Dealing With New Spam Threats to Business

Written by Paul Cunningham on June 3, 2009

emergingThe first electronic spam that many businesses ever encountered came via email.  Before that spam was only in the form of “junk mail” delivered by post or received by fax.  Although a minor annoyance most pre-electronic spam was fairly harmless.  Rarely was a piece of junk mail intended to be malicious or an outright scam (beyond a normal degree of outlandish marketing hype anyway).

As email became a crucial business tool the spam problem rose rapidly to become the major problem it is today.  Regular research is released that puts spam at over 90% of global email traffic.  Despite this not every business takes it seriously enough to actually do something about preventing it.  Those that do will implement a quality anti-spam solution for their email and continue about their business hopeful that it will protect them from those on the internet with malicious intent.

However as the web evolves new spam threats have emerged that also need to be considered by businesses.

Email Spam

Email spam is a continually shifting landscape of new threats as spammers develop new techniques.  For example, spammers have gone from putting spam content in emails, to putting it in file attachments, to putting it in password-protected file attachments, to putting it in image files, to putting it on web pages that they link to, each technique intended to keep them a step ahead of anti-spam vendors and the protective measures built in to their products.

Spammers have used, and continue to use, home PCs on broadband connections that have been compromised by viruses.  When these don’t work thanks to RBL providers such as Spamhaus, they turn to free webmail services and simply break through the CAPTCHAs that are in place by breaking their algorithm or simply paying people in developing countries to manually enter the CAPTCHAs for them.

This continually evolving threat highlights the need to deploy serious protection for email spam.  A “bits and bobs” solution cobbled together from separate free components will not have the effectiveness of a comprehensive, integrated anti-spam product from a vendor committed to ongoing support and protection for new threats.

Social Networking

The emergence of social networking has changed business communication forever.  Although email remains critical to businesses more and more we see interaction occurring outside of email using social networking services such as Facebook and Twitter.  Staff may be using social networking only for personal use, but business use is also becoming common.

The threat posed by social networking is that messages will not be scanned or filtered by an email anti-spam solution. This leaves users open to phishing attempts and scams.  Although web filter technology can be used to simply block these services entirely, that makes them unavailable for genuine business use.

A better solution is one of user education.  Although social networking fosters close relationships with people around the world the same level of suspicion should be applied to social networking interactions as it is to email.

URL Shortening Services

The explosive popularity of Twitter has lead to an equal explosion in the use of URL shortening services.  These services convert a very long URL into a much shorter one, making them perfect for the limited space available in a Twitter post.  Because of this their use is spilling over to other social networking services, and also being used in emails.

The problem presented by these services is it disguises the true destination of the URL, which can thwart content filters that check for URLs for domains with a reputation for spam.  I was recently working at a customer site where all such URL shortening services were outright banned, which is a short sighted approach to the problem.  Given that the URL redirects the browser to the real destination, and that destination is still accessed via the same web proxy, the proxy could still apply URL filtering to the ultimate destination.

Rather than viewing URL shortening services as the problem, a better solution is to ensure that all web traffic is subject to URL filtering that will block known malicious websites.  This makes web filtering part of an overall anti-spam solution, by protecting users from malicious short URLs sent via email or over social networks.

Free File Hosting

Terry Zink of Microsoft recently considered the problem of free file hosting services and who is responsible for scanning the content stored in them for viruses.  The spam problem here is an email saying “Check out this important file…” which links to a malicious file at a free hosting service run by an otherwise trusted and reputable web company.

He makes a good point but businesses don’t need to wait for the problem to be sorted out by the providers, nor do they need to be blocked entirely which deprives users from making genuine use of them.  Instead the same approach can be taken as for URL shortening services.  By utilising web filtering that scans file downloads the threat can be greatly reduced.

Comprehensive Strategy

As new threats emerge it demonstrates a need to consider spam prevention not just in respect to email, but for all online interactions that our end users might engage in.  With a combination of email protection, web filtering, and end user education a business can be protected from these threats as they evolve.

Liked this post? Share it!
  • Digg
  • StumbleUpon
  • del.icio.us
  • Slashdot
  • Technorati
  • Reddit
  • NewsVine
  • Facebook
  • Google Bookmarks
  • TwitThis
  • Mixx
  • Furl
  • Live
  • Ma.gnolia
Bookmark the permalink. Follow any comments here with the RSS feed for this post.

Related Posts

Leave a Reply

Comment Policy