In-Depth

Spammers Exploiting the Recession

Spammers are tweaking their messaging to better exploit recession-related fear, uncertainty, and doubt

• By Stephen Swoyer
• 03/31/2009

The economic crisis is scaring many of us, and spammers are exploiting the fear for all it's worth. Security researchers say that unprecedented economic uncertainty is translating into unprecedented opportunity for purveyors of spam.

"With economic concerns mounting across the globe and intense media coverage of the downtown, it is clear that spammers believe that economic spam is a useful vehicle -- a dark cloud that for them holds a silver lining," says the March 2009 "State of Spam" report from Symantec Corp.

Symantec's monthly "State of Spam" reports provide a breakdown of all spam activity during the previous month. The latest report paints a particularly dismal portrait of spam activity, with spammers tweaking their messaging to better exploit recession-related fear, uncertainty, and doubt (FUD).

Spammers don't even have to be particularly creative, say Symantec researchers. In the current climate -- with the world in the midst of the biggest economic panic in 80 years -- FUD-mongering isn't all that difficult, they conclude, citing a sharp uptick in employment related spam.

"Recipients of these messages are often asked to provide personal information such as first and last name, ZIP code, cell phone number, home phone number, work phone number, and age," the report indicates. Not all FUD-mongering spam is unimaginative, of course. Some spammers are even recasting rejection -- in the form of the classic employment rejection letter -- into opportunity.

"[A] spam message has been observed recently which targets one of the downsides to looking for a job -- the rejection letter. In the particular spam message observed, the messages states that 'Unfortunately we have to inform you that your qualifications and experience does not fit the position you applied for,'" say Symantec researchers.

In several cases, this scam uses ostensibly legitimate URL links -- pointing, Symantec indicates, to well-known headhunting or recruitment firms -- to burnish its air of legitimacy. Recipients are encouraged to double-click on an attachment, which contains a hacktool. "If human curiosity prevails and the recipient opens the attachment, the user's system becomes the subject of an attack from the Hacktool.Spammer malicious virus. Hacktool.Spammer is a program that hackers use to attack mail boxes by flooding them with email. It can be programmed to send many email messages to specific addresses."

Spammers are also using phony e-mail messages purporting to be from the Internal Revenue Service (IRS) -- such attacks typically invite users to submit "Economic Stimulus Payment" forms -- or (similarly) employing e-mails that claim that "Economic Stimulus Grants are now available."

That said, financial spam actually decreased in February, according to Symantec, dropping from 12 percent to 11 percent of all spam activity. All-purpose fraud, on the other hand, increased -- growing from 4 to 5 percent of all spam activity.

Other spam sectors that saw growth were Internet-related (up 8 percentage points) and leisure-related (up 7 percentage points). The United States continues to lead all other countries in the production and dissemination of spam, accounting for 25 percent of all spam activity in February (that's up 2 percentage points from January); Brazil is second, globally, at 9 percent (down a single percentage point from January); India rounds out the Top 3 at 5 percent (up a single percentage point from January).