In Q3 2011, the percentage of fraudulent emails in spam traffic increased twenty times, rising from 0.1 per cent last quarter to 2 per cent of all spam traffic in Q3. The quantity of fraudulent messages is striking, but so is the variety of social engineering techniques deployed.
On one level, attackers used tried-and-trusted tricks, sending email offers on behalf of online games to steal usernames and passwords, or fake notifications from major organisations which then link to a phishing resource. Multi-stage attacks on a new level are now becoming more common.
In cybercrime's mug sheet of top offenders, the "Dirty Dozen" of nations responsible for relaying spam now includes five Asian nations, including South Korea, which had the biggest increase to become second only to the U.S.
As compiled by senior technology consultant Graham Cluley for Sophos' Naked Security blog, the list shows how Indonesia, Pakistan, Taiwan and Vietnam have stepped into notoriety since the fall of 2010.
The “Spear phishing” attack responsible for the RSA network breach network in March demonstrated that e-mail remains the weakest point in enterprise security. Even when spam filtering systems that block a majority of incoming malicious and just plain annoying e-mails, the sheer volume of spam that still gets through presents a huge potential route for attackers to exploit. Now, one mail filtering company is offering a guarantee that it will block at least 99 percent of incoming spam—except if you happen to be Google, Apple, Facebook, or AOL.
NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.
Because the NHS Direct service is well-known in the UK for providing health advice, it's possible that some followers might have thought that the link was genuine, and clicked on it.
Fortunately, Twitter is now identifying the webpage pointed to by the shortened link as "potentially harmful", but anyone who had clicked would have been taken to a bogus news website promoting an Acai Berry diet:
You're never going to get free airline tickets simply by clicking a link on Facebook and accepting a third-party app — not from JetBlue, not from Delta Airlines, and not from the latest airline name to be abused by social network scammers, Southwest Airlines.