Personalized Spam Rising Sharply, Study Finds

designperfection9 writes "A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use."

30% of all Web traffic?

[alain94040]

From the article:

The latest study was based in part on [Cisco's] ability to monitor 30 percent of all Web and e-mail traffic

I hope the journalist misunderstood something, otherwise all my fears about the NSA just got crunched.

--
iPhone Apps review site looking for bilingual testers

Re:30% of all Web traffic?

[morgan_greywolf]

Not to worry. The NSA monitors 100% of all Web and e-mail traffic! Thanks to The New AT&T: Your World, Delivered. To the NSA.

Anti-spam Legislation

[unlametheweak]

It's a good thing there is anti-spam legislation.

Re:Anti-spam Legislation

[oldspewey]

Your response demonstrates a ...

[ ] clueless
[x] sarcasm-based
[ ] battlescarred
[ ] well informed

... approach to interpreting spam stories ...

What bothers me more is

[rolfwind]

the rise in "security questions" which are essentially weaker passwords. This personalized spam proves getting to much of that info is easy. But now, so often, when I register an account, in addition to a password, there is always a "security password" to null and void that password and get back in easier.

Some of the better services let you choose your own security password, but others only have a short list of really lame ones (1st car, pet, place of birth) which is not secure at all. I make sure to put in a nonsensical random string as an extra security measure. And this just proves it fallible.

Re:What bothers me more is

[unlametheweak]

The real problem is people visiting Web sites through email links, and replying to unsolicited email (from companies they recognize or not). Banks don't conduct business through yahoo email addresses. The real issue is educating consumers, or having consumers educate themselves. One does not drive a car without knowing the rules of the road (despite what people may think of cliched analogies), and email clients shouldn't be Web 2.0 browsers.

Re:What bothers me more is

[zappepcs]

What you are saying is true, but it can't be legislated. It can, however, become a vocation. Yes, for just 3 easy payments of $19.99 we'll teach you how to be safe on the Internet.... blah blah

An internet driver's license seems like a good idea till you think about all the absolutely retarded drivers you saw on the way home from work recently. Then it sinks in: some people are NOT trainable.

If you think of the Internet as a huge data warehouse and spend some time with a scripter it will not take long to find out that you can personalize millions of spam emails with little to no effort other than writing a script or two. All you need is for 1-2% of those to reply and enter logon details and you have a profitable business plan, albeit illegal.

When so little return can still make you profitable, it's hard to discourage spammers. Internet driving licenses would not prevent that 2-5% of the population that can't be taught to tie their shoes from answering unsolicited emails. There is a base or root value where crooks and con artists will always be able to find prey, whether they are selling gilt edged bibles or offering better sex or longer life. Hell, there are those that are flogging lame do-nothing anti-spyware software in an effort to fleece them of their money.

As long as there are humans and an Internet there will be spam problems. You could even set up a business as an online retailer clearing house where people would send you money to pay for things for them, trusting you to tell them when it is a con job. There are those would would pay for it... say $2.50 per event to be sure they didn't get conned. How's that for a scam?

See... this problem won't go away anytime soon. Washington? Are you listening? New laws will only make this situation WORSE, not make it go away.

Re:What bothers me more is

[xaxa]

A bigger problem is when you can't provide a decent, random string for the "security question". I opened a bank account online last week, but had to go to a branch to prove my identity (fair enough). The banker didn't like where her PC said I'd put "438@@/arcCHK" as my mother's maiden name, and asked for a real name. I'm waiting for the online banking activation codes to come through, I hope it doesn't depend on this value.

Re:What bothers me more is

[zappepcs]

That's the problem. When people delete .dll files from a system directory, do you think that somewhere in their mind is the thought "hmmm, maybe I should get someone who is qualified to look at this?"

To you and I, this makes sense, but to the great unwashed masses looking at files and configurations inside their PC is about as daunting as trying to fix their tv when the sound stops working. They open up the case, and with screwdriver in hand, start poking around looking at various bits inside the tv. Yes, I'm aware that is a bad analogy, but here's the kicker: if you had to have a screwdriver to get inside your computer's system files perhaps more people would take it to a professional to get it fixed.

Sidenote: This is one of the things that I think Ubuntu has done right. They made it as easy as possible to be a new user, to install and start using. They also have done what can be done to hide the internals from that user, and to try to prevent that user from having too easy of access to things they really don't need to be messing around with.

