‘Tis the Season for Holiday Spamming

Seeking to take advantage of the many exciting online bargains this holiday shopping season? Be cautious about those e-mail promotions. Some of them contain more than deep discounts and free shipping offers — they may contain malware.

Security vendors and messaging companies alike report heightened spam activity during the holiday season. Some of it is legitimate commercial spam trying to turn your head toward that shiny new Rolex or sexy red dress. But plenty of holiday spam is an insidious attack by phishers attempting to obtain your personal financial information.

During December 2004, there was a 50 percent increase in phishing sites and attacks, according to messaging security vendor Proofpoint, and the company expects to see a similar increase during 2005. What’s more, e-mail security provider AppRiver predicts the volume of spam flooding e-mail inboxes will double this holiday season, especially with the release of sober virus variants.

Sobering Up for the Holidays

Of special note this year are the sober variants AppRiver is tracking. Over the past several weeks, sober virus writers have been sending batches of new variants hoping one of them will do the trick, says AppRiver CTO Joel Smith.

AppRiver has tracked dozens of Sober variants each week since late November, when the holiday shopping season officially began. Smith told the E-Commerce Times that subject lines include “christmass dinner — eat with no worries” and “send the kids a letter from Santa.”

“It seems that every couple of days virus writers are releasing a new virus version with a psychological wrapper designed to get people to open it and act on it,” Smith said. “Unfortunately, sometimes there is enough of a mental push around the messages that customers go ahead and push the big red button and infect their computers.”

Sobering Motives

Rami Habal, Senior Product Manager for Proofpoint, told the E-Commerce Times that outbreaks of the Sober and Bagle worms have been especially problematic this season. Both of these viruses attempt to download a variety of malware to compromised computers.

“The main goal of the writers behind these viruses seems to be the creation of large networks of Ezombie machines (sometimes called botnets) that can be used to send spam, phishing attacks, denial of service attacks and, possibly, the direct harvesting of identity and financial information,” Habal said.

Habal said one of the main risks to consumers at this time of year is convincing-looking phishing e-mail that appears to be from their bank or a trusted online retailer and may be more susceptible to being fooled by such messages, simply because they are expecting to receive messages from those sources.

Holiday Discounts Abound

Besides diet aids tailored for those who plan to eat more than their fare share of Christmas dinner and caring parents who want their kids to get a letter from Santa, Bethany Mayer, chief marketing officer for Mirapoint, said that as we get deeper into the season there are more spam messages with gift ideas suggestions, charity suggestions, and sales announcements.

“Holiday spam can indeed be more dangerous because more inexperienced computer users are likely to be online doing online shopping,” Mayer said. “These are the people who are most likely to click on or respond to spam or phishing attempt related to a holiday promotion.”

In fact, a Mirapoint survey conducted with messaging analyst firm Radicati Group reveals that 11 percent of online users are buying items from spam. When you couple this figure with the spending increase around the holiday, Mayer said spammers are particularly eager to inundate the world.

“In general, spam and phishing attacks follow the same seasonal trends as legitimate marketing and sales efforts. Anytime there’s a holiday, you can expect an influx of holiday-themed spam and phish attempts,” Habal said.

Indeed, this holds true for Valentine’s Day, Easter, and other winter holidays. Proofpoint also sees fraudulent e-mails in the wake of any newsworthy or tragic event, like the Asian tsunami and hurricane Katrina disasters. Habal said it’s like clockwork.

Impacts on E-Commerce

The Mirapoint/Radicati survey reveals the potential damage holiday spam has on e-commerce. The firms report nearly 10 percent of consumers have lost money to an e-mail scam and indicate they now use the Internet less because of it.

“Presently, all legitimate online sellers do a lot to assure their customers that shopping online is safe — from clearly communicating what types of messages and information they will send to confirm orders to reminding customers they will never ask them to providing sensitive data via email, to details on how their credit card numbers and other information is being kept safe,” Mayer said. “Even with this, a lot of buyers are very suspicious about making purchases online, but e-commerce is still growing.”

Proofpoint’s Habal said the increased volume of message-borne threats at this time of year has real implications for consumers, who should take some common-sense precautions.

“For retailers, e-tailers and online financial institutions, these threats pose some risk of decreased consumer confidence and cause them to spend more resources on consumer education and fraud prevention,” Habal concluded.