During August, unsolicited e-mails made up 67,6% of all global e-mail traffic, according to Kaspersky Lab figures, making August 3,6 percentage points lower than July.
However, the rate of phishing messages rose more than 10 times compared to July, while the volume of spam messages containing malicious attachments rose 2,5 times, accounting for 5,6% of all e-mail traffic.
The holiday season may have been winding down, however cybercriminals kept up a continuous bombardment of fake messages announcing non-existent airline and hotel reservations, with the spammers using some of the biggest names in these industries.
For example, booking.com and Delta Air Lines are always an attractive target for spammer attacks; in August, Kaspersky Lab once again recorded mass mailings of scam letters that at first glance appeared to come from those companies. The fact that such messages often look genuine can relax the recipient’s vigilance.
They usually prompt the user to open a malicious attachment or follow a link that initiates a file download to the hard drive. In either case, the victim’s computer is infected with the Tepfer Trojan that steals user credentials.
August also saw a 10-fold increase in the proportion of phishing messages. Kaspersky Lab reported mass mailings that appeared to come from an official Apple address that asked recipients to confirm their iTunes account details by following a link.
The favourite target of phishing attacks, however, remains social networks. The names of popular international delivery services, such as FedEx, UPS or DHL, also appear frequently in spam messages.
These e-mails inform potential victims that a parcel cannot be delivered to them for some reason and that in order to collect it they have to print out the file attached to the message and then visit the company’s office or confirm specific data. In some cases the attached files supposedly contain information about the non-existent parcels.
Spammers try to make these messages look as genuine as possible, using seemingly legitimate e-mail addresses, providing detailed information about the order, genuine contact data from official sites and copying the relevant confidentiality notifications.
In August, Kaspersky Lab continued to record mass-mailing adverts for online learning courses. This category of spam message had earlier focused mostly on colleges and universities, MA and PhD programmes, but in August, there were more offers to remotely complete a secondary education for those who had failed to do so on time.
The top three sources of spam remained the same, with China, the US and South Korea accounting for more than half of all global spam.
“In the summer months in Europe, spam becomes much more dangerous. The number of scam messages increases and so does the number of messages containing malicious attachments,” comments Tatyana Shcherbakova, senior spam analyst at Kaspersky Lab.
“Remember, it is very rare for reputable organisations to ask you for your private data, to confirm account details without advance notice, or to open e-mail attachments. If this happens, it’s advisable to contact the support line of the organisation named in the e-mail, and ask if they actually sent it.”