Spampaigning: Not Your Father’s SpamWritten by Malcolm James on October 1, 2013
You know, the days when a spam message was an email that started out “My Dear…” When it comes to using the English language, I’m a repeat offender, and recognized the gaffe right away. The sender, with his ho-hum grasp of the language, committed a linguistic atrocity by misinterpreting the purpose of the formal salutation “Dear Sir/Madam,” gleaning the literal meaning of ‘dear,’ all the while trying to bilk you out of thousands of dollars.
(sigh) Yes, those were the good old days. When spam was either a mysterious yet delicious canned meat packed in jelly, or something that frequently invaded our inboxes and failed to trick all but the most naïve and decidedly non-clever of folks. At times, it was even entertaining, was spam email. I myself got plenty of laughs over the princes from Nairobi, the old dying women from Spain, the promises of quick and easy male enhancement – all in one little miracle pill, mind you – and an Internet of spam that, like Douglas Adams’ Earth, seemed mostly harmless.
Those days are over. Your daddy’s Internet is gone and the one that’s replaced it is a golem that barely resembles the pre-Microsoft Hotmail. The days when Yahoo and Altavista were the co-kings of the search castle and Google was a mote in Larry Page’s eye is a distant dream, and the only resemblance between the spam of yore and today’s spam is that it’s still an ugly monster born in the minds of criminals who would gladly part you from your hard-earned money.
One only has to Google spam to understand what’s happened to the stuff. No longer a single entity deposited in an inbox, it’s now a chimera formed in spam campaigns – spampaigns – that leverage multiple tiers. Stories this week discuss the SpamSoldier spambot that’s been invading Android phones for some time now. We’re lulled into a false sense of security by the perennial articles that tout a reduction in spam email (I say that because, dollars to donuts that next quarter I’ll be writing an article about the sharp increase in spam email); all the while, we find articles that discuss how social media spam is threatening the enterprise level, posing a serious security risk to organizations that just can’t grasp the slippery eel of social media inside the firewall.
An article that uses Breaking Bad as its example (in case you’ve been living on Mars, that’s the blockbuster show by AMC whose meth trip is coming to a predictably unceremonious end this weekend) discusses how micro-targeting – the practice of using themes and timing that might appeal to and nab in their net of deception the subsets of users who key into those themes – is becoming more prevalent. In fact, we’ve seen it for some time now, using holidays and events to trick distracted users into clicking.
And then an article opines on the war being waged on the social Web, asking whether we’re being set up to lose that war because spam is choking it up into an unwieldy demon that will bite our heads off it we’re not careful (my words, not the author’s). In the article, Molly McHugh points out that social spam has risen 355 percent in the first half of 2013, a figure that should scare the bejeebers out of any network admin whose organization uses Facebook, Twitter, Google+, LinkedIn, or other social media vehicles as a routine part of its business operations.
So what’s it all mean? Well, email spam is still alive and well, although based on who you read and when, you might think otherwise. Spam emails are different now, for the most part. They use different tactics that are sneakier and sometimes in the case of phishing emails, more believable. They’re more heavily laden with malware, in the hopes that unsuspecting users will click malicious links. Spam email is also being used as a distraction from a simultaneous security event. And don’t dismiss the evil of ‘legitimate’ spam as an ongoing headache.
SMS spam is nasty stuff, because it feels like a personal violation when SMS spams arrive on your phone, and because if you don’t have a texting plan, it costs you and there’s nothing you can do about it. Social media spam continues to rise in numbers and nastiness, and let’s not forget the good old home phone, perhaps the ultimate violation of one’s privacy.
The point here is that spampaigning – the use of multiple delivery mechanisms for spam – is probably something we’ll have to live with for a long, long time. It’s not a stretch to imagine that the spammers – the criminals – are utilizing multiple methods to commit their crimes. Why wouldn’t they? Apparently, it’s quite a lucrative venture.