Personalised spam set to flood inboxes
Spammers are less than a year away from mass-mailing messages with personalised subject lines, greatly increasing the chances of users opening the message, a security expert has warned.
Technical staff, for example, are currently receiving messages with subject lines such as “DNS change request”.
Matt Sergeant, senior anti-spam technologist at Messagelabs, believes this is a trial run for more widespread spam using the same social engineering principles.
“The end game is for spammers to pull together information from the site where they harvested your address and generate highly specific subject lines using text automatically extracted from the source,” he said.
Such an e-mail stands a greater chance of slipping through a single-technology filter such as the Bayesian spam filter in Mozilla’s Thunderbird e-mail client, favoured by many techies.
The spammers will still be sending out millions of e-mails, but each one will be personalised for the target. Such a scenario is “six to 12 months away”, Sergeant believes.
Messagelabs has already warned about targeted phishing attacks using personal information harvested from social networking sites like MySsace.
The best way to protect against such attacks is to use e-mail filters that deploy more than one technique, according to Sergeant.