Making the Most of the Internet - Blog

 

Sunday, January 20, 2008

The Changing Face of Spam

 

It is now six months, since I started the new method of collecting and analysing spam.

If I tried to collect all the spam sent to daisy.co.uk, jamesmiller.com and all of the other domains I use, it would be a nightmare, as I get upwards of 13,000 messages every day. I may be sad, but not that sad.

So I just analyse the spam sent to legitimate e-mail addresses in those domains and then split it down into several groups like Banking, Drugs, Gambling, Loans, Pornography, Pump and Dump, Replicas, Viruses and Others. The last group contains all the weird ones of which I have no idea what they are about.

Note that all of the graphs in this topic can be clicked and you will see a full-size version in another browser window.

Average Monthly Spam

This graph shows the average number of spam e-mails I've received every day from August 2006 to the 19th of January 2008.

Average Monthly Spam - Click for Large

As you can see it has risen alarmingly. In just under 18 months, the numbers I have received has gone from about 3,000 a day to around 14,000.

So why has this alarming increase not been raised in the media?

Probably because Internet companies have been able to grow to accommodate this traffic and also because governments and especially the US government have done little to halt the tide of spam.

Percentage Good Addresses in Spam

Here, I show the percentage of spam I received that goes to e-mail addresses that I have used.

Percentage Good Addresses in Spam - Click for Large

Typically, many of the e-mails I get are to e-mail addresses that have been made up by computer programs run by spammers. The reason is that spammers get paid to send e-mails by the million, so it is easier to create bogus ones than find genuine ones.

You will notice in the graph, that this percentage was decreasing, but this process seems to have stopped and may have reversed.

Perhaps they have made up enough addresses.

One side effect of made-up e-mail addresses, is that many companies bounce e-mails that don't exist, so this creates more unwanted e-mails which generally go to another legitimate organisation, whose e-mail address has been spoofed to send the original e-mail.

So one spam message causes a chain of unwanted messages.

Percentage Weekly Banking Spam

We all get quite a few e-mails that are trying to obtain your bank account details.

This graph shows the percentage of this type of e-mail that I get to legitimate e-mail addresses.

Weekly Banking Spam - Click for Large

These tend to go up and down a bit and they are not as high a percentage as they used to be a couple of years ago. Most these days seem to be for NatWest, who I would never bank with, in case I was fooled.

You do wonder though how much fraud they create?

I think that the banks may make the situation worse, by generally paying out if there has been an on-line fraud. They should only pay out if the police take a formal statement and put all of those defrauded in a database.

Why should I say that?

In on-line gambling, there is quite a bit of poker room fraud, where two people working together use a stolen credit card to upload money, lose it from one individual to another and then withdraw it.

Are crooks doing that with on-line banking?

One puts a fair bit of money into an on-line account and generates a proper persona with the bank. Then his Internet friend in Ruritania withdraws it all, whilst his friend is on holiday or better still in hospital.

I suspect the bank would refund the cash.

If these e-mails didn't exist, then there would be much less chance of illegal withdrawals.

Percentage Weekly Drugs Spam

This type of spam makes up the majority that I receive.

Weekly Drugs Spam - Click for Large

As you can see the level of this type of spam varies between about forty and sixty percent of all of the spam e-mails I receive. It has perhaps risen slightly over the sixth months I have been doing this detailed analysis.

Contrary to popular opinion it is not all about Viagra. But perhaps seventy percent is about this type of lifestyle drugs, whilst the remainder is general drugs aimed almost exclusively at the American market. Many of the sites that do this type of promotion are based in Canada and are there because drug prices in that country are lower than the USA.

So again, it is the USA that must get its act in order to cut the level of this type of spam. But then the US Government must act against the drug companies, who benefit on the one hand from high prices and on the other from the sales in Canada.

Everybody, who has tried to reform the greedy American healthcare system has failed, so I doubt that we'll see any reduction of this type of spam.

Depressing isn't it?

Percentage Weekly Fraud Spam

This type of spam is one where crooks are trying to entice you to part with your money for various fee fraud or 419 scams. (419 scams are named after that part of the Nigerian penal code. Enough said!)

Weekly Fraud Spam - Click for Large

What seems to be happening here, is that the fee fraud ones, where you collect cheques for companies and then pass the money to a third party after deducting a percentage are declining.

Perhaps people are getting more sensible and just laugh at them. I hope so.

There is also the fact, that they are annoying legitimate companies, who are involving law enforcement agencies and hopefully there has been a degree of collar feeling.

But the 419s keep coming! I didn't realise that there was so much money unclaimed in bank accounts!

Percentage Weekly Gambling Spam

Here the spammers are promoting gaming sites. They are a complete waste of time as far as I'm concerned, as I only deal with reputable sites like Betfair.

Weekly Gambling Spam - Click for Large

There seems in the chart to have been a big push at the start of December. Could this be because the US government had stopped access to what I would consider are legal gambling and poker sites based in reputable jurisdictions?

So protectionist legislation and tactics brought in by the US moves the punters into the hands of crooks.

Percentage Weekly Loans Spam

This type of spam is where the spammers are promoting loans to people who have desperate credit problems. Did I hear sub-prime loans?

Weekly Loans Spam - Click for Large

Note how they went quiet with all of the problems of the sub-prime market and now that finance has dried up for the people who took these loans, the loan spam has started again.

I would have thought the best way to get your house reposessed would be to take out a loan promoted by a spammer.

Percentage Weekly Pornography Spam

Pornography and especially child pornography, is quoted by many as the reason the Internet should be banned.

Weekly Porn Spam - Click for Large

Note that the level rose around mid-October, but typically it is of the order of a few percent. None of these contain an image larger than about a 100 x 100 pixels and the number that are promoting child pornography is extremely small. (I have had about ten or so in the period of this analysis. None had images, so I just reported them to the Internet Watch Foundation and then erased them.)

Percentage Weekly Pump and Dump Spam

Pump and dump scams are those where you are encouraged to buy worthless shares, so that others can make a killing.

Weekly Pump and Dump Spam - Click for Large

In this graph they show a fairly steep decline from about ten or twelve percent to virtually nothing.

Why?

Because the SEC in the USA has a very strong policy of suspending shares mentioned in these scams.

In other words, action can work.

So why is the US not taking action in other areas to stop spam?

Percentage Weekly Replicas Spam

This group includes replicas of expensive watches and other luxury goods.

Weekly Replicas Spam - Click for Large

The graph shows that this spam increased in the run up to Christmas and the New Year and has now started to fall back.

That illustrates to me, that spammers are not mindless, but target their rubbish to where the weak may break and buy their crap.

Percentage Weekly Virus Spam

This group is composed of messages that try to get you to download viruses. The messages are characterised by IP addresses and teasing messages.

Weekly Virus Spam - Click for Large

The graph may or may show that this type of spam is declining, as it does tend to turn up in bursts.

But whenever you get it, never download it.

Percentage Weekly Others Spam

This group contains everything else.

Weekly Others Spam - Click for Large

Note how it has declined.

Could this be because spammers are concentrating on spams that work?

An interesting point is that a sub-group of spams that are unreadable as they are in Russian, Japanese or other non-Roman languages appears to have declined.

Conclusions

There are some main conclusions that can be made :-

1. About 60% of spam is drug-related.

2. A large proportion of spam is aimed at customers in the USA.

3. When action is taken at a government level, as the SEC has done in the case of Pump and Dump scams, the spam can be seriously reduced.

4. Spammers change their pattern of spamming according to circumstances.

But above all, it is about time that the US got its act together on spam and acted against US companies involved in the process.

Labels: