Spam report: Old school techniques are back; companies on alert
An old school spamming technique among Internet bad guys - using images to hack their way into a system or spread viruses - is back.
Google's e-mail security services team reported Spam trends for the third quarter in a blog post today and, among the findings was a 123 percent year-over-year jump in the amount of spam bytes processed per user. In a nutshell, spam messages are bigger, meaning that they have bad attachments again.
That trend prompted Google to issue an alert to companies that process spam in their own network. The team wrote:
The larger sizes create a bandwidth burden that can impact speed across your network. As the chart shows, Q2'09 delivered the record high to date for spam size – and subsequently for bandwidth drag for teams that manage spam in-house, potentially forcing those organizations to upgrade their capacity limits.
The team also warned business e-mail users to watch out for e-mail spams that appear to come from the company's domain name. Spoofing emails is allows spammers to mask their real sender and a loophole often created by the company itself: adding its own domain to the approved sender list. The Google team writes:
While this might seem like a good idea at first glance – we want to make sure we don't block email from our colleagues, right? – in practice all it does is open your organization up to spoofed email. With that in mind, we strongly recommend that organizations not add their own domains to their approved sender lists. (Don't worry – legitimate mail from within your domain is correctly identified by filters and generally gets through just fine.)
One last note: Emails that appear to come from the IRS about underreported income and those that include fake package tracking attachments are being received in large numbers. While most people know to avoid clicking on such e-mails, the volume of them means that only a small percentage of users have to open them for the damage to be done.
Consider yourself warned.