SurfControl Warns Against New Rash of E-Mail Scams, Latest Spamming Efforts

SurfControl Warns Against New Rash of E-Mail Scams
Monday August 30, 9:33 am ET
Latest Spamming Efforts Employ New Technology Techniques, Target Google, the Olympics and Others


SCOTTS VALLEY, Calif., Aug. 30 /PRNewswire/ -- What do Google, the Olympic Games and U.S. Bank have in common? All three are being used this month by spammers to lure computer users into opening misleading, fraudulent and potentially harmful messages, according to SurfControl (London: SRF), the world leader in enterprise Web and e-mail filtering.
SurfControl researchers reported a rash of scams in August that use new spamming techniques and current events to dupe computer users.

"There is greater awareness of the risks associated with spam and e-mail, so spammers must continually create new techniques to trick end users," said Susan Larson, vice president of global content for SurfControl. "Companies should be on the lookout for these new techniques and others as they emerge."

The Google scam, discovered this week, appears in inboxes with the subject line: "Google, # 1 Search Engine." It asks users to download the latest Google Toolbar to stop pop-ups and spyware and then directs them to a link to download the toolbar executable. SurfControl's global content team warns that this download has all the signs of a serious virus-infected file.

SurfControl's content team noted several aspects of the e-mail that indicated it was a hoax. The sender address was from an individual rather than Google. Also, the IP address for the toolbar download link matches that of a suspicious Web site which sells "The Essential Underground Handbook," a guide to get-rich-quick schemes and other forms of fraud.

The research team also noted that spammers are increasingly embedding images into their messages, rather than using HTML. This technique is particularly notable because it allows spammers to work around the spam protections offered in Microsoft Outlook 2003, which can block HTML-based graphics. It also bypasses the text-scanning abilities of traditional anti- spam filters, since the text is all part of the embedded image.

This increasingly popular technique was found in three widely circulated spam messages this week, including one that appeared to be a brand spoof using U.S. Bank as part of a phishing scam. The others were advertisements for sexual performance drugs.

"When it comes to spam, the old adage is true: a picture is indeed worth a thousand words," said Susan Larson, vice president of global content for SurfControl. "We think spammers will see a higher catch rate by incorporating graphics in their messages in this way."

Finally, SurfControl researchers discovered a scam playing on the excitement surrounding the 2004 Olympic Games that also helped the spammer circumvent the new federal anti-spam law. With subject lines including "Olympic Games," "Olympic Medals," "ATHENS 2004" and "ATHENS RANKS," the message appeared to provide the latest Olympic medal tallies. Directly beneath the tallies, however, the spam gave the name of a company "sponsoring" the information and a link to an advertisement for Viagra.

"The Olympic spam combines two spamming techniques," Larson said. "First, the message capitalizes on a timely event that prompts more people to open the message. Second, it makes an amusing attempt to comply with the federal CAN- SPAM law, which applies only to e-mail messages whose primary purpose is commercial. The Olympic medal tally is supposed to shield the spammer by making the e-mail a form of non-commercial entertainment. Nice try."

SurfControl's global content team monitors and analyzes worldwide spam trends every day. The team first identified three kinds of brand spoofing scams in March 2003, and since has seen that number grow to dozens of new brand spoofs as spammers try all kinds of new techniques to dupe the unwary.

SurfControl offers the following guidelines to companies to protect users from spam and phishing threats:

1. Educate users to never volunteer confidential information in response
to an unsolicited e-mail. If they believe the message may be
legitimate, they can contact the company or organization directly
without replying to the spam.

2. Advise users to never follow any link in an unsolicited or suspicious
e-mail. The simple visit to a Web site could trigger multiple IT
threats, including viruses or even a Trojan horse program allowing the
spammer to control the computer remotely.

3. Ensure that all anti-virus and operating system software is up to date
and configured with the most recent security updates.

4. Monitor Internet and spam security information resources -- for
example, SurfControl issues regular Network Risk alerts to company
customers frequently.


E-mail filtering can substantially reduce the risk to employees using e- mail at work by halting the spam before it enters the corporate network. Companies using SurfControl E-mail Filter can block any fraudulent spam they identify by adding it to the filter's rules and custom dictionaries. SurfControl's unique Anti-Spam Agent uses digital signature recognition technology and compares e-mails with a constantly updated database of known spam, including the most recent brand spoofing scams. Companies also can rely on SurfControl's own multi-layered technology that uses lexical analysis based on advanced Boolean logic to build accurate spam-identifying rules and dictionaries. SurfControl E-mail Filter allows companies to add, edit or delete words, phrases and alphanumeric patterns to construct rules for their own individual company or industry.

"Filtering technology, like SurfControl, stops e-mail scams from ever reaching the end user," Larson said. "When backed up with basic e-mail education -- simply teaching employees to use the 'filter between their ears' -- companies can stop spam, and protect both employee privacy and the corporate network."

About SurfControl

SurfControl plc, the world leader in enterprise Web and e-mail filtering, delivers on its promise to help companies 'Stop Unwanted Content' in the workplace by continuous innovation, invention and expansion of its filtering products to address new content risks as they emerge.

SurfControl is the industry's only complete solution to managing Internet risk. SurfControl technology protects all points of entry, and every way employees use the Internet for business -- Instant Messaging, Web, e-mail and peer-to-peer. It also works on every platform they work on - Blue Coat, Cisco, Check Point, Microsoft Exchange and ISA 2004, and many more.

The company's products and technology are used by more than 20,000 customers worldwide, including many of the world's largest corporations. SurfControl employs more than 500 people in offices across the United States, Europe and Asia/Pacific.

For further information and news on SurfControl, please visit http://www.surfcontrol.com/.


The mul