Mass-distributed, unsolicited email is a growing problem, with a recent study estimating that ‘spam’ now represents 75% of all email sent. One of the most common forms of spam is phishing, a fraudulent email which purports to be from a trustworthy source and attempts to persuade the recipient to part with private information such as credit card numbers and online passwords.
In a typical online banking phishing scam, the user receives an email informing them that they need to confirm some details with their bank. The user clicks on the web link provided and, under the impression that they are on their bank’s website, proceeds to enter their user name and password. When they click ‘submit’, all of the information is passed on to the fraudsters who can then use it to log into that person’s real account. Providers such as PayPal and Amazon, who routinely store payment information on a user’s account, are also common targets for this form of phishing.
Advanced phishing scams will also ask for additional information such as the user’s passport number, mother’s maiden name or address. This information can then be used to commit identity fraud, where finances, goods or services are acquired using another person’s identity. Common scams in this vein often require the user to ‘register’ to claim a prize.
When spam is recognised, there are several steps that can be taken to block further email from that domain, including using the ‘block/report sender’ button, which sends future emails to the ‘bulk’ folder. In some cases this can lead to the future email from the domain being blocked if the server administrator maintains or subscribes to a black list of domains guilty of spamming. For this reason, spammers typically seek out ‘open relay servers’ to send their unsolicited mail.
An open relay server is any mail server that allows users to send email without authorisation. They are normally found where a server has been incorrectly configured, either accidentally or maliciously. Once a spammer locates an open relay server, they can send millions of emails without the knowledge of the server owner.
The costs to businesses of allowing a spammer to use its mail servers can be extensive. A business will often be entirely unaware of the abuse of its mail server until authorised users begin to report a pattern of refused emails. By this time the reputation of the company could have been severely damaged, with the domain name for the company blocked by administrators and spam listing services. Affected businesses may also find key emails to suppliers and buyers are being blocked, resulting in delays and further damage to the business’s cash flow and reputation.
For this reason, it is vital that all businesses have an acceptable use policy in place to reduce the chances of its mail server becoming exposed. This would include regularly reviewing mail server settings, educating employees on avoiding attachments and log in requests in unsolicited mail and regularly scanning the entire network for viruses. Ideally, a proper system should also be put in place with the server administrator to ensure that server activity is properly monitored so that breaches are quickly spotted and stopped.