SAN FRANCISCO, CA – Cloudmark, Inc., the global leader in carrier-grade messaging security, today released a list of common techniques now being employed by email spammers, based on analysis of the billions of messages that Cloudmark scans each day.
Spam now constitutes between 90 to 95 percent of all email traffic in the U.S., and in an effort to penetrate inboxes, spammers and hackers are taking new approaches in an effort to evade traditional spam filters.
As part of Cloudmark’s continual analysis of global spam, it has identified several crafty spamming techniques seen this year:
— The ‘lite brite’ attack — These attacks see spammers position a
collection of characters to take the form of larger letters, which spells
out a word. For example, using many iterations of a stock symbol to spell
out the word "BUY" in an effort to promote the stock.
— Character manipulation — Email addresses, IM usernames and phone
numbers are commonly included in spam — some spammers will use inventive
spelling techniques to proliferate their messages, replacing characters
with "visual puns" for example ‘0’ for ‘o’ and ‘1’ for ‘i.’ More creative
spammers may sometimes also use ambiguous content. For example, advertising
a product and telling recipients to ’email me or im me at jeffbr0ck
|replace with @| yahoo |put dot here| com.’
— Unusual linking — There are many ways to write characters into a
clickable URL. For example, URI encoding and entity encoding can place
unprintable characters into an http link without breaking it. Spammers are
taking this practice to an entirely new level, finding ways to format URLs
that, despite not conforming to published web standards, will still be
clickable through certain email clients, web interfaces and other online
— Domain domination — Spammers are buying and hosting a range of
different domain names with similar characteristics, for example
‘worldjackpotcasinobc.com,’ ‘worldjackpotcasinob8.com,’ and
‘worldjackpot9casino.com.’ This relatively simple, but effective, technique
takes a legitimate-sounding domain and then permutes it many times.
Spammers expect that recipients would be more likely to click on these
domains than ones that are randomly-generated and nonsensical.
— Image imposters — Spammers can disguise their campaigns as images,
attempting to bypass basic filters that only pick up on text-based spam.
— Stock scam scramble — Stock scams are on the rise in email spam, with
spammers further scrambling the content in order to bypass filters. A
recent stock scam attack saw spammers scramble their message to such a
degree that neither the company name nor the advertised ticker symbol was
"As spam filters getting more sophisticated and accurate, spammers are getting craftier in their attacks and more creative with their approach. The over-the-top and in some cases, almost amusing, lengths spammers are taking in their attempts to bypass spam filters really showcases their desperation" said Jeremy Robin, spam accuracy researcher at Cloudmark. "While attacks continue to get more sophisticated, Cloudmark stays one step ahead through the unique combination of its Advanced Message Fingerprinting™ algorithms and feedback from its Global Threat Network™ technology, which can spot spam regardless of language, format and encoding."