BLOG

I parked the car this morning and was muttering under my breath in complete annoyance. Why you ask – well we’ll get to that. But what really begins to push my buttons even more and tip me over the edge, has to be when I arrive at work and sit down in front of my computer and begin to work my way through emails only to be greeted with copious amounts of spam. It doesn’t matter how good the filter is, it just manages to sneak in there like the kids raiding the wallet for coins.

Email Spam. It is the bane of everybody’s Inbox. Even though spam traffic is down year on year since a peak of 97% in 2009[1] the Spammers are still finding more and more sophisticated ways to get around Spam filters. In email alone, spam equated for 59.2% in the first quarter of 2015[2] (down from 65% in the last quarter of 2014[3]). If interested, review the following articles that look in to how spammers are adapting their activities based on domain shifts and patterns of spam. Just be thankful, that we don’t live in Brazil!

• Spam and Phishing in the First Quarter of 2015
• Spam Traffic May Be Down, But It’s Still The Greatest Online Security Threat For Business

But for all the education, alerts and communications that are undertaken in the office, over the net and in the media, it just seems like it will never go away. And it is the ignorance and the trust that these operators depend upon in order to sneak into your inbox and cause a variety of emotional and financial distress.

The ongoing saga
There are multiple ways that spam and scams are hitting New Zealand shores, businesses and personal inboxes.

If you want to educate yourself on the current (and some of the previous types) of emails that are infiltrating our inboxes the Department of Internal Affairs provides a record of the reported types of emails in circulation – on a monthly basis! In the month of August, they have already noted 8 different types of scams currently operating.

So what types of spam and scams exist and why are they dangerous?

A fairly broad definition that we’ll look into in more detail.

The emails that are selling something
Let’s start with the unsolicited emails that we may receive from ‘legit’ business attempting to sell products and wares. These can be both found in our inbox and those filtered into your junk inbox. They’ll be selling anything from love to Viagra to ball bearings to website development and digital marketing services!

In fact this morning I arrived to five of these in my inbox. And the funny part – four of these are web development and SEO companies. Seriously, they need to check who they are spamming!

I’m sure you can all provide at least two instances where you’ve probably received an email from an Indian-based search marketing business who promises that they can put you on the first page of Google – if not number one itself. Beware – this is a scam! It takes time, effort and resources to do this – not a one-off payment where you’ll be lucky to hear from the business again.

Example email of a seller:

Why attempt to sell this way? Unfortunately the financial turnover from spam emails is thought to range into the billions per year, hence the appeal for the less scrupulous operator. Terry Zink, the author of "How much do money do spammers make?" provided an example of Eva Pharmacy – on an online pharmacy peddling Viagra, or a variant of it. How much do you think they made? US$2.4 million a month![4] And this from a pharmacy that actually includes the active ingredients of Viagra – there are plenty of other offerings that are nothing but placebo.

Well it’s safe to assume that spam will always be around when there is money to be made, and people are willing to spend it. But note, it’s not just the legitimate extortion of money through a purchase agreement. There are viruses and bots that are infecting computers and there is money changing hands without the knowledge of their owners. But we’ll touch on this shortly.

The emails that provide a link or a file to download
Of late, I have seen a number of emails come in that are along the lines of a Remittance Advice. It looks like it’s come from someone I would expect to do business with and usually will have a fairly innocuous email title and/or be of a reasonable business activity.

There is a real danger in clicking on links or opening attached files when you aren’t 100% sure of the sender. If in doubt don’t take any action and follow-up with the supposed originator of the email to confirm that they have indeed sent this.

What can result is a number of things. But what is certain is that if you have clicked a link or opened an attachment you have likely just downloaded a virus or a piece of malware that could cause you and your business a lot of unnecessary stress. Some examples of potential virus/malware practices may include:

• Keystroke recording – this is the instance where the infected software begins to capture keystroke data. Passwords, bank account details etc. are all captured and then used without your knowledge.
• The lockdown of a whole business and then holding the business to ransom for it to be released.
• Chaos. Some infections are for the sole purpose of entertainment and for the process of causing as much mayhem as possible – such as taking over your own email account and resending the malicious file to your inbox contacts, and the cycle continues.

An example of this type of email came into the inbox recently. Here it is:

 Beware clicking on that zipped folder!

The emails that say you’re in the money
Recently the boys in the office thought that I was taking them out for lunch – I’d just received word that I’d won a huge amount of money. If only.

On response to the original email, what you’ll get is that there is a hiccup in ‘releasing’ your winnings and that you are required to pay a small fee to secure the release of the funds. Guess what? Your fee to release your millions goes off shore and you don’t see a cent of your ‘winnings’. If you haven’t entered a competition and an email shows up out of the blue and it seems that the ‘offer’ is too good to be true – it probably is. Just hit the delete button.

An example of a lottery winning email:

The emails of a promise of true love and a romantic relationship
The promise of love to some individuals is a common theme that is used by scammers. With the sheer volume of emails that are sent they are sure to capture a market of lonely and vulnerable people. The elderly are particularly at risk as they are not generally wise to the ways of the scammers.

