News

Spammers Exploiting the Recession

• By Stephen Swoyer
• March 31, 2009

"With economic concerns mounting across the globe and intense media coverage of the downtown, it is clear that spammers believe that economic spam is a useful vehicle -- a dark cloud that for them holds a silver lining," said the March 2009 "State of Spam" report from Symantec Corp (available here).

Symantec's monthly "State of Spam" reports provide a breakdown of all spam activity during the previous month. The latest report paints a particularly dismal portrait of spam activity, with spammers tweaking their messaging to better exploit recession-related fear, uncertainty and doubt (FUD).

Spammers don't even have to be particularly creative, said Symantec researchers. In the current climate -- with the world in the midst of the biggest economic panic in 80 years -- FUD-mongering isn't all that difficult, they concluded, citing a sharp uptick in employment-related spam.

"Recipients of these messages are often asked to provide personal information such as first and last name, ZIP code, cell phone number, home phone number, work phone number and age," the report indicated.

Not all FUD-mongering spam is unimaginative, of course. Some spammers are even recasting rejection -- in the form of the classic employment rejection letter -- into opportunity. "[A] spam message has been observed recently which targets one of the downsides to looking for a job -- the rejection letter. In the particular spam message observed, the messages states that 'Unfortunately we have to inform you that your qualifications and experience does not fit the position you applied for,'" said Symantec researchers.

In several cases, this scam uses ostensibly legitimate URL links -- pointing, Symantec said, to well-known headhunting or recruitment firms -- to burnish its air of legitimacy. Recipients are encouraged to double-click on an attachment, which contains a hacktool. "If human curiosity prevails and the recipient opens the attachment, the user's system becomes the subject of an attack from the Hacktool.Spammer malicious virus. Hacktool.Spammer is a program that hackers use to attack mail boxes by flooding them with e-mail. It can be programmed to send many e-mail messages to specific addresses."

Spammers are also using phony e-mail messages purporting to be from the Internal Revenue Service (IRS) -- such attacks typically invite users to submit "Economic Stimulus Payment" forms -- or using e-mails claiming that "Economic Stimulus Grants are now available."

That said, financial spam actually decreased in February, according to Symantec, dropping from 12 percent to 11 percent of all spam activity. On the other hand, all-purpose fraud increased, growing from 4 to 5 percent of all spam activity.

Other spam sectors that saw growth were Internet-related (up 8 percentage points) and leisure-related (up 7 percentage points). The United States continues to lead all other countries in the production and dissemination of spam, accounting for 25 percent of all spam activity in February (that's up 2 percentage points from January); Brazil is second, globally, at 9 percent (down a single percentage point from January); India rounds out the Top 3 at 5 percent (up a single percentage point from January).