Spam Mail Still Number 1

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,532
Never click on anything that you do not know what it is...for sure. F-Secure is telling us that spam mail is still in the number one spot for malware and phishing distribution. OK, it has been that way for 40 years, but what is interesting is that email spam is on the way up percentage-wise, as other systems we access are getting more secure.


Criminals are not just relying on the content of spam to trick users. They are also using new methods to infect users who are wise to the dangers of clicking on unsolicited attachments. “Rather than just using malicious attachments, the spam we’re seeing often features a URL that directs you to a harmless site, which then redirects you to site hosting malicious content. The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible,” Päivi says. “And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”
 
What defines spam mail or phishing mail I wonder pertaining to this report? Does corporations attempts to phish or scam its employee as part of security awareness training play any role into this report? If so it would make sense for this number to rise as more and more companies are incorporating such methods to help train its employees to spot and not click on "phishy" emails.
 
Most the spam/phishing emails that get through our filter are like this.
I can't simply block all attachments, as we have sales people who exchange documents with customers on a regular basis.

Lucky, I have most my end users trained to not click on any links in emails or open attachments.
If they think it might be legit, I have them forward the email to me to verify it's safe.

Whenever I see one of these spam/phishing emails, I automatically block the domain, so we will not receive any more emails from the sender.
A few times it's been an actual customer, so instead of blocking them, we let them know their email has been hacked :eek:

The scariest ones are the ones that are specifically targeting people, usually in accounting, HR or management.
Emails with faked from addresses asking for information or telling them or open a file.
 
Some of my accounts get at least one every day. Never seen more than three at a time. Everyone once in a while I get one that makes me pause to wonder if it is real, but mostly they are so obvious I can't believe it was sent out.
 
One of the reasons I like gmail. It tosses most of the crap automatically.
 
Most the spam/phishing emails that get through our filter are like this.
I can't simply block all attachments, as we have sales people who exchange documents with customers on a regular basis.

Lucky, I have most my end users trained to not click on any links in emails or open attachments.
If they think it might be legit, I have them forward the email to me to verify it's safe.

Whenever I see one of these spam/phishing emails, I automatically block the domain, so we will not receive any more emails from the sender.
A few times it's been an actual customer, so instead of blocking them, we let them know their email has been hacked :eek:

The scariest ones are the ones that are specifically targeting people, usually in accounting, HR or management.
Emails with faked from addresses asking for information or telling them or open a file.

Yep, we get stuff like this regularly. Fake invoices, fake shipping docs, etc. For me personally, these emails seem "obvious". But I do have co-workers that still fall for some of this stuff.
 
I'm pretty sure spam wasn't the primary vector for malicious software back in 1978. boot sector viruses and floppy sharing were the main means of spreading for a while.
 
One of the reasons I like gmail. It tosses most of the crap automatically.
The problem is GMAIL is *too* strict. I can't tell you how often one of our clients complain that their customers aren't receiving their legitimate emails and ask what's wrong with our software. "Uh, no, you need to have GMAIL white list you."
 
Most the spam/phishing emails that get through our filter are like this.
I can't simply block all attachments, as we have sales people who exchange documents with customers on a regular basis.

Lucky, I have most my end users trained to not click on any links in emails or open attachments.
If they think it might be legit, I have them forward the email to me to verify it's safe.

Whenever I see one of these spam/phishing emails, I automatically block the domain, so we will not receive any more emails from the sender.
A few times it's been an actual customer, so instead of blocking them, we let them know their email has been hacked :eek:

The scariest ones are the ones that are specifically targeting people, usually in accounting, HR or management.
Emails with faked from addresses asking for information or telling them or open a file.

Does not seem practical for thousands of employees to forward you all their attachments for verification.
 
One of my clients got this email 2 days ago.
Dear xxxxxxxxx@yahoo.com,
Your Apple ID Account was used to sign in to Safari on an iPhone 6 and make an make purchase of $64 on App Store.

Date and Time : 7/30/2018 4:00:34 PM 03:42:51 PM
IP : 181.106.193.107
Operating System : iOS 11.4

If the information above looks familiar, you can disregard this email.
If you have not recently signed in to an iPhone 6 your account and believe someone may have accessed your account, go to your account and update your information as soon as possible.

link to a real looking apple login page

Caroline Hurne
Support - AppleID.

Copyright © 2018 AppleID, Inc. All rights reserved.
You subscribed to our newsletter via our website.​
Nothing but a Phishing scam
Be careful out there folks, the intarweb is not a safe place.
 
I really wish email service providers figure out a way to prevent spam/phishing emails from happening in the first place
such as proper identification of ip numbers to verify potential "fraud" or whatever.

pretty sure name@%^#$%^#^%.com is a BS email address, or using your own name from a different IP in a different part of the world to send email to yourself (when you have never been outside of you own country in your life)

especially when services such as hotmail/live have a constant ad saying "upgrade for premium features" but basically do nothing about the spam crap.

everyday I get somewhere in the range of 400 emails, a few of them mailed to me from my own email name (which I did not send) from my 3 email accounts.

with all this fancy tech out there, you figure by now they would have found a way to PREVENT "hiding" the actual account name (taking proper steps to make sure every sender is LEGIT or cannot send) or whatever so one can be able to block it properly.

------------------------------------

do not click on an unknown sender email...so 1/3 or so emails you cannot unsub for email spam you never signed up for in the first place, and the so called "do not email lists" 99% of time for 300+ entries only manage to unsub from 10 of them or so.

bloody hell, maybe they should make an anti-spam email checker to blast the crap out of the service providing the "robots" from sending blast emails out to 10 bajillion people in 1 click, fry their systems like they are frying our eyeballs dealing with it ^.^
 
I really wish email service providers figure out a way to prevent spam/phishing emails from happening in the first place
such as proper identification of ip numbers to verify potential "fraud" or whatever.

I have a spam filter server running at the office. There are a number of setting to verify if the sender of an email is legit.
I can't enable the most strict settings because too many of our customers would be blocked.
Even on the less strict settings, we still have problems with some customers.
I usually have to send their IT staff instruction on how to correctly setup their server and DNS settings so that their emails won't be blocked.

If everyone would setup their servers/DNS correctly and lock down their servers (no open relays) we could block a lot more spam.

The biggest problem is spam from legit email servers that have been hacked, or domains like .bid, .click, .top, etc that are nothing but havens for spammers. (I've blocked all emails form many of these new domains.)

I'd also block most foreign emails is we where strictly a US business, but we do a lot of business in other countries.

Even the .us domain has way too many spammers.
I've had to block that domain by default and make exceptions for our customers that are clueless to how worthless that domain is due to all the spam.
 
Back
Top