First, the good news: worldwide spam rates fell 2.5 percent to 69.6 percent of email flows in 2013 and the number of emails with malicious attachments fell 0.2 percent for the year to 3.2 percent.
But spammers have come up with some new tricks to bypass corporate spam filters, forcing antispam vendors, IT managers and consumers to step up their games.
It's not just the tactics, but the perpetrators and targets that are changing, according to a new security bulletin from Kaspersky Lab.
It would seem that spammers have come to the realization that their targets are much more tech savvy these days. So instead of focusing exclusively on bank accounts and other financial data, they've moved on to social networking and email as their preferred illicit playgrounds because, well, that's where all the data is.
"As we see fewer legal commercial offers in spam, the more we see fraudulent and malicious messages appearing," the report said. "Previously cybercriminals could rely on exploiting the trust of unwary users, but now they face a new generation of IT-savvy targets. That has prompted them to adopt new tactics, such as sending out malicious attachments in the guises of antivirus updates."
Progressive spammers are now sending part of a mass mailing to subscribers who have agreed to receive advertisements and sending the other chunk of the mailing to email addresses taken from databases they've purchased so that when security vendors block the emails, they can try to say that their mailings are on the up and up by pointing to the legitimate websites where people can go to unsubscribe. These so-called "grey" mailings have compelled security software vendors to develop new technologies that will block messages based on sender reputations.
Kaspersky researchers expect spam traffic this year to remain at about the same level as 2013, but are predicting a pronounced spike in these "grey" distributions.
"Spam is changing and as traditional advertising declines we see far more fraud, malware and phishing," the report concluded. "As a result, even experienced Internet users have to be more alert than ever to avoid stumbling into a cybercriminal’s trap."