Spammers take aim at HR departments

Recruitment consultancies and HR departments have become more attractive targets for spammers, while organisations dealing with valuable intellectual property remain the most popular targets

Human resources departments and recruitment agencies are being increasingly targeted by spammers, antivirus vendor MessageLabs said on Tuesday.

Targeted Trojan attacks have more chance of success against human resources and recruitment because they receive more Office documents from untrusted sources, according to MessageLabs.

"Their basic currency is CVs, or Word documents. Recruitment agencies and human resources receive a higher proportion of Office documents from personal accounts and from home users," said Mark Sunner, chief technology officer for MessageLabs.

Recruitment consultancies also tend to have a higher profile than other businesses, with easily accessible email addresses. This makes them an easier target for spammers, Sunner told ZDNet UK.

Home users can also unwittingly act as conduits for malware by emailing files from their infected home PCs, said MessageLabs.

"One thing we definitely know is the home is fertile ground for malware," said Sunner.

Over the past six months MessageLabs has seen an increase in the number of Word documents that are actually Trojan horses, and covertly install malware when opened.

The sector hit most by spam in March was the pharmaceutical industry, with 58.6 percent of emails sent to it being spam. Some spam contained targeted Trojans designed to slip past a company's defences and deliver a viral payload.

"The pharmaceutical sector has a higher percentage of spam from a Trojan perspective because it has interesting intellectual property. Imagine obtaining the next recipe for Viagra — that information would be worth a lot," said Sunner.

Governments are similarly attractive targets because of the value of the information they hold, said MessageLabs.

Recreation and retail also suffered from high levels of spam, with spam at 57.2 percent and 55.7 percent of all emails received, respectively.

"The high amount of spam for recreation and retail is linked to their close connection [through e-commerce] to the home-user community, which is the primary source of contamination. 90 percent of spam emanates from botnets. The home user community is now almost exclusively where spam comes from," said Sunner. "Any sectors closer to that have a big problem."