A long term scam where the other party builds trust and lures the victim into a state of love (and blindness) usually starts with the request for small amounts of cash to help out with everyday items before the ruse elaborates into scenarios where vast sums of money are required to ‘help’ the other party. Some examples include: [5],[6]

• Help cashing a cheque that they are unable to cash themselves.
• Claiming to be wealthy and asking for help transferring a large amount of money out of their country
• Asking for financial assistance to help them out of a difficulty they are having. 
• They’ve landed in a hotel and now cannot pay the bill so the hotel is holding all their papers and they cannot leave.
• They are desperate to come to you but need your help with the money to manage that.
• They were mugged and are in the hospital and need you to pay their hospital bill as they are being held hostage until it is paid.

Red flags include poor English – spelling and grammar, vague or repetitive correspondence (often scammers copy and paste from a script), a feeling that some things just don’t seem to add up, and requests for money through Western Union.

Phishing
Much like fishing – it’s all about the bait! At times you have probably been a victim of a phishing scam without even knowing it.

“Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.”[7]

The easiest way to explain this is to show it. Most phishing emails stem from imitation bank correspondence. You’ll receive an email branded with Bank branding and it looks fairly legit.

ASB provide the following example of a phishing email targeting their customers.

As you can see it looks relatively formal – but that link you’re about to click on takes you to a replica website that looks exactly like the bank (but it’s not). As you attempt to login with your username/account and your password what is actually occurring is that these details have now been stolen by the phishing email owners. They will then use your details to remove funds from your account without you having been any the wiser.

The New Zealand Police indicate that by “hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to five percent of recipients to respond to them”.[8]

Banks do not generally send email correspondence, and if they do, they will never provide a link like the above. A quick method to determine whether it is legit is to hover over the link – if the address that appears is not part of the bank’s domain name – delete the message immediately.

Other scams
Aside from email spam and scams there are a number of other potential scam ‘themes’ out there including purchasing scams, mystery shopper scams, donation scams, the ‘FBI’ Beneficiary scam, Passport Scan Copy scam. You can refer to the Department of Internal Affairs for additional information on these types of scams.

Another scam of interest in the field of Digital Marketing, is Click Fraud. Click Fraud is a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising (such as Google AdWords or Bing Ads) when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link. Not a scam per se, but a process of circumnavigating the goodwill of advertisers (and competitors).

As you are likely to be aware, Google AdWords, for example, is Google's advertising platform that allows advertisers to bid on certain keywords in order for their clickable ads to appear in Google's search results.  The business pays a fee to Google every time someone clicks on their advert.

Click Fraud often occurs in very competitive industries. It’s a form of one-upmanship that allows businesses to out-do their competitors and is an extremely quick way to degrade someone’s marketing budget! Thankfully though Google take ‘ad traffic quality’ very seriously and strive to look after their advertisers by employing a number of techniques to ensure that this type of activity is detected and dealt with.

Spam & Staying Safe
My two recommendations for you are:

1. Make sure that your email filters are working as effectively as possible.
   If you require the services of a specialist to set this up, it has to be money well spent – just think if you received 20 spam emails a day and it takes 30 seconds to a minute to read each – you’ve already lost 10-20 minutes of the working week.
   
   We employ the services of Apache’s Spam Assassin on our mail servers to ensure our clients are not adversely affected by Spam. Some of our higher profile clients that have increased volumes of email traffic also utilise SMX Email Scrubbing as a backup when tightening the Spam Assassin rules aren't effective.
   
   
2. If it sounds too good to be true, then it probably is. 
   If you’re a little gullible, run an email past your colleague before taking any action, and if the email looks suspicious – it probably is. If you know the sender – check with them that they actually sent you an email with an attachment or link before accessing these. Err on the side of caution and don’t become a statistic. Remember that not all spam and scams are about money – some are about sheer sadistic behavior, just the ability to inflict as much harm and chaos as possible.

So back to the rant at the start of the article. What got me so flustered and annoyed? Parking space and inconsiderate city peers – surely you park in a manner that actually allows more vehicles to actually fit in the designated parking area!

So annoyed I even got the phone out to take a photo!

That’s about 5-7 metres of additional parking space that only a swarm of scooters could utilise.

Anyway, rant over. Annoyance averted.

Image Sources:

1. Spam sourced from TheEmailAdmin
2. Fishing in Big Pants, by Michael Coghlan, CC BY-SA 2.0
3. Money Hand Holding Bankroll Girls February 08, 20117, by Steven Depolo, CC BY 2.0

Citations:
[1] http://thoughtreach.co/spam_worth/
[2] https://securelist.com/analysis/quarterly-spam-reports/69932/spam-and-phishing-in-the-first-quarter-of-2015/
[3] http://www.interworx.com/community/spam-traffic-greatest-online-security-threat-business/
[4] http://www.theemailadmin.com/2012/04/show-me-the-money-the-economic-realities-of-spam/
[5] http://www.romancescams.org/
[6] http://www.consumeraffairs.govt.nz/scams/scam-types/dating-and-romance-scams
[7] http://searchsecurity.techtarget.com/definition/phishing
[8] http://www.police.govt.nz/advice/email-and-internet-safety/internet-scams-spam-and-fraud