With conservative estimates suggesting that spam accounts for over 85% of all email, and with spammers getting cleverer about tricking people into opening messages they normally wouldn’t, spam is a huge pain for businesses.
Although most spam is commercial and not particularly harmful, it still costs companies through lost productivity as employees spend a great deal of their working hours wading through spam mails, and through high network congestion and wasted bandwidth.
“Spammers will use any means to hook people into reading their messages and sucking them into their campaigns. They have become particularly adept at structuring headers for the subject line that tie into newsworthy and current events so that people are more likely to open the mails.
“What this means is that thousands upon thousands of people are being conned into reading emails they wouldn’t bother to open otherwise. This is a waste of company time, resources, bandwidth and money,” says Dries Morris, Operations Director at local IT security firm, Securicom.
According to Morris, recent spam analysis by Symantec showed that seven of the top ten spam subject lines in June matched news headlines about the 2010 FIFA Soccer World Cup and two had headlines about the gulf oil spill crisis.
Other top subject lines used in spam messages included calls to reset Facebook and Twitter passwords; false alerts of Delivery Status Notification Failures; “Replica Watches”; notifications that celebrities like Angelina Jolie want the user to join Facebook, and “we’ve delivered your purchase”.
In May and June the top spam subject line was blank, appealing to the natural sense of curiosity of users’ to uncover the unknown, while the second most-seen spam subject line in June: “Outlook Setup Notification”, was a wide-spread outbreak that contained malware. On June 13th, 12% of all spam contained malware.
“These tactics make messages hard for users to recognise mails as spam, and many are just too enticing for some not to open. Once they’ve opened it, they are lured to unsafe or spoof sites, tricked into divulging personal or sensitive information, and opening attachments containing viruses and spyware. Often users are conned into entering fake competitions, buying products or services they don’t need, and sharing friends’ email addresses which are then sold to spammers to grow their mailing lists, leading to more and more spam being generated and distributed.
“This also opens up the company network to a host of IT security risks and fraud, while the users can themselves become victims of fraud and ID theft,” says Morris.
He says users should be made aware of the ugly side of spam and told to avoid opening messages they suspect are spam.
“Employees should be told not to open emails from senders they do not recognise or emails with dubious subject lines. They must be weary of sharing their email address or contact details online and if they do need an email address to register on a website, they should not use their company one but rather a disposable email address.
“If they do open a mail that is spam, they must never click on links embedded in the message or open attachments. They should also be advised not to reply to spam messages or fill out forms in an email requiring personal or financial information or passwords. A credible company isn’t likely to ask for personal details via email,” he warns.
Morris says all companies should implement effective measures for identifying and siphoning spam before it reaches employees’ desktops.
“A robust anti-spam solution should be deployed to filter inbound and outbound email across the enterprise. It also helps considerably to keep abreast of spam trends,” he advises.
Securicom provides a comprehensive, packaged solution for managing email and email security. The solution, e-Purifier, utilises best-of-breed technologies, including Symantec Brightmail, and encompasses email content
management, anti-SPAM, recipient validation and three layers of anti-virus to provide proactive and effective management of email at ISP level. It is a fully hosted solution that is offered on a subscription basis.