Hate spam all you like. Despise spammers even more, but you have to admit that they’re resilient and darn it all, they’re downright wily. You’ve probably seen it all in the bowels of your server rooms, spam filters full of some of the worst stuff these jerks can throw at you. Most days, you probably feel like you need a shower every time you review it. You’ve committed to memory every stunt, every devious little attempt to circumvent, every clickable bomb, as a what not to do manual for the righteous. You’ve seen it all and you know it all. But do your staff?
It’s a safe bet that most of us are so busy dealing with the day to day mundaneness of life in the modern Orc forges known as IT departments, that we don’t really stop to consider just how well-armed our front lines are. Remember, one errant clicker may open up your network like a broadsword cutting down a soldier and opening the line for the enemy to enter.
So how many of you actually have a spam tactics manual? Hopefully, you’ve all answered in the affirmative, but of all the information that new employees receive on their orientation day, it’s a safe bet that they are sadly lacking in some fundamental training that could mitigate serious threats to the organization.
In fact, as we speak, new spam attacks are rampant, and they’ve become even more devious than ever. They’re so good, in fact, that it’s a cinch they’ll make it through the best spam filters. And to the untrained eye, they could be the click-candy that spells out devastation for you and your organization. And, if what we hear is true, things are getting much worse. These are serious enough threats that it merits a general staff sitdown, if you haven’t had one recently. There are new threats occurring every day, so hopefully this article will be a primer that you can use to implement your organization’s spam tactics manual.
Here are a few going around that have raised an eyebrow or two over here:
LinkedIn spam exploit
Comment: it’s shockingly simple in implementation and extremely difficult to block
Subject: “Join my network on LinkedIn”
Why it’s dangerous: The message looks good enough to pass the first blush, and the randomized naming of senders makes it difficult to flag with any consistency. Clicking any of the fake links in this message take you on a malicious magical mystery tour
Facebook photo scam
Comment: Preys on people’s vanity
Subject: “[Name] added your photo.”
Why it’s dangerous: Randomizes sender names. A quick scan of the message doesn’t raise any flags. Clicking the fake links will
How can you and your end users fight this stuff? Easy. Get them together and educate them. Show them how clicking can be a very, very bad thing, and what to look for. Develop a spam tactics manual and give someone in your IT department ownership over keeping it current.
Here’s what we know so far
- We’ve known for some time that most spammers have left the rancid fields of scattershot spam – where you open fire with mass mailing attempts, in effect playing the numbers game and assuming that, the more spam that gets sent, the better the odds that it will reach someone dim-witted enough to click
- We also know that their attacks have become more focused, often identifying specific targets and learning personal information about them before striking
- We know that their attacks are multi-tiered, opting for the addition of social media and SMS smartphones to spread the evil
- For some time, we’ve known that there’s a purpose behind the dumbness found in many of the modern spam messages
- We know that they take advantage of key milestones, like holidays and other events that provide a distraction to users that makes them even more vulnerable
- We know they’re getting smarter, or at least their tactics are
- And we know that what’s around the corner is nasty, the kind of nasty you can’t wash away with a thousand showers, and perhaps the worst thing we’ve ever seen
- We also know the unfortunate role that marketers play in the spam war, like a million troops rushing the battlefield in the belief that they can help their allies; but, not quite certain which one is the enemy, they start killing everything in their path
- Finally, we know that more and more spam campaigns are targeting Android and iOS Why is this bad? Simple: more and more companies are implementing BYOD policies, which makes personal smartphones a perfect attack vector for hackers who want to get inside corporate networks