Slashdot Mirror

← Back to Stories (view on slashdot.org)

Personalized Spam Rising Sharply, Study Finds

Posted by CmdrTaco on from the no-i-don't-want-a-yearbook dept.

designperfection9 writes "A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use."

15 of 142 comments (clear)

  1. What bothers me more is by rolfwind · · Score: 4, Insightful

    the rise in "security questions" which are essentially weaker passwords. This personalized spam proves getting to much of that info is easy. But now, so often, when I register an account, in addition to a password, there is always a "security password" to null and void that password and get back in easier.

    Some of the better services let you choose your own security password, but others only have a short list of really lame ones (1st car, pet, place of birth) which is not secure at all. I make sure to put in a nonsensical random string as an extra security measure. And this just proves it fallible.

    1. Re:What bothers me more is by unlametheweak · · Score: 4, Insightful

      The real problem is people visiting Web sites through email links, and replying to unsolicited email (from companies they recognize or not). Banks don't conduct business through yahoo email addresses. The real issue is educating consumers, or having consumers educate themselves. One does not drive a car without knowing the rules of the road (despite what people may think of cliched analogies), and email clients shouldn't be Web 2.0 browsers.

    2. Re:What bothers me more is by zappepcs · · Score: 4, Insightful

      That's the problem. When people delete .dll files from a system directory, do you think that somewhere in their mind is the thought "hmmm, maybe I should get someone who is qualified to look at this?"

      To you and I, this makes sense, but to the great unwashed masses looking at files and configurations inside their PC is about as daunting as trying to fix their tv when the sound stops working. They open up the case, and with screwdriver in hand, start poking around looking at various bits inside the tv. Yes, I'm aware that is a bad analogy, but here's the kicker: if you had to have a screwdriver to get inside your computer's system files perhaps more people would take it to a professional to get it fixed.

      Sidenote: This is one of the things that I think Ubuntu has done right. They made it as easy as possible to be a new user, to install and start using. They also have done what can be done to hide the internals from that user, and to try to prevent that user from having too easy of access to things they really don't need to be messing around with.

      To put it another way, novice skydivers should not pack their own chutes. New drivers should probably never be asked to change a distributor. Novice computer users should not be asked to be administrators. In my home I'm the sysadmin and everyone else are just users who don't have access to much except using the computer. They can't install anything, can't change system settings, nothing. For all that effort, they ask me for something maybe 1-2 times every two months. Most recent was login problems due to disk quota being reached by one user. I had notifications setup incorrectly so didn't get warnings. Click click, problem gone. I really want to figure out how to run a business based on this. A business where normal end users can contract out a sysadmin at reasonable cost.

      --
      Support NYCountryLawyer RIAA vs People
  2. Personalized, but not personal. by Boogaroo · · Score: 2, Insightful

    Really, at this point, who is falling for this stuff?
    Even with personalization, I am getting the same "custom" messages from 15+ "female" names.When you get your forula spam message, does anyone click on them anymore?

    Is there still money in spam, other than the money from selling the spam lists and spam network?

    1. Re:Personalized, but not personal. by polle404 · · Score: 1, Insightful

      Is there still money in spam, other than the money from selling the spam lists and spam network?

      yes there is.
      Unfortunately it only takes very few people buying their products, for it to be profitable.

      IANAS (I Am Not A Spammer), as it is...

      --

      ~men are from earth. women are from earth. deal with it.~
    2. Re:Personalized, but not personal. by gstoddart · · Score: 2, Insightful

      Really, at this point, who is falling for this stuff?

      Seriously? There's a lot of people coming onto the web who have never been there. I was stunned last year when my retired (not computer literate) parents bought a laptop and got a broadband connection.

      Increasingly everyone is being told that if you're not on line you're missing out on something. Unfortunately, the sophistication and knowledge required to do this safely belies the ease with which people can connect and then if they don't know anything about such things, they're at risk. People just aren't being made aware of the danger, and don't really understand all of the ways that they can get into trouble.

      When my parents first went on-line, I gave them a fairly stern lecture telling them of what to be wary of -- specifically I said don't ever give any identifying information to a site you don't know and trust, and trust almost nothing which comes into your inbox, especially if it's claims to be from a bank or the government. So far, a healthy dose of skepticism about the truth of what's in their inbox has probably served them fairly well.

      The world hasn't exhausted its supply of people who just don't know all of the risks and dodgy areas they need to watch out for, and the tools they're using may not be nearly as safe as we'd like. The fact that it's being marketed as easy to do without explaining some of the danger is a contributing factor.

      Is there still money in spam, other than the money from selling the spam lists and spam network?

      Of course there is, otherwise you wouldn't see it. It only has to have a very small hit rate to be hugely profitable. When you're sending a couple of million emails at a time, the 1% of people who fall for it are plenty enough.

      Cheers

      --
      Lost at C:>. Found at C.
  3. Just a coincidence by sunking2 · · Score: 3, Insightful

    Cisco will soon be introducing a product to address this exact problem!

  4. Just Shotgun Spamming... by damn_registrars · · Score: 4, Insightful

    Is it really personal spamming? I've seen spam posing as bank notices for a long time. Generally, first you see them (posing to be) from the largest banks, and then over time you start seeing them (posing to be) from regional and local banks as well.

    And considering how many people use online banking, it is pretty reasonable for many people to expect to see an email from their bank on occasion.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  5. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  6. Re:Not just them by elrous0 · · Score: 2, Insightful

    They understand it. They just don't give a shit.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  7. Simple Solution by WagonWheelsRX8 · · Score: 2, Insightful

    There is a surprisingly simple solution to the SPAM problem but no one likes it. Charge to send e-mail. It doesn't have to be much (heck a penny an e-mail would probably suffice).

  8. Re:Not just them by jlarocco · · Score: 3, Insightful

    Maybe that's because understanding the constitution isn't the telcos job? Get pissed at the government. Defending the constitution is their fucking job, and they were the ones who telling the telcos what to do.

    Don't get me wrong, I'm not happy that the telcos went along with it, but you have to place the blame where it belongs - on the government people who initiated the action in the first place.

    --
    Maybe not
  9. Re:Not just them by dmneoblade · · Score: 4, Insightful

    Telco's do, however, have a responsibility to say "Sure, as soon as you give us a court order, we'll get right on that." If they don't, then they are waiving the right to your privacy for you, and they are just as guilty.

    --
    Warning, knife is sharp. Please keep out of children.
  10. Re:Not just them by greg_barton · · Score: 3, Insightful

    Maybe that's because understanding the constitution isn't the telcos job?

    Understanding the constitution is every American's job.

  11. Re:Not just them by Vakara · · Score: 2, Insightful

    The case against the telcos is based on violations of law, not constitution. The telcos violated provisions in FISA which placed specific parameters around what they are legally allowed to do (and required to obtain) in order to perform surveillance on US citizens or within US territories. The provisions are specific enough that civil damages are specified in the actual law (per incident!) to further incent the telcos to obey the law.

    The government asked for something they shouldn't have, and most of the telcos (not all!) gave up something they were legally obligated to protect. As far as I'm concerned they are both fair game.