Websense Security Labs ‘ThreatSeeker Network’ has detected an ongoing scam which is sending malicious e-mails apparently from Google in responses to job applications.

The spam mail begins with the acknowledgement of recipient’s resume after which it thanks him for showing his interest in joining Google. The e-mail also explains that Google staff members will assess the resume and if they find matching vacancy in the company, they will revert to the recipient.

According to Websense, if the recipient didn’t apply Google for work, then he should understand that the e-mail is a fake. Another thing that raises suspicion about the e-mail is its attachment that contains both .zip and .exe extensions.

The e-mails appear extremely well-written as well as convincing by spoofing scrapes of Google’s real job application replies. Generally, unsolicited spam mails have spelling mistakes and grammatical errors that clearly suggest that the messages are unauthorized while the errors act like red flags. However, these e-mails’ texts are flawless, lending them a professional and convincing touch, particularly if the targeted person is a genuine applicant for Google job.

Ironically, all efforts are put to create clean-looking e-mails, but the scam becomes evident via an easily detected deceitful name, which tries to pose as a legitimate file type.

According to Websense, the e-mail attachment (malevolent payload) hasn’t been caught the notice of most anti-malware software.

Job related online scams are common on Internet, but they have increased in number along with a multiplicity of victims since the global recession. Cyber criminals have been targeting vulnerable people and the problems of law enforcement to track down the miscreants have emboldened the crooks as they chase job-seekers much more vigorously now.

The security experts have explained that authorities can perform no more than documenting incidents. Hunting down culprits is nearly impossible as cyber criminals use proxy domains and networks, causing an un-ending scale of jurisdictional impediments.

Finally, Websense suggests that job-seekers should remain utterly cautious while browsing through recruitment sites so they don’t become victims of scam.

» SPAMfighter News - 09-02-2010

On December 3, 2009, it was announced by the respectable Tony Clement, Minister of Industry, (Ottawa, Canada) that in the House of Commons, the proposed ECPA (Electronic Commerce Protection Act) has unanimously passed the third reading. As the next step in the legislative process, the Act is now proceeding to the Senate, as reported by exchangemagazine.com on December 3, 2009.

If any one goes against the ECPA or anti-spam act, this legislation or bill would permit consumers and businesses to take civil action against the offender. This bill will give the Competition Bureau, the Canadian Radio-television and Telecommunications Commission (CRTC), and the Office of the Privacy Commissioner the authority to share proofs and information with their equivalents in other countries who implement similar (anti-spam) laws globally, so that criminals beyond Canada’s boundaries cannot use Canada to operate their malicious business.

According to the ECPA, business groups using spam for marketing purposes could be charged with the administrative monetary penalties of up to $10 Million and individual spammers, up to $1 Million.

Such an act will be an option that will show the spammers that penalties do exist for their misdeeds. Also, the government expects that this step will be more than a fine, substantial enough for the offenders to deal with, and it will probably curtail such malicious activities.

Moreover, this legislation will help Canada to become a leader in the digital economy as it will ensure a safer marketplace. The Senate is expected to act immediately on this bill to ensure protection for Canadian consumers, said Clement.

As a matter of fact, passing of the proposed bill is much required because Canada is the host to around 5% of the global spam. In terms of spamming, Canada holds the fourth position globally following Russia and just before Brazil. The government presented these statistics provided by Cisco, vendor of network management and networking equipment for the Internet.

However, the effectiveness of Canada’s new anti-spam law remains to be experienced as despite hundreds of cases pending in US courts and huge penalties being imposed, there doesn’t seem to be a dent in the spam levels.

» SPAMfighter News - 14-12-2009

According to the new State of Spam and Phishing Report from security company Symantec issued on November 9, 2009, over 90% of the total electronic mails are either phishing or spam messages.

Symantec states in its report that increasing number of spam mails are presently emerging from Asia-Pacific and Japan, and based on the observations, these regions are likely to surpass earlier key offenders, North America and Europe.

Amanda Grady, Principal Analyst at Symantec, stated that increasing junk e-mails from Asia Pacific, Japan and South America weren’t totally unexpected if one took into account the enormous rise in Internet connections there, as reported by V3 on November 9, 2009.

According to Symantec, while most of the spam continues to originate from Europe (28%), this has dropped 6% since June 2009. The security company also discovered in its report that spam attacks increasingly targeted people using social-networking websites, particularly Facebook.

During October 2009, phishing activities were found to have increased, as per earlier months’ forecasts. The company saw a 17% rise in phishing attacks since September 2009, with 30% of all related fraudulent websites had been created with phishing toolkits, accounting for a 24% increase.

Symantec also found that non-English phishing websites increased 45% from September 2009. These websites used the hosting services of over 97 companies and they resulted in 8% of the total number of phishing attacks, but represented a 19% decline in the aggregate number of Web-host URLs in relation to September 2009.

Moreover, the company witnessed a significant rise in phishing websites created with phishing toolkits.

In the meantime, the most current trend of declining e-mail scams or phishing e-mails possibly has halted since toolkit attacks revived during October 2009, which suggests that the holiday period is approaching, Symantec stated.

Symantec in its October State of Spam report has stated that there is frequently a rough correlation between the total amount of spam mails and the condition prevailing over an economy. According to the company, spam represents the main portion (86%) of the total e-mail.

» SPAMfighter News - 20-11-2009

Spamhaus $11 million fine thrown out

http://www.virusbtn.com/news/2007/09_07a.xml?rss=

The case was first brought last autumn, and after initially challenging the charges Spamhaus withdrew from the case, as the US court in which it was brought had no jurisdiction over the organisation’s UK-based operation. e360 was thus granted a default ruling in its favour, with the $11.7 million fine called for based on its own uncontested evaluation of the damage caused by Spamhaus filtering out its mails. The spam fighting organisation was also ordered to apologise publicly and to remove e360 from its ‘ROKSO’ list of known spammers in perpetuity - another ruling whose legality has been questioned by the appeal court.

The appeal court ruling still grants 360 the case, due to Spamhaus’ refusal to contest it, but has passed the settlement award back to the lower court to be analysed more closely. Spamhaus continues to include e360 on its list of spammers, and has suggested e360 brings the case to a UK court, where its activities would fall under stricter anti-spam laws. Attempts by e360 to have Spamhaus’s domain registration revoked have been ignored by US courts.

A Wired.com blogger looks into the case in more detail here, and carries a full copy of the latest ruling (in PDF format) here.

07 September 2007