Subject Lines Spammers Can’t Resist

Spammers often change their subject lines in a bid to escape detection and filters. But there are some tried, tested and true subject lines they keep returning to again and again.

For this week, PayPal topped the list of top spam subject lines, being used in three of the top 10. HSBC Bank Canada came in second with two, according to research from anti-malware vendor

In terms of the subject matter of spam, gift giving for Christmas is the spammer’s best friend. The clear leader is spam for products and services, accounting for 38 percent of spam received, according to McAfee.

“Considering the time of year, that’s not surprising,” Dave Marcus, security research and communications director of McAfee Avert Labs, told Spammers tend to rev up their efforts around special occasions such as the Olympics and the major holidays.

Billing-related e-mails accounted for two of the top 10 subject lines in e-mail, and the list was rounded off with one message each for two types of alerts, and one Spanish-language e-mail subject.

However, subject lines change over time as spammers adjust to the market, its targets and as antispam software gets familiar with existing subject lines.

Listing by subject, Russian-language spam accounted for 29 percent of spam received, and advertisements came in third, at 16 percent. Despite the bad economy, financial spam accounted for only two percent of spam received.

Spam for products and services talks about specific products or services, as compared with advertising spam, which is more general, Marcus said. “We’re seeing a lot of stuff that’s product- and service-centric, so we’re breaking that out into its own category; a year ago we probably wouldn’t have been able to do that.”

The amount of spam sent in Russian has increased this year because more Internet-related activity is coming out of Russia, Marcus said.

McAfee also wants end-users to be wary of holiday season scams. They include charity phishing scams, holiday e-cards, fake invoices, purported new friends on social networking sites like Facebook, and holiday search-related terms.

Just say no

For example, if you get an e-mail from the Salvation Army, the Red Cross, or any other charitable group asking for donations, do not click on the link in the e-mail, McAfee warns. Instead, go directly to the organization’s Web site to donate.

Or, you may get an e-card or worse yet, an e-mail purporting to be from Hallmark asking you to download an attachment to get to your e-card.
Remember Nancy Reagan and just say no.

And triple check when you see an invoice or waybill in your e-mail.
Spammers are trying to cash in on the online shopping trend, sending fake invoices or waybills from one of the courier companies or the U.S. Customs Service, McAfee said.

These e-mails ask recipients for their credit card information so their account can be credited, or require the recipients to open an invoice or customs form to receive the package. Doing so will download a Trojan or other malware.

If your popularity goes up during the holiday season, be careful. Social network users will get an e-mail telling them they have a new friend. When they click on the notice, instead of their getting to their social network, they will download malware that will steal their personal and financial information.

Then there is the lure of free stuff. You can download lots of free stuff off the Internet for Christmas, some of which may contain adware, malware or spyware. Search terms include ‘Free Santa holiday screenserver,’ ‘free holiday screensaver,’ ‘free Christmas screensaver,’ ‘free holiday downloads,’ ‘free Christmas tree download,’ and ‘free Christmas wallpaper.’

Other potentially dangerous free downloads are Santa wallpaper, Santa screensaver, Santa ringtones, and Santa downloads.

Security experts say the bottom line is this: If it sounds or looks too good to be true, it probably is. And to remember that there is no such thing as a free lunch. Someone has to pay, somehow, somewhere, and they hope it won’t be you.

News Around the Web