The World is Miffed About Spam & Phishing

Several weeks ago I got spam from an information security company about a seminar they are putting on. I did not respond; I wasn’t interested. Since that time I have received many messages, all with the same content, from various people from that organization, the tone of which really ticked me off. The following is an excerpt.

“My guess is that I haven’t heard back from you after my voicemails and emails for one of three reasons:
1) I’ve done something to offend you or your company.
2) You’re not interested in attending [name removed], and just don’t want to hurt my feelings by telling me.
3) You want desperately to attend, but are trapped under something heavy, and cannot reach the phone.
I’d consider it a personal favor if you’d let me know if the problem is one of these, or something I didn’t think of.
If it’s #3, reply to this email and we’ll send Roscoe, our office St. Bernard.”

I got this exact same message around 6 times from 3 different people at this organization…and I have never received any voicemails from any of them as the message states. A good security organization should know better than to send this type of spam, as well as to make blatently false statements.
They may have thought this would come across as simply humorous, but it did not; it sounded more sarcastic and condescending with each time I received it, not only to me but to some of my information security practitioner colleagues who also got the same message multiple times.
Norman Vincent Peale would tell these folks that this type of message is not the way to win friends and influence people.
So, I thought I’d look at the news about spam to see if I saw this particular company listed, and instead it was interesting to see how widely throughout the world the topic of spam and phishing is in the news. There have been many just in the past 24 hours.
* From the Daily Yomiuri in Japan: “Time to crack down on spam e-mail.”
A few excerpts…

“We can no longer tolerate unsolicited spam e-mail rife with suspicious content sent to personal computers and mobile telephones. An expert panel established by the Internal Affairs and Communications Ministry on Tuesday complied a draft of an interim report on dealing with such spam.”…
“”Under the current law, sales and mailing companies are allowed to send e-mail for advertising and publicity to an unspecified large number of people without any prior agreements from the recipients, as long as the messages are labeled as “unsolicited advertisement.” But if the recipient notifies the company that he or she does not wish to receive any more such messages, the company is required to obey that request. According to the Economy, Trade and Industry Ministry, less than 1 percent of advertising e-mail is actually labeled “unsolicited mail.” Even if they are labeled, more than 80 percent of such messages do not contain any address to which a recipient can ask not to receive further e-mail.”…
“About 90 percent of spam e-mail is sent through overseas servers, such as those in China, to recipients in Japan. Overseas spam should not be left unregulated by any means. As the communications ministry’s panel pointed out, it is crucial for Japan to cooperate with other nations in weeding out illegal activities using spam e-mail.”

* From IT Week in the U.K.: “Anti-spam firm blasts US on phishing record
A few excerpts…

“ClearMyMail has said for some time that phishing emails are predominantly coming from the US, estimating the figure at 54 per cent of all such emails. Spain is the second biggest culprit at 3.8 per cent, followed by Germany at 2.9 per cent and Korea at 2.8 per cent. France comes in fifth at 2.7 per cent, followed by China at 2.7 per cent, Russia at 2.5 per cent, Japan at 2.2 per cent, Uruguay at 1.8 per cent and the UK at 1.4 per cent.”…
“Dan Field, managing director of ClearMyMail, said: “But when you see that the US is top of the poll, and you take into account all the tools at its disposal for ridding the world of these criminals, I cannot help but feel disappointed that Americans are not doing more to prevent this happening.””

* From PCWorld in the U.S.: “New Spam Attack Delivers MP3 Attachments Pitching Stocks
An excerpt…

“The audio spam stock pitches are for a Canadian company Exit Only which runs the Web site Text4Cars.com. The audio message in all instances are the same and appear to be spoken by a woman with a British accent.”

* From IDM in Australia: “ATO Warns of Phishing Threat
An excerpt…

“The spam email began appearing in inboxes earlier this week and is quite similar to another attempt back in June. The email uses the Tax Office logo and the words ‚ÄòAustralian Taxation Office ‚Äì Notification‚Äô or ‚ÄòAustralian Taxation Office ‚Äì Please Read This‚Äô or similar in the subject line to dupe users into clicking through to a bogus. From here, users are encouraged to enter their credit card details and other personal information in the guise of receiving a tax refund.”

* From Portal IT in Romania: “Don’t Let Elvis Be Your Broker. You Won’t Like The Music
An excerpt…

“The mail delivering the attachment reads: ‚ÄúHello, this is an investor alert. Exit Only Incorporated has announced it is ready to launch its new text4cars.com website, already a huge success in Canada, we are expecting amazing results in the USA.”

* From the Daily Times in Pakistan: “It’s raining money!”
And many more that I did not wade through.
Meanwhile, Commtouch reports “Spam levels hit new high in Q3 2007
According to the report, 95% of ALL email in Q3 2007 was spam.
Earlier this week it was widely reported that Jeffrey A. Kilbride and James R. Schaffer were each sentenced under the CAN-SPAM Act to serve over 5 years in prison in addition to being fined $100,000 each, ordered to pay AOL $77,500, and must foreit over $1.1 million they made from their international pornographic spam operation.
The FTC has been applying CAN-SPAM penalties since April 29, 2004.
While there is more spam than ever, it is at least good to know that spammers are being significantly penalized when tried within the U.S.
I wonder if ClearMyMail realizes that no one in the U.K. has yet been convicted for spamming even though they have had an anti-spamming law similar to CAN-SPAM since 2003.
It appears more can be done by all governments worldwide, doesn’t it?
And by the anti-spam product vendors, since that is their specialty.
And more awareness could be provided by not only businesses to their personnel, but also certainly by vendors who sell anti-spamming and anti-phishing products.
If the vendors would help to educate their customers about spam and phishing schemes in addition to just telling them that all spam and phish will be stopped by their product, like many do, then it would also help to address the problem.
The ClearMyMail site claims their product is “The worlds only 100% guaranteed spam blocker
From the lack of any spam education material on the ClearMyMail site, it is disappointing that the vendor is not doing more to educate their fellow UK citizens, considering the large amount of spam the organization indicates pilfers their country, and since there has been no enforcement of the UK anti-spam law.

Tags: , , , , , , , , , , , , , , , ,

Leave a Reply