To put it another way, novice skydivers should not pack their own chutes. New drivers should probably never be asked to change a distributor. Novice computer users should not be asked to be administrators. In my home I'm the sysadmin and everyone else are just users who don't have access to much except using the computer. They can't install anything, can't change system settings, nothing. For all that effort, they ask me for something maybe 1-2 times every two months. Most recent was login problems due to disk quota being reached by one user. I had notifications setup incorrectly so didn't get warnings. Click click, problem gone. I really want to figure out how to run a business based on this. A business where normal end users can contract out a sysadmin at reasonable cost.

Re:What bothers me more is

[oldspewey]

Internet driving licenses would not prevent that 2-5% of the population that can't be taught to tie their shoes from answering unsolicited emails.

That's why we need to get proactive. We need some kind of white hat agency that sends out trojan-riddled spam to everybody on the planet. Those who are sufficiently stupid or gullible will open and act on the spam, which will immediately reconfigure their computer: my recommendation is that it irrevocably turn their machine into a slightly more advanced equivalent of a Fisher Price Activity Center, with lots of shiny buttons and spinning graphics the users can click on but no network connectivity of any kind.

Re:What bothers me more is

[sootman]

Are you of the Boston 438@@/arcCHKs?

Just a coincidence

[sunking2]

Cisco will soon be introducing a product to address this exact problem!

Pretty scary

[spyrochaete]

I received one spam email this year which was addressed to me, using my proper first, middle, and last name, as well as my old address back from when I used to live with my parents. The only place I would have volunteered this information online was the Monster job website several years back. I emailed Monster, rather furious at how lax their privacy was. They confirmed that this was their fault but were completely unapologetic.

Fortunately (I think) I never received a second email like this.

Just Shotgun Spamming...

[damn_registrars]

Is it really personal spamming? I've seen spam posing as bank notices for a long time. Generally, first you see them (posing to be) from the largest banks, and then over time you start seeing them (posing to be) from regional and local banks as well.

And considering how many people use online banking, it is pretty reasonable for many people to expect to see an email from their bank on occasion.

Very personalized...

[jshackles]

How did they know I was looking for penis enlargement pills and cheap viagra?!?!

Now I am going to be worried

[Chrisq]

Personalized Spam Rising Sharply

Now I am going to be worried every time I get one of those adverts for penis enlargement

....who told them?

Re:Now I am going to be worried

[DevConcepts]

Just got an email...
With the success of Viagra, many new performance drugs for men go into development:

--PROJECTRA: Men given this experimental new drug were far more likely to actually finish a household repair project before starting a new one.

--COMPLIMENTRA: In clinical trials, 82% of middle-aged men noticed that their wives had a new hairstyle. Currently being tested to see if its effects extend to noticing new clothing.

--BUYAGRA: Married men report a sudden urge to buy their wives gifts after taking this drug for only two days. Still to be ascertained: whether the results extend to not minding when women spend money on themselves.

--ANTI-AGRA: Promises the exact opposite effect of Viagra. Currently undergoing clinical trials on U.S. Senators.

--NOSPORTAGRA: This drug makes men want to turn off televised sports and actually converse with other family members.

--FLATULAGRA: This complex drug converts men's noxious intestinal gases into air freshener.

--FLYAGRA: This drug shows great promise in treating men with O.F.D. (Open Fly Disorder).

--LIAGRA: This drug helps men lie more successfully when asked about their sexual affairs. Will be available in Regular, Grand Jury and Political Strength versions.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Not just them

[Sfing_ter]

Of course they do, it's just that if they don't do as NSA says, then they don't get to continue to rebuild their monopoly. It be Bidness, and the constitution gets in the way of Bidness.

Re:Not just them

[jlarocco]

Maybe that's because understanding the constitution isn't the telcos job? Get pissed at the government. Defending the constitution is their fucking job, and they were the ones who telling the telcos what to do.

Don't get me wrong, I'm not happy that the telcos went along with it, but you have to place the blame where it belongs - on the government people who initiated the action in the first place.

Re:Not just them

[dmneoblade]

Telco's do, however, have a responsibility to say "Sure, as soon as you give us a court order, we'll get right on that." If they don't, then they are waiving the right to your privacy for you, and they are just as guilty.

Re:Not just them

[greg_barton]

Maybe that's because understanding the constitution isn't the telcos job?

Understanding the constitution is every American's job.