August 26th, 2010 → 8:27 am
@ Paul Mah
One aspect of spam has to do with trickery, where users are cajoled or tricked into performing an action, usually in the form of clicking on a specially prepared URL link. While the best way to stop the proliferation of spam would of course be the implementation of a good spam filter, the inevitable junk e-mail slipping is often an inevitable state of affair.
Rather than having to sort through the mess after the fact, one way that IT managers can turn the situation around is to train non-technical staffers to complement and enhance technical methods of identifying spam. Teaching employees how to identify spam is a good idea on a few fronts, such as allowing spam administrators to better refine or tweak existing spam filters. In addition, savvy users dramatically reduce the possibility of malware being introduced through spam.
Today, I will highlight a number of current spam vectors that you can use to train your users on how to identify spam. You can of course also use these methods to better tune your spam blacklist.
- “Mail undeliverable” messages
I personally experienced a spike of such e-mails recently, which were all fortunately caught in my spam filter. Depending on specific configurations – so as not to erroneously block legitimate warnings about unsuccessful mail delivery – some organisations might inadvertently let in more of such spam. Less savvy users who see such e-mails might be panicked into rashly clicking a link in a misguided attempt to determine the problem. While it would be unreasonable to train every employee on how to read e-mail headers, it won’t be as difficult to coach them on how to watch out for bogus links embedded within such e-mails.
- Messages from popular on-line services
The shotgun nature of unsolicited mails means that spammers are drawn to masquerade as popular Web services that have a higher chance of being used by their targets. Common vectors are sites such as Facebook, PayPal, Amazon, or even iTunes. In a nutshell, messages that claim to come from these popular on-line services are then laced with links in the hope that victims will click on them.
- Nonsensical headers or text body
One popular trick by spammers is to copy or paste snippets of legitimate Web content as the e-mail header or text. Links to specific sites are then carefully embedded to trick readers into clicking them. The content of copied text can vary greatly, and I’ve seen materials from several sites combined before in a bid to bypass Bayesian filters. Users can be further confused because e-mail recipients and senders are typically spoofed.
IT managers need to remind users that if an e-mail makes absolutely no sense, it probably isn’t legitimate – even if apparently originating from someone they know.
- Death and accident involving well-known personalities
Events ranging from the demise of pop megastar Michael Jackson to the recent World Cup have clearly shown us how spammers are reacting much faster than before in an attempt to circumvent increasingly sophisticated spam technology. Spam involving current or breaking news have a far higher chance of making it into inboxes before administrators have an opportunity to react. Also, users who might have heard part of the news via other avenues are far more susceptible to read or click on any links that are given. Rather than forcing spam administrators to stay glued to breaking news, tapping into users to identify such spam is also an excellent opportunity to involve them in the fight against spam.
- HTML file attached
Most e-mail servers and spam filters now block executables by default, even if compressed within ZIP archives. However, the continued discovery of flaws in popular Web browsers have led to spammers who send HTML files containing code to exploit these vulnerabilities. Header and body text can vary as usual, but suffice to say that it usually involves something enticing such as winning a lucky draw or some unsolicited transfer of funds. Users need to know that the sending of HTML files constitutes extremely suspicious behaviour and should first be verified with the appropriate administrator.
The above list represents just some of the newer spam attempts that I’ve personally witnessed; periodical training will be necessary to keep users up-to-date. Ultimately, staffers need to know that the spam (or mail) administrator is always available to address any doubts or queries that they might have.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Five Ways to Train Your Users to Identify Spam
Tags: spam, spam gov, stop spam
