The United States continues to be the leader in spam, relaying 15 percent of the world’s spam messages, according to a recent report from Sophos that examines the top 12 spamming countries.

The United Kingdom has disappeared from the “Dirty Dozen” for the first time in two years, coming in at 14^th overall, and sending 2.1 percent of the globe’s spam.

Brazil has seen the biggest increase in spam, jumping from fourth to second place since last quarter. The country is now the source of 10.2 percent of spam emails, compared to 4.3 percent during the same period last year.

The top 12 spam relaying countries for January to March 2009 are as follows:

1. United States 15.8%
2. Brazil 10.2%
3. China (incl Hong Kong) 7.7%
4. India 5.1%
5. Turkey 4.1%
6. South Korea 3.8%
6. Russia 3.8%
8. Spain 3.0%
9. Argentina 2.8%
10. Poland 2.6%
10. Colombia 2.6%
12. Italy 2.3%

“The U.S. has gone some way towards reducing levels of spam since last quarter, when the country relayed almost a fifth of all the spam messages,” said Graham Cluley, senior technology consultant at Sophos.

“What’s less encouraging is that Brazil has shot up the ranks. It’s no secret that the country has long been associated with cybercrime – in particular the spread of banking Trojans – however, a surge like this could also be a by-product of China’s slip down the charts. In any case, it’s certainly a trend to keep a close eye on.”

Spam accounts for 97 percent of all email received by business email servers, putting both a strain on resources and wasting a huge amount of time to lost productivity.

“Of course, the real cause of the spam problem is that not everyone will automatically delete these emails on sight,” continued Cluley.

“People out there must be buying products from spam, after all – the criminals behind the botnets would soon give up if they weren’t making any money out of it. Computer users should know by now that buying from spam is contributing to the problem, as well as putting their personal information into the hands of criminals – everyone should pledge to never ever buy via spam.”

]]> http://www.money007.com/2009/06/top-12-spam-countries/feed/ 0 http://www.money007.com/2009/04/government-agencies-need-better-email-security/ http://www.money007.com/2009/04/government-agencies-need-better-email-security/#comments Fri, 17 Apr 2009 21:24:12 +0000 Mike Sachoff http://www.money007.com/?p=90 The Online Trust Alliance (OTA) has given government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its recently released analysis of email authentication adoption.

While adoption has grown over the past year, OTA found 56 percent of the top .gov sites – including Whitehouse.gov, FBI.gov, Treasury.gov and DHS.gov – still are not protecting U.S. citizens through the use of email authentication. At the same time progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC.

The OTA also found that among the major online retailers 45 percent have not adopted email authentication- leaving brands, domains, and consumers exposed to security and privacy threats.

While the OTA recognizes many brands including Amazon, Dell, Office Depot, Apple, Costco and Staples have adopted increased online security measures, many others including Sears, Victoria’s Secret, Gap, and Nordstrom are failing to adequately protect their brands and customers via email authentication.

Many of the organizations and businesses that have failed to use some form of email authentication standards, including SPF/Sender ID or DomainKeys Identified Email (DKIM), have become victims of forged email and online exploits. Email authentication has been widely viewed as a best practice to help reduce deceptive email and phishing exploits.

“It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines,” said Craig Spiezle, OTA Chairman and Founder.

“Best practices not only need to be adopted by business, but also by governmental agencies. OTA members reiterate their willingness to provide resources and assistance to these organizations.”

In 2008, the FTC said it had received about 1,200,000 complaints related to fraud, identity theft and other consumer complaints, representing a 50 percent increase over the previous year.

Those consumers reported fraud related losses of more than $1.8 billion. The states that reported the most complaints include Arizona, California and Florida. Those states have the highest rates of foreclosure, indicating that the economic downturn has been a driver of increased fraud.

“This FTC report confirms what we have been seeing in the online chat rooms where identity thieves buy and sell stolen personal information. Since we are constantly monitoring these rooms on behalf of our customers, we’ve been able to track a significant increase in activity over the last six months,” said Dan Clements, vice president, Affinion Security Center.

“In fact, we think that the number of complaints that the FTC receives are just the tip of the iceberg, and there are actually many more cases of identity theft that go unreported. Americans, more than any other nation, are vulnerable to identity theft,” he added.

The FTC report found that credit card fraud was the most common form of identity theft. When credit card information is stolen, the thieves often turn to online chat rooms where they buy and sell this information and also do tests to make sure the card is valid.

These work-at-home schemes are designed by criminals to gain the trust of job seekers in order to take advantage of working relationships to further illegal activity. Most victims are unaware they are engaging in criminal behavior until it is too late.

In many of the scams, victims are often hired to “process payments,” “transfer funds,” or “reship products.” These scams exploit unwitting employees by having them cash fraudulent checks, transfer illegally obtained funds for the criminals, or receive stolen merchandise and ship it to the criminals.

