Spam down, but email credential stealing on the rise says Commtouch

During the second quarter, says the IT security vendor, a number fake Twitter notifications have flooded inboxes worldwide with links leading to pharmacy pages.

Avi Turiel, Commtouch's director of marketing, told Infosecurity that he and his team have watched the spam levels go down, but spammers are still generating around 100 billion spammed emails every single day.

Turiel, one of the co-authors of the report, explained that whilst spam levels have fallen in the first half of 2011, the number of zombie PCs being used has gone up.

"There's been a lot more compromising of email accounts", he said, adding that fraudsters are becoming a lot more flexible in the way they operate, against a backdrop of blacklists of IP addresses and emails becoming a lot more effective.

By compromising a legitimate email address, he argues that hackers stand a much greater chance of their spammed or infected emails getting through company IT security defences.

"There is now a lot more credential stealing happening - we did some research into email usage and found that 30% of all email now comes from Hotmail addresses", he said, adding that the level of technical understanding amongst email users is a lot lower than many professionals have estimated.

Most users of internet email, he says, may also be aware, but they just don't care about security. This is, he adds, a problem that the IT security industry needs to address.

And then there is the issue of Android devices to attend to.

Android, he says, is a new computing platform, meaning that it does not - yet - have the security technologies that are taken for granted on other computing platforms.

This is not to say that Android is insecure, he told Infosecurity, just that the operating system has a higher profile in the industry, and so attracts more hackers and fraudsters.

In the medium term, he says, we are going to see a lot more third-party Android markets popping up, which is something that the IT security industry must also address in the longer term.

What’s hot on Infosecurity Magazine?