The top five spam categories spanning from January 2005 to June 2005 are as follows:
• Medication/pills 41.4%
• Mortgage 11.1%
• Adult content 9.5%
• Stock scams 8.5%
• Product 8.3%
Other 21.2%
"Over the last six months, the usual suspects - medication and mortgages - have remained at the top of the spam charts, but the increasing prevalence of stock scam spam represents a worrying new financial threat," said Graham Cluley, senior technology consultant at Sophos. "The spammers aim to quickly and cheaply circulate false information about a company's stock via email, often combining it with snippets taken from genuine press releases to lure potential investors."
Stock scam campaigns tend to run for short durations, keeping overall volumes low. Even though some of the information provided may be accurate, the deceptive and unsolicited nature of the messages qualifies them as spam.
"Using companies with limited assets, these charlatans stop advertising the stock once they've disposed of their shares, often causing the price to fall and meaning that investors ultimately lose their cash," added Cluley.
The majority of these campaigns employ obfuscation techniques, using word variations such as 'st0ck' or 'stox' to avoid being caught by spam filters. Messages can arrive in many different formats, such as HTML or plain text, and are almost always sent via hijacked 'zombie' PCs.
"Social engineering through email, where scam artists take advantage of unsophisticated computer users, is on the rise and represents a dangerous trend," said Brian Burke, IDC research manager. "Stock scams, combined with traditional phishing techniques, can result in significant financial loss for victims of these swindles."
Sophos recommends that the most effective way for businesses to reduce spam and other threats is to adopt a multi-layered defence as well as implement a best practice policy regarding email account usage. Users can also learn how to best minimise the influx of unwanted email by following a few simple guidelines.