Spam & Phishing in 2017 – Part 1

Spam & Phishing in 2017 - Part 1

Figures of the year

  • The share of spam in mail traffic came to 56.63%, down 1.68% against 2016.
  • The biggest source of spam remains the US (13.21%).
  • 40% of spam emails were less than 2 KB in size.
  • The most common malware family found in mail traffic was Trojan-Downloader.JS.Sload
  • The Anti-Phishing system was triggered 246,231,645 times.
  • 9% of unique users encountered phishing

Global events in spam

Spam emails that mention the hottest topics in the world news agenda are a permanent feature of junk traffic. This trend has been observed for several years and is unlikely to change any time soon. Natural disasters in 2017 (hurricanes Irma and Harvey, the earthquake in Mexico) were a gift to fraudsters. “Nigerian” scammers bombarded mailboxes with messages asking for assistance in obtaining the inheritance of deceased relatives and donations for disaster victims, etc. Natural disasters were also a common theme in advertising spam and emails offering jobs and loans.

Sporting events are another favorite topic of spammers. The most popular — and most mentioned in fake giveaway messages — are major soccer competitions and the Olympics. Back in 2016 we picked up emails citing the FIFA 2018 World Cup, and the following year their number increased, with the format and content unchanged. Typically, such emails say that during such-and-such lottery, supposedly held by a well-known organization, the recipient was randomly selected among a million others as the winner of a huge cash prize. Besides money, scammers sometimes promise tickets to competitions. The details are usually outlined in file attachments using official competition and sponsor logos.

The “Nigerian” scammers often refer to famous figures. Presidents and other political VIPs are especially in demand. In 2017, one of the most popular figures for fraudsters was US President Donald Trump.

We predict that in 2018 scammers will continue to pay close attention to world events and famous figures so as not to let slip the chance to squeeze ever more money and personal info out of gullible victims.

Cryptocurrencies in spam

Throughout the year we wrote that cryptocurrencies had gained a foothold in advertising spam and fraudulent mailings: all the numerous “Earn from home” schemes, financial pyramids, fake lottery wins, and phishing scams, etc., seem to have been updated and given a cryptocurrency makeover. Let’s try to systematize the various types of cryptocurrency-related spam.

Seminars

As major conferences and seminars are held on blockchain technology, spammers are making increasing use of this topic for their own purposes. The seminars advertised in their mailings don’t overload users with technical details, but promise to teach them how to extract eye-watering profits from cryptocurrencies. Such mailings are relatives of “traditional” spam on the topic “How to make a killing on the stock exchange.”

Financial fraud

A specific type of cryptocurrency fraud relates to fake “cloud mining” services. Such services hire out the mining power of their own specialized data centers. Fake sites offer similar services, but on paying up, the user receives neither mining power nor their money back. The crypto version of the classic pyramid scam warrants a special mention: the user “receives” mining income until they enlist other victims (for which there is also a reward). But sooner or later the cash flow stops, and the original investment is not repaid.

Sites masquerading as cryptocurrency trading platforms operate in a similar manner. The crucial difference between them and real exchanges is that money can only be invested, not withdrawn. Revenue usually “grows” very quickly, stimulating the user to invest more funds.

More subtle are binary options brokers (and their fake counterparts).

Another type of cryptocurrency fraud is fake services offering to exchange one currency for another, or convert it into “real” money. Scammers lure victims with favorable exchange rates, and then make off with the cash.

Spam is very often used for this kind of fraud because it gives what all scammers crave — anonymity.

Malware

CryptoLocker, whose creators demanded payment in bitcoin, was found in spam far less often than in 2016. At the same time, new capabilities such as stealing passwords from cryptocurrency wallets and mining were added to spam-distributed malware.

What’s more, a host of malware was distributed in spam under the guise of bitcoin mining tools or trading instructions.

Address databases

Targeted address databases advertised through spam were updated with the email addresses of cryptocurrency users, putting the address owners at risk of a targeted attack (for example, phishing as mentioned above).

Like other hot global issues, cryptocurrency is set be a recurring theme in spam for a very long time to come. And given the juicy rewards on offer, 2018 can expect to see growth in both fraudulent and phishing “cryptocurrency” spam.

America and targeted business spam

In the US, the law governing the distribution of advertising messages operates on the opt-out principle. Accordingly, users can be sent messages until they explicitly unsubscribe from the mailing list in question, for which a link must be provided. The CAN-SPAM Act stipulates many other legal requirements for mailings. The legislation demands that the message body match the subject in terms of topic, there be no automatic collection of addresses, the advertiser’s physical address appear in the text, and much more.

Using the opt-out principle, many small, and sometimes not-so-small, companies send out promotional materials to people who have not subscribed to them. A legal gray area arises from the fact that even if spam-mailing companies are physically located in the US, the emails are distributed worldwide, and most countries operate an opt-in policy, requiring the prior consent of recipients. In other words, some countries at the legislative level consider mailshots to be spam.

A trait of business spam is its very narrow targeting of companies operating in specific areas. Oftentimes, mailings are not directed to the company as a whole, but to people with certain job titles.

Malware and the corporate sector

The number of malicious spam messages in 2017 fell 1.6-fold against 2016. Kaspersky Lab clients registered a total of 145,820,119 triggers of Mail Anti-Virus throughout 2017.

This drop is due to the unstable operation of the Necurs botnet: it mediated the spread of far fewer mailings, and in Q1 2017 was completely idle. Malicious mailshots sent via Necurs were short, not personalized. They were used to try to install cryptolockers from the Locky family on recipients’ computers.

In general, 2017 was marked by a large cluster of malicious, but well-crafted emails, containing fragments of business correspondence matching the company profile, plus the full details of the organizations in whose name they had been sent. The messages were not mass-distributed, but most likely targeted. Based on the target domain names, it can be assumed that the attackers were primarily interested in the corporate sector, while the tactic of citing previous messages of the addressee suggests in some cases a Business Email Compromise-type attack. Malware downloaded onto the victim computer most often had functions for collecting detailed information about the system and its settings (as well as passwords, keystrokes, etc.), and then transferring this data to a remote server.


 

About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditations from the world’s leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.

Leave a Reply

Your email address will not be published. Required fields are marked *