The dark side of unsolicited e-mail

Few will argue that unsolicited e-mail - spam - is not a nuisance.

Every e-mail user across the globe can relate to it. That tiresome feeling of sifting through what often seems like endless amounts of e-mails at the beginning of each day, in a constant and ongoing fight against spam.

Deleting useless and boring e-mails from unknown sources selling everything from medicines to software, and promising us undreamed of wealth, pleasure and beauty has become a daily chore for anyone with one or multiple e-mail accounts.

Spam is an exponentially growing problem that all companies will face irrespective of size or industry. If they use e-mail to do business, they are going to receive spam - it is as simple as that. Conservative estimates suggest that 100 billion spam messages clog the internet on a daily basis, meaning that nine out of every 10 e-mails sent are useless. The problem is so widespread that most people appear to have started to take spam for granted and see it as an acceptable cost of using e-mail technology.

As costs, in terms of time and money, increase for businesses dealing with spam, it's important for IT directors, especially within SMEs, to find effective ways to deal with the daily dilemma.

The use of spam filters is commonplace today. For many who use these filters, the battle is won and the few junk e-mails that escape the filters are no longer of concern.

Unfortunately, spammers are technically savvy individuals who have the means, back-up and resources to stay ahead of the good guys. Over the past two years, spammers and spam filter developers have been equally matched, but seeing their inability to beat the technology all the time, spammers have targeted the weakest link in the chain: human nature.

Humans are gullible and inquisitive and spammers are taking full advantage. Instead of pushing products which are easily caught by spam filters, they are using near-genuine e-mails to usurp information and play on the individual's "fear" of anything "legal".

A case in point. Over 2,000 C-level executives in the US recently fell for an e-mail scam that informed executives that they had been sued in federal court and must click on a web link to download court documents.

Concerned executives did just that and were taken to a phony website where they had to install browser plug-in software to view the documents. That software enabled the criminals to access the victim's computer. Simple, effective and dangerous.

The target group was small; the text void of familiar keywords and the e-mail was credible. And people did as they were told.

Dealing with spam requires a three-pronged approach. The first two are obvious: install anti-spam and anti-phishing software as well as anti-virus engines to check all web downloads including viruses on websites that spam e-mails point to.

The third is education.

End-users need to be told (and regularly reminded) not to open any e-mails that look suspicious. Even if they appear genuine, government agencies and official bodies never use e-mail to notify people of pending legal action but an official letter in the post.

On a wider scale, companies, banks and online retailers never ask their clients for confidential data via e-mail no matter what the e-mail says. If the e-mail looks real, people should check with their bank or the company sending the e-mail to verify.

And never click on links in suspicious e-mails. If it's too good to be true, it's usually fake.

This is easy to follow and free advice. But how many are actually listening? Over 2,000 US executives did not. Are your employees listening?

http://www.gfi.com

• Mr Kelleher is communications and research analyst at GFI Software.