E-mail takes a nastier turn

The threat to users from unsolicited e-mail is only getting worse....
Written by Iain Ferguson, Contributor on
commentary The federal government is anxious to congratulate itself -- with some justification -- on the success of its anti-spam legislation to date.
Iain Ferguson, News Editor, ZDNet Australia

And it seized the opportunity to do so recently when departmental officials released a review of the effectiveness of the legislation in curbing the distribution of unsolicited bulk commercial e-mails over its two and a half years of operation. The Minister for Communications, Information Technology and the Arts, Senator Helen Coonan, duly cited impressive statistics such as Australia's slide from 10th to 23rd on the list of worldwide sources of spam since the Spam Act was enforced from April 2004.

However, while the Spam Act has been effective in curbing spammers' activities in this country, there is plenty of evidence to suggest that the threat to Australian computer users from unsolicited e-mails is actually getting worse. What used to be a distribution tool for nuisance-value invitations to purchase dubious goods is now, as the officials' review notes, "increasingly being used as a vehicle for malicious software associated with fraud, theft and lack of privacy".

The officials acknowledge the anti-spam legislation itself does not explicitly mention spam with malicious content. While it does provide a basis for proceeding against distributors of malicious e-mails with a commercial element -- such as get-rich-quick schemes and the Nigerian scams -- phishing schemes and the like are primarily dealt with through Australia's criminal, trade practices and privacy laws.

Bodies such as the Australian Communications and Media Authority (ACMA) -- which enforces the legislation -- and the Australian Bankers' Association (ABA) argue that malicious messages should be specifically brought within the ambit of the Spam Act.

According to the review, the ACMA believes "it is no longer possible to separate anti-spam activities from cyber-security, online crime and other malicious uses of the online environment".

For its part, the ABA argues the Act should be expanded to cover "non-commercial spam" such as phishing, viruses and hoaxes.

At the end of the day, it doesn't really matter what pieces of legislation are used and what agencies are involved as long as the threat is dealt with effectively.

The increasingly insidious and malicious nature of the problem is apparent each time your writer looks at his work e-mail inbox and sees new examples of increasingly well-crafted phishing messages.

The latest message -- purporting to be from Westpac -- is grammatically correct, contains no spelling errors and carries the authoritative stamp of an official communication from the institution.

While the Westpac Web site carries an advisory issued this week confirming the e-mail is fake, a less-informed user could easily be deceived and face extremely distressing financial loss and/or identity theft.

So while the Spam Act has in itself been a success to date, the battle against unsolicited e-mail -- not just commercial, but all kinds -- is far from being won. The government has implemented a number of measures to combat cybercrime, particularly identity theft, through legislative and resourcing mechanisms. Let's hope the authorities can get ahead and stay ahead of the scammers.

What do you think? Are we winning the battle against phishing scams or is the threat increasing? Are less-experienced computer users vulnerable to increasingly sophisticated assaults? Should governments worldwide be doing more on this issue? E-mail me at iain.ferguson@zdnet.com.au and give me your feedback.

Iain Ferguson is the News Editor of ZDNet Australia.

To take your opportunity to vent about what's bugging you in enterprise technology, visit ZDNet Australia's disaster recovery blog, penned by myself and journalist Steven Deare. The blog can be accessed at www.zdnet.com.au/blogs/disasterrecovery.

Editorial standards