The Spam Before Christmas

It’s not your imagination: This December, you are receiving more shady shopping offers, picture postcards from nonexistent friends, and racy come-ons from girls in the Ukraine who you’ve never met. We are breaking the records for spam right now. And if it’s not causing at least scattered problems in your enterprise, including PCs with spyware and malware infections, I’d be surprised.

Postini, which makes popular enterprise spam-blocking software, recently made a splash by declaring that among its customers, spam now represents 93 percent of all email. For every one legitimate email, we all are getting 12 spam messages, Postini’s data shows.

Today, another spam-management vendor, Marshal, reports a big increase in global spam tied to the holiday season, especially phished emails coming from China and South Korea. Since Thanksgiving, phish emails rose from 0.4 percent of all spam to 2.2 percent in early December. That’s triple the average level in the past six months, according to Marshal.    

Whatever you do, even if you are caught up in the holiday nonsense that left my father waiting two hours in line at Toys R Us in earnest pursuit of a TMX Elmo doll, don’t click on any emails relating to hot products.

Marshal’s data shows almost 11 percent of global spam right now is holiday related — touting the red, furry and scarce Elmo doll and other hard to find gifts. People doing holiday shopping on work PCs at lunchtime could be particularly bad news this year.

Why do people keep spamming? Because people keep opening unsolicited emails. Today’s spam filtering products can do a lot: They can fight back against image spam, block emails from specific countries, and use plenty of other tricks to help you avoid email bearing spyware and malware. But spammers keep innovating. And we’re only human.

I almost got caught recently, not by an innovative approach, but by the simplest of coincidences.

I’m constantly warning family members to not even think about opening emails from people they don’t know.  (And if you’re the “free tech support person” in your family, you’re with me here. My dad’s PC is finally clean of spyware, but the moment someone convincingly phishes Royal Caribbean cruise vacation specials, my mom’s PC is going to sink.)

But I almost clicked on an email “postcard” from the dark side a couple of weeks ago, because it said it was a picture from David. I only know one David, and he’s my boss, so I almost clicked without thinking. It dawned on me, in the nick of time, that the message probably was spam (that made it through our fairly effective spam-blocking filter here at CIO.)

If I had been more tired that day, I might have turned my PC into the newest conscript in the spambot army. Which would have been more than a bit embarrassing.

Is spam gunking up your email system this month? How are you protecting end-users from the newest email wolves? Share your gripes, and better yet, some advice: You could help other CIOs avoid a holiday spam headache.