon entering their credentials, users would be redirected to the legitimate website, unaware of the fact they had provided their login information -- and access to their linked credit card and bank accounts -- to phishers.

America is the foremost leader in creating spam and phishing lures, as well as hosting phishing sites, according to Symantec. 29 percent of spam in May was generated in the United States. India, Russia, Brazil, and the Netherlands all tied for second at 5 percent. Forty-four percent of phishing lures, meanwhile, were spawned in the United States in May, while Chile held the number two spot with 15 percent. Finally, 51 percent of phishing-site hosting was done in America in May. Germany was the next closest with 6 percent.

Symantec's report concludes with some common-sense instructions on how to reduce spam and to avoid ripped off by a phishing attack. Among them:

  • Unsubscribe from legitimate mailings that you no longer want to receive
  • Avoid publishing your email address on the Internet or surrendering it to too many websites
  • Set up multiple email addresses for multiple purposes -- for example, one address solely for mailing lists
  • Avoid clicking on suspicious links in email or IM messages, as these may be links to spoofed websites; typing addresses into your browser is safer
  • Do not open unknown email attachments
  • Do not reply to spam messages, and especially do not fill out forms in messages requesting sensitive information such as bank account number of Social Security number; reputable companies should not request that sort of data via email, and when in doubt, call the company

This story, "Spam rates hit five-year low, but phishing is on the rise," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.


Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform