Skip to main content
0 Results Found
              Back To Results
                Business Imperatives

                Spam and the Changing Business Model of Cyber Crime

                By: Beau Woods

                In the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore. Most commentators pointed to better spam filtering software.

                While it does seem that anti-spam filtering has improved, there might be more to the reasons of the observed downturn. There are noted temporary declines whenever some of the bad guys? ISPs get taken down, but that the general trend is toward continued spamming. Interestingly, though, anecdotal evidence (my spam filter) doesn't suggest that the spammers are spending much time coming up with new tricks to avoid detection.

                So back to the Freakonomics theory: a change in business models.

                From what we've been seeing, cyber criminals seem to be spending more time focusing on different types of attacks on your inbox. In the last year or so, we in the Information Security business have seen a dramatic rise in phishing attacks, particularly more targeted phishing attacks.

                Phishing attacks in which a criminal targets smaller regional areas have been quite popular. Criminals will try to find an area where there are only a few financial institutions and then send emails, text messages and leave voice mails for victims they believe are in that area. These messages will either be of the traditional kind, asking for sensitive information over the Internet, or they will instruct the recipient to call a 1-800 number to divulge information. The criminals then charge money on credit cards and withdraw from ATMs.

                In addition, criminals are targeting businesses more frequently. Using legitimate-looking emails impersonating organizations like the IRS, UPS and Better Business Bureau are common in these attacks. The goals here are less about sensitive information and more about installing malicious software to infiltrate a company. Usually here the goal is to get access to a corporate bank account and transfer money electronically.

                So it seems that the Freakonomics guys were right, it does come down to simple economics and opportunity costs.

                Spam is cheaper and easier per email, but phishing brings in far more money. Enough money, in fact, that organized crime groups can set up processing centers to do all the work while the cyber kingpins drive around in their Maseratis in Marseilles. That beats Nigeria any day.
                Close Modal
                Close Modal