Fraudulent emails on the increase
Kaspersky Lab sees 20% increase in fraudulent spam in Q3 2011
The percentage of fraudulent emails in spam traffic increased by 20% in Q3 2011, in Q2 2011, fraudulent emails made up 0.1% of spam volume; this has increased to 2% of all spam traffic in Q3.
Spammers used a variety of social engineering techniques in the fraudulent emails, including; sending email offers on behalf of online games to steal usernames and passwords and fake notifications from major organisations which then link to a phishing resource.
Spammers also used multi-stage attacks such as messages inviting recipients to take part in a survey and win money for doing so. Users followed the link to a page with a customer satisfaction survey form and filled it in. After submitting the survey, they were redirected to a further form asking for their full credit card details in order to process the promised payment. The information is then likely to be used to clean out accounts, rather than pay out cash.
Q3 2011 saw only a slight increase in phishing emails at 0.3% of all mail traffic. The share of attacks on Facebook increased by five percentage points, climbing from fifth to third in the rating of most popular phishing targets.
For the first time ever, Kaspersky Lab saw just two banks feature in the most phished Top 10 in Q3 2011. This is because the theft of real money is more risky than stealing virtual money for phishers.
According to Kaspersky, spam levels fell steadily throughout the quarter, except for a spike in the last week of September when the share reached 82.1%.
"Despite the decrease in the amount of spam in mail traffic its content has become more dangerous. The average percentage of spam with malicious attachments reached a record-breaking high of 5.3% throughout Q3. This spike, and a similar rise in adult content spam, could be the result of the summer holiday season and the ‘second wave' of the global economic crisis. During the summer slowdown, and prompted by the uncertain financial climate, spammers look for scams that can keep them in business," says Darya Gudkova, head of Content Analysis and Research at Kaspersky Lab.
In Q3 2011, spammers deployed standard tricks to coax users into opening attachments, and used some new, more sophisticated methods. It has become common for spammers to send emails with alarming subject lines, with body text apparently encrypted and with a malicious attachment. According to Kaspersky Lab, the spammers were hoping that users would choose to open the attachment in the hope of making sense of the unintelligible email.
Overall, in Q3 2011 the average proportion of emails with malicious attachments increased by 1.17 percentage points, reaching 5.03%. As in the previous two quarters, Russian and US mail traffic carried a large proportion of malicious attachments (9.8% and 9.5% respectively). Britain came third with 7.3% of all detected malicious attachments, up 1.1 percentage points on the previous quarter.
In Q3 2011 Kaspersky Lab discovered spam emails containing links to legitimate web resources but, which carried an SQL injection. In addition, spammers continue to actively use Google cloud services to bypass filtering.
According to Kaspersky Lab, more and more spam is coming from developing countries. India (+0.7 percentage points), Indonesia (+4.7 percentage points) and Brazil (+0.8 percentage points) were the top three sources of spam.
In Q3 education-related spam went down sharply (-39.9 percentage points) compared to the previous quarter. There were also declines in other categories of commissioned spam, such as Travel and Tourism (-4.3 percentage points) and Other Goods and Services (-1.6 percentage points). There was a growth in distributed via partner programs: Medications and Health-Related Goods and Services, and Adult Content spam.