According to the Yankee Group, spam ranks as one of the top two security breaches that small and medium-sized businesses face. As spammers continue to refine their methods, find out what you can do to outsmart them and protect your small business.

Spam Trends

Spammers continue to find new ways to exploit the online community. In its recent review of the Top 10 Spam Messages of 2005, online service provider AOL noted an increasing sophistication on the part of spammers, who are using more targeted and personal ways to try to convince users to open their messages. For example, they may use subject lines like "Here is your order confirmation" or messages that include "'Click here' if this isn't your order."
 

Here are some ways spammers look for victims:

Phishing attacks: Phishing refers to email that appears to be from a trusted source or company, but is actually designed to fool recipients into divulging personal information such as credit card numbers, usernames and passwords, and social security numbers. Symantec's latest Internet Security Threat Report states that during the first six months of 2005, Symantec blocked 1.04 billion phishing attacks, compared to 546 million in the last six months of 2004 – a 90% increase.

Instant messaging: Spammers have started turning their attention to popular instant messaging services. A 2005 study by the Pew Internet and American Life found that 39% of U.S. Internet users under 30 had received spam via instant messages (otherwise known as 'spim'). The same study also found that 27% of 30 to 49 year olds had received spim.

Spambots and Zombies: These are two methods spammers use to cover their tracks and hide their identity. Spambots and zombies are easy programs for spammers to create: they simply configure the program and sit back as the program automatically sends spam to hundreds and thousands of email accounts.

Splogs: Spammers create hundreds of spam blogs that promote anything and everything from pharmaceuticals to mortgages to pornography. These blogs are full of links to Web sites, false or ridiculous content, and/or advertisements. According to Technorati, a weblog search engine, 5.8% of blog posts each day are spam, which is equal to approximately 50,000 posts per day. Other studies, however, put that percentage closer to 18%.

Spam Legislation: In an effort to protect consumers, Congress passed the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) in January 2004. The Act requires unsolicited commercial email messages to be clearly labeled and include opt-out instructions. Spammers are also prohibited from using deceptive subject lines and false headers. To help enforce these rules, the Federal Trade Commission (FTC) has a "Do Not Spam" list and can fine spammers that do not abide by the CAN-SPAM standards.

In a December 2005 report to Congress, the FTC declared the CAN-SPAM Act as effective in protecting consumers from unsolicited commercial emails. Legitimate online marketers are now following commercial email best practices outlined by the Act. The Act has also provided law enforcements and Internet service providers with additional leverage when bringing lawsuits against spammers. Since the CAN-SPAM Act took effect, more than 50 cases have been brought against spammers.

One recent example: In 2005, an Internet service provider in Clinton, Iowa, successfully sued a Florida man for sending out more than 280 million illegal spam email messages through its network. The ISP was awarded an $11.2 billion judgment.

Stopping Spam

A July 2005 study by the Small Business Technology Institute (sponsored by Symantec), found that many small businesses do not have even the most basic security measures in place. While 56% of small businesses surveyed experienced at least one security incident in the past year, 20% have yet to implement virus scanning on their email.
 

The most effective, multi-level defense against spam is spam filtering or blocking. Make sure the solution you select for your small business protects your network from spam and viruses while still allowing legitimate email through. Also consider your resources, i.e. if your business does not have the resources for an IT professional, be sure the solution you choose can be deployed quickly and easily.

Other tips:

• Never respond to suspicious emails or obvious spam.
• View emails in plain text, since invisible links may be hidden in HTML emails.
• Create a spam filter for your email.
• Configure your firewall to block all unrequested traffic.
• Report spam. Tell your Internet Service Provider, file an online complaint to the Federal Trade Commission, and/or report the spam to your local Business Software Alliance (check the contacts list at www.bsa.org).

Conclusion

Spammers collect email addresses from everywhere on the Internet: forums, Web pages, mailing lists, instant messaging services, etc. There are even companies that specialize in gathering and selling email addresses to businesses. However, staying on top of the latest spam trends, employing smart computing practices, and utilizing spam-fighting software can go a long way to protect your business.