Spammers, Spearphishers, Use Email for Personalized Attacks, Identity ... Scams & Fraud

Spammers Get Up Close and Personal

' Spearphishers' address you by name Here' s how to protect yourself

You may have noticed that your email inbox has less spam — you're getting fewer offers to sell cheap pharmaceuticals or help a deposed Yes, the volume of junk email is down — dramatically. Symantec, which makes Norton antivirus software, estimates that spam peaked in July 2010 with an average 225 billion messages sent each day, compared with less than 50 billion a year later. See also:
Photo by Corbis In spearfishing, scammers try to hook you with a personal touch; using your name, for instance. Some of the credit goes to law enforcement and corporate cyber-cops for busting major criminal networks that were sending the stuff out through "," home or business computers that have been stealthily linked to forward spam. In April, the FBI helped seize control of one botnet, called , and scrubbed 19,000 computers infected with its spam-sending software. And in the same month, Microsoft managed to dismantle the infamous botnet, which once distributed nearly half of all spam.

Related

Targeting you But there's another reason for the drop: The crooks are narrowing their targets. Rather than sending out masses and masses of generic, one-size-fits-all messages and hoping to hear back from just a tiny fraction of recipients, they are shifting to lower-volume but more personalized attacks. Their emails are addressed to you alone and appear to come from people you know. The new tactic is called "spearphishing." And its personal touch pays off. Between June 2010 and June 2011, according to a , money that spearphishers squeezed out of victims quadrupled from $50 million to $200 million. During the same period, money made from traditional spam dropped from $1 billion to $500 million. Scammers realize that these days you're likely to ignore a "Dear Friend" request asking for your bank account number. But when the same request comes in an email purportedly from your bank — and addresses you by name — the odds greatly increase that you'll give the sender the hoped-for response. The same applies to a "Dear Mr. [your name here]" letter asking for your credit card number because of an alleged problem with a recent purchase and noting details of that transaction. It's much more credible than one that's addressed "Dear Customer" and that contains no personal details. How do spearphishers get your particulars? Sometimes, the info is collected on social networks such as Facebook or Twitter, which, in addition to revealing your friends and family, could include posts about that new camera you purchased at the mall last weekend. Or maybe your employer's website lists your name and those of coworkers. Other personal information can come from data breaches — the hacking of big institutional computers — and from the that has a wealth of information about you and companies with which you do business. Five ways to avoid spearphishing Always maintain a healthy dose of suspicion about email that names you, just as you should with generic come-ons. This is rule number one for preventing the "friendly fraud" of spearphishing scams. Keep in mind that banks, government agencies and legitimate businesses don't send emails demanding that you update personal information or provide financial account or If an email appears to come from a friend and suggests you click on a link, a quick phone call to that friend makes for easy verification. Be less social on social networks. Don't easily accept new "friends" or readily post potentially exploitable details of your life or those of your family and friends. Watch for "scammer grammar." Spam has changed, but tone and style haven't. Spearphishers often operate from overseas and aren't native speakers of English, so look for frequent misspellings and word misuse, the giveaways of old-line spam. Also of interest: Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling. Cancel You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits. Your email address is now confirmed. You'll start receiving the latest news, benefits, events, and programs related to AARP's mission to empower people to choose how they live as they age. You can also by updating your account at anytime. You will be asked to register or log in. Cancel Offer Details Disclosures

Close In the next 24 hours, you will receive an email to confirm your subscription to receive emails related to AARP volunteering. Once you confirm that subscription, you will regularly receive communications related to AARP volunteering. In the meantime, please feel free to search for ways to make a difference in your community at Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.