Spam levels have been soaring in the last six weeks, with both CommTouch and Kaspersky Lab reporting massive surges in volumes of the unwanted - and often infected - emails.
According to Simone Leyendecker, a corporate manager with CommTouch Germany, the firm's research division actually spotted a significant uptick in spam volumes around 90 days ago - but since December 10, many campaigns have been recycled and sent as a Christmas-themed email, featuring subjects such as “Letter from Santa For Your Child.”
The main Christmas campaign, she says, previously centered around dubious offers providing unbelievable deals on numerous products, as well as notifying recipients that they had allegedly won a prize, asking them to answer a few questions and provide a physical address. Those who responded, she adds, unknowingly signed up for costly newsletters or services.
With the Christmas campaigns, she went on to say, the cybercriminals simply altered their social engineering to focus on Christmas by soliciting orders for “the perfect gift for any child” – a letter from Santa postmarked from the North Pole.
This revised approach, she said, is a clear example of how these criminals re-purpose an existing spam campaign by maximising the power of time-sensitive social engineering - an incredibly efficient tactic, she notes.
Over at Kaspersky Lab, meanwhile, the figures for November have been crunched, and the security vendor is reporting that the proportion of spam in total email traffic (in November) amounted to 72.5 percent - almost 10 percent higher than a year earlier, when the firm logged a figure of 62.9 percent.
Most malicious attachments, says the company's analysis, were seen in the UK, where 12.3 percent of all email antivirus detections were found. This was 2.4 percent higher than in October, pushing the UK into the dubious top slot position, compared to Germany with 11.2 and the US with 10 percent.
Delving into the analysis reveals that malware was mainly used to steal data during the November spam campaigns.
According to Tatyana Shcherbakova, a senior spam analyst with Kaspersky:
"In the weeks before the holidays there's a surge in the number of purchases and financial operations made over the Internet, which is why scammers send out more phishing messages in the hope that the recipients aren't as attentive as usual".
Shcherbakova's advice was echoed by Sarb Sembhi, an analyst and Director of Consulting with Incoming Thought (URL insert: www.incomingthought.com), who said that spam levels are always going to be high around this time of the year, but that CSOs, CISOs and their staff should not lose sight of the fact that spam is actually a year-round security headache.
One thing to remember about today's spam, he told SCMagazineUK.com, is that spammers are reacting incredibly quickly - sometimes in a matter of hours - to major events as they occur nationally and internationally.
This means, he says, that corporate anti-spam intelligence services - good though they are - may not pick up on a threat for several days, allowing timely spam to slip under the wire and reach users' mailboxes.
"The problem here is that, whilst security professionals are well aware of the dangers of spam, the ordinary person can often feel good about being `specially selected' for a good offer, and either click on the attachment or the link in the message. And as soon as the code executes on a machine, you're as good as dead in the water," he explained.
Sembhi, who is also a veteran senior within ISACA, the not-for-profit IT security association, went on to say that good strategies for dealing with suspect emails are to message the originator back and request confirmation that the message is genuine.
"Another factor that the spammers are well aware of - especially this year, as Christmas Day falls on a Wednesday - is that many people will be working from home over quite a long shutdown, so will not have access to their IT support services. This means that company staff need to be extra-vigilant against spam and infected emails, especially if other people in the house are also using their laptop," he said.