Thieving spam: it’s no longer about just advertising

As cybercrime keeps focusing on profit, the share of plainly malicious spam, spreading out Trojans, phishing links, etc., will grow.

Mortgage enlargement pills, no-prescription junk, get rich and lose weight fast by multi-level mountebanking, – well, we used to see all of this before spam filters became as good as they are, and still occasionally some of this goo spills through. Dealing with spam is still a chore for corporate IT workers, since it’s not just about blocking off all unwanted mail, it’s also about letting the right mails in, so that no important information and business opportunities ended up in the “spam” folder, or got bounced. But for a few years now it unsolicited mail increasingly becomes a source for quite different threat. Spam is no longer just about advertising.

Thieving mail

For the fourth year running programs designed to steal users logins, passwords and other confidential data remain on top of the list of the most widespread malware distributed by email, according to Kaspersky Lab’s experts.

To a large proportions it is phishing mails – wide nets spread out by the criminals hoping at least some people will fall into the trap. Their hopes are justified, apparently: phishing remains a widely recognized problem.

42.6% of phishing attacks targeted global portals that integrate many services accessed via a single account. This is less than surprising: getting a key that opens many doors – what can be better? Apparently the fact that most often in phishing attacks were used such brands as Yahoo! (23.3%), Facebook (10%) and Google (8.7%) is unsurprising either.

Spam as a cyberthreat always has the top place, although it used to be hard to estimate the actual damage – it was mostly indirect. But now it’s becoming more and more “expressed”. Read more about it in Kaspersky Lab’s Global IT Risks Report.

Mobile spam

More and more often mobile users have to face spam mailings imitating mobile mail (“Sent from my iPhone” type, etc.) with links to malicious attachments. Given how many people keep the important info in their mobiles, attempts to phish out this data are well expected.

Similarly, amount of fake notifications from mobile applications and banks grows, and crooks approach their “task” more cleverly, adding to fake messages links to official resources and services of the organizations from which they claim to be sending their bogus notifications. Obviously they try to dupe users and spam-filters that way: among the legit links there is always at least one malicious link either.

Silver Lining

While situation with spam is still quite toxic, there is also a good trend: the total share of spam keeps going down: the proportion of spam in email flows was 66.8% in 2014, which is 2.8 percentage points lower than the previous year. And though it is still way above of the 50%, a few years ago it was near 90%. Feel the difference.

On the other hand, as cybercrime keeps focusing on profit, the share of plainly malicious spam, spreading out Trojans, phishing links, etc., will grow. So it will be less and less about malvertising and more about thieving.

More on the spam in 2014 read in the new article at Securelist.