Holidays and other notable events bring out the spammers like ants at a picnic. Security companies and IT departments consistently report a large increase in malicious email during shopping seasons like Christmas or important world events like the Brexit vote last year. At the end of 2016, Barracuda detected a large increase in spam–fake UPS and FedEx messages and fake confirmation emails from online shopping sites all over the world.
This data was pulled from Barracuda Central, our 24×7 advanced security operations center that continuously monitors and blocks the latest Internet threats. Barracuda Central collects data from more than 150,000 collection points worldwide and analyzes it to determine patterns and develop defenses. This technology gives us insight to traffic and threats all over the world.
Cyber criminals love their spam. It’s relatively cheap and easy to send hundreds of thousands of email messages across the globe, and it will turn a profit if the right messages get in front of just a few of the right targets. During the Christmas season, criminals like to lure users in with the promise of inexpensive gifts or information about a package in transit. Unsuspecting users respond with sensitive information like user names, passwords, and financial information. Users don’t even have to type anything in to give the criminals something to work with: merely clicking “unsubscribe” will prove to the criminal that your email address goes to a real person. That criminal will continue to use your email address, or sell it to others. Your “unsubscribe” request is ultimately just an invitation to send more spam.
Capitalizing on holidays, events, and news trends is nothing new for spammers, even when it is distasteful. They’ve been known to use natural disasters and even the passing of Robin Williams to lure victims into their traps. When the public shows interest in a topic, the spammers get to work.
How it works
It’s clear that spammers have a keen eye for what the public is looking for in the news, and they are able to quickly capitalize on these trends. Once they’ve identified a trend or topic, they craft a message that should appeal to the target audience. If this is a massive spam or phishing campaign aimed at the public, you could see any number of traps:
- A malformed URL that takes you to a fake website hosting a malicious download or a web form / phishing tool.
- A malicious attachment that contains a virus or malware to add your system to a botnet.
- A link that will take you to a site where you can make a legitimate purchase from someone looking to sell or use your details for other purposes.
- A well-constructed email message that convinces you to send money to a friend or colleague.
There are so many scenarios that we can’t possibly cover them all.
Once the criminals have your information, they will sell it, re-use it, or both, until long after it ceases to be of value.
Upcoming bursts of spam
Based on what we have seen in the past, we can expect to see a surge in spam and phishing again, starting with Valentine’s Day. Spammers and phishers never miss an opportunity to lure victims to fake sites with promises of chocolates, flowers, and other Valentine-themed gifts at a very low cost. Victims who purchase these gifts may be downloading an exploit kit, giving up personal information, purchasing gifts that will never arrive, or any combination of these crimes and more.
The months leading up to the US tax filing deadline of April 15 is another period of time when we can expect an increase in malicious email. The spam you see during tax season often lures victims with promises of tax rebates, tax forgiveness, or even offers of employment in a tax processing related field. Most of these scams will have been seen before, but there are always new victims to be found.
Protect your business
The beginning of the year is a great time to take a look at your email security strategy and evaluate your position. Are you as safe now as you were last year? Are your users in the strongest possible position to defend themselves? Is your infrastructure at its best to defend your business?
If you find this to be an overwhelming task, break it down into smaller chunks. Let’s start by evaluating your overall email security strategy with just a few questions:
- Is your email security gateway or in place? Do you have an update or patch management program? Are you regularly checking logs and alerts? Alternatively, is your hosted email security solution configured to be as secure as possible?
- Is your endpoint anti-virus and anti-malware in place, updated, and active with real-time scanning?
- Do you archive or otherwise backup your email for disaster recovery?
When you’ve thoroughly evaluated your email security strategy, move on to your users. This is a good time to remind users to never give out sensitive information, open strange attachments, or click on links in a suspicious email. Use surveys or other methods to assess the overall skill level of your users:
- Can they recognize suspicious emails? Do they know which characteristics to look for when evaluating an email?
- Do they know what precautions to take when they are unsure of an email?
- Are they familiar with the email security system? Do they know how to report spam or use a blacklist?
- Are they aware of the latest email threats?
Based on what you learn in this evaluation and discovery process, you will want to create a plan to fill in gaps and harden any soft spots you find. Take a look at how what you learned relates to what the company will be facing in the upcoming year:
- Create an ongoing awareness program for your users. This could be as simple as a regular email that explains the latest threats and how to respond.
- Think about scalability. Will your solutions be able to grow or change with your needs? Is your current deployment sustainable?
- How quickly can you recover your email system from a disaster? Will you be able to restore the messages and archives for all of your users?
- Is your email security system equipped with the latest technologies, such as Advanced Threat Detection, pre-filtering, outbound protection, DoS protection, encryption, etc.? These features go beyond spam and virus filtering, to protect you from many different threats.
- If necessary, hire a training company like KnowBe4 to provide regular training and reinforce best practices with your users.
Email is the number one threat vector and a favorite of cyber criminals across the globe. It is very easy to reach thousands of potential victims and it’s very difficult for law enforcement to find and capture the perpetrators. Profits can be very high. By taking the time to understand your current environment, and by understanding the nature and cycles of spam, you can give your company the best possible shot to remain safe from these threats.