Financial E-mail Spam Skyrockets

As the economic crunch deepens, spammers are working harder to relieve people of their money – antivirus vendor MessageLabs reports that finance-related spams in the first seven days of the year more than trebled year over year. MessageLabs is part of security vendor Symantec (NASDAQ: SYMC) which bought the firm last October for $695 million.

Where these spams made up 3.1 percent of all spam in the first week of January 2008, they constituted 10.2 percent of all spam in the first week of this year. These phony email spams have subject lines congratulating recipients on winning a lottery, for example.

In a related development, 419 scams, which are e-mails from senders in Nigeria seeking to fleece their recipients, often by claiming the senders have millions of dollars in bank accounts they cannot get to and offering the recipients access to those accounts in exchange for money, have become more sophisticated, said MessageLabs.

The growth in finance-related spams began during the credit crisis towards the end of last year, according to the MessageLabs 2008 annual security report, available here.

This year is expected to be a bonanza year for cybercriminals, as governments are kept busy grappling with economic issues and economies tank during the recession.

“Spammers, particularly these spammers, are taking advantage of the poor economic climate, because people are desperate,” Matt Sergeant, senior anti-spam technologist at MessageLabs, told “They’ve also built up the capabilities to send more stuff.”

Such spammers tend to use hacked Webmail accounts, either cracking somebody’s password and using that account, or creating several free Webmail accounts on Google’s (NASDAQ: GOOG) Gmail, Yahoo’s (NASDAQ: YHOO) Yahoo Mail and Microsoft’s (NASDAQ: MSFT) Hotmail services, Sergeant explained. “We’ve seen a rise in the number of fake Webmail accounts being created on all these services,” he added.

Exploiting weak passwords

Earlier this month, spammers helped push Google to Number Three on the list of the top 10 world’s worst spam problem networks run by international non-profit spam fighter The Spamhaus Project. Google has since redressed those issues and has been taken off the list.

Gmail users tend to use weak passwords so hijacking their accounts is relatively easy, and cracking Yahoo Mail is not too difficult either, as Tennessee college student David
, who has been indicted for hacking into then vice presidential candidate Sarah Palin’s account, found.

Meanwhile, the 419 spam messages have become more terse and better constructed, now requiring recipients to reply to them for additional details on monetary transactions instead of laying out all the information in the body of the e-mail.

That is because the number of 419s is increasing, Sergeant said.

He predicts that the number of financial-related spams will level off and remain at about 10 percent of all e-mail because it is difficult to send as they are all manually typed in.

News Around the Web