Other scams ask victims to sign up to be a “mystery shopper,” receiving fraudulent checks with instructions to cash the checks and wire funds to “test” a company’s services. Victims are told they will be compensated with a portion of the merchandise of funds.

Job scams also often provide criminals the opportunity to commit identity theft when victims provide their personal information, sometimes even bank account information, to their potential “employer.” The criminal/employer can then use the victim’s information to open credit cards, post online auctions, register Web sites, etc., in the victim’s name to commit additional crimes.

“Don’t get duped by these criminals offering easy money. Remain skeptical of unsolicited job offers that sound too good to be true and report any scams you might encounter,” said Richard Kolko, FBI National Press Office.

“Computer users face a dangerous one-two punch today,” said Jeff Green, senior vice president of McAfee Avert Labs, McAfee’s research group.

“The current economic crisis is delivering a blow to our financial well-being, while malware authors are taking advantage of our distraction to deliver a roundhouse strike.”

Cybercriminals have moved to the Internet cloud as their main delivery vehicle and take advantage of the attractions of Web 2.0. McAfee expects this trend to continue throughout 2009.

Threats will continue to take evasive action against security measures. One example is single use binary files, which are an attacker’s equivalent of a single use credit card number used by consumers when shopping online. These binaries help to create a large amount of threats, which will make more difficult for victims to describe their attackers, and make it harder for defenders to catch them.

McAfee predicts increased attacks involving USB sticks and flash memory devices used in camera, picture frames and other electronics.

Last year McAfee saw the malware underground use mainstream practices in an effort to “sell” software that was either misleading or fraudulent. This trend will continue as cybercriminals still see a lucrative market in this area.

Spam traffic dropped significantly when ISPs shutdown spam host McColo Corp., the source of up to 60 percent of global spam. In 2009, there will be a continued shift in organizations, from passive support of law enforcement to an active role of working with ISPs and global Internet organizations such as ICANN.

Several globally active registrars have already implemented many of the best practices recommend by APWG including Go Daddy and Network Solutions.

“It has been great to see registrars take phishing prevention seriously,” said Rod Rasmussen, co-chair of the APWG’s Internet Policy Committee and President of InternetIdentity of Tacoma, WA. “Since phishing campaigns often start with a domain registration, the domain name registrars are in the perfect position to make phishing more difficult.”

The APWG recommendations focus on three key areas.

Proactive fraud screening: low user-burden processes that registrars can adopt to limit phishers’ ability to complete fraudulent domain registrations on a large scale

Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign

Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.

The APWG says it plans to continue to work with registrars to evolve anti-phishing best practices.

“We look forward to continuing to develop new and innovative ways to combat Phishing at the most basic level — at the time of domain registration,” said Mr. Rasmussen.

It’s really funny that some people are skeptical about the product that they’re buying, and yet they get lured in by images of flashy cars and wads of cash being flung around. That’s just how these online scammers make their money! They claim that you can earn a tonne of money if you just buy their cheap ebook! “Sure, the ebook is only $15, it’s not like I’m going to go broke if you buy it and plus, what if I really do end up earning $500 per day!” – This is the mindset of Average Joe. Average Joe is just a regular guy like you and I, who thinks that this new and exciting ebook will bring him a fortune. Unfortunately, Average Joe doesn’t know that scammers make their money by advertising a cheap product and getting lots of sales on that product. Average Joe is also unaware that he probably won’t end up reading the ebook out of laziness, and won’t even bother to request a refund or chargeback! Just a note to all readers who think that Average Joe is an idiot: This could be you!

I recently stumbled upon a site called “I’ve Tried That“, which monitors and reports sites that rip people off. The aim of the site is to make people more aware of the “Make money at home” or “Make money online” scam sites that are out there. I suggest that you always check this site before purchasing any type of money making ebook.

Here are some tips to avoid being scammed online:

• Look out for sites that promise to pay you massive amounts of money, even $100 per week is probably too high. Making money online is tough and no one wants to give away their big secrets (except money007.com), I mean, why would they?

• Never fork over cash to a site that you’ve never heard of, and always make sure that you read a genuine review before you make a purchase! Remember that your money is valuable, keep it!!!

• Never give out personal details unless you are 100% sure that the site or person is 100% trusted. Giving out personal information (especially Credit Card info) can be a risky business.

• Remember that making money online takes time and knowledge, it doesn’t come instantly! This is probably the most important rule, because impulse buying products is very dangerous and can lose you lots of money. Downloading and reading our link juice guide will help you out more than 90% of “instant money” ebooks, and it’s completely free.

More and more people are turning to the web as a source of making money and thus more and more scams are popping up to take their hard earned cash. Make sure that you are not another statistic of online scams: educate yourself and work hard! Making money isn’t instant, and it certainly isn’t easy.

The Money007 team.