Spam Slayer: 2005 Inbox Forecast
Tip of the MonthBeware New Year's Phishing Scams: Online shopping peaks during the holiday season, and scammers know this. Be on the lookout for e-mail purporting to be from a financial firm or an online merchant that asks you to divulge personal information at a Web site. Such scams often artfully mimic authentic communication, but are from con artists exploiting seasonal online shoppers.
Inbox headaches reached new heights in 2004, mostly thanks to spam. So what does 2005 have in store? I'll gaze into my crystal ball to see what the new year will bring. But wait--I can't see; my fortune-telling sphere is clouded with spam.
Even More Spam in 2005
Despite the collective brain share of the best technical and legal minds fighting spam, I predict 2005 will be a banner year for unwanted e-mail.
This isn't just a guess: Evidence suggests more spam is on the way. E-mail security firm MX Logic reports that spam accounted for 80 percent of all e-mail in 2004, up from 62 percent in 2003. The company predicts the proportion will continue rising in 2005.
Viruses Infect 2005
I predict that viruses will learn a whole new host of nefarious tricks next year.
One new data-stealing trick will take advantage of increasingly popular desktop search software. These utilities help you unearth lost and forgotten files on your hard drive; the category includes Google Desktop Search as well as similar products in development by America Online, Microsoft, and Yahoo.
But I predict a virus will exploit such products. Using the index of your data that these programs create, the virus will be able to easily locate your personal information and send it back to crooks.
Security experts at antivirus vendor Sophos agree the number of viruses will grow in 2005. Sophos reports that the number of viruses has grown an average of 40 percent each of the past two years--just as spam has increased.
Phishing Hooks More Users
Look for big financial companies to announce aggressive anti-phishing initiatives in 2005.
Phishing attacks are a particularly insidious kind of spam, and they're on a steady climb, according to MessageLabs, an e-mail security service. In November alone, MessageLabs counted 4.5 million phishing-related missives.
Private industries need to act against phishing scams for two reasons. One, phishing scams hurt the credibility of services like online banking and e-commerce--and businesses don't want customers to become too scared to use them. And private industries need to crack down on phishing scams because law enforcement can't. The cops already have plenty of e-fraud on their blotter. And, technologically, phishers are more advanced than a lot of law enforcement resources.
Compounding the problem is the ongoing increase in processing power: It's become too easy for the average PC user to pump out spam and spam scams, according to MessageLabs.
"We see a lot of phishing scams coming from third-world countries," says Matt Sergeant, senior anti-spam technologist with MessageLabs. Third-world scammers benefit from cheap bandwidth, a good technology infrastructure, and poor policing, Sergeant says.
ASP E-Mail Gains Ground
So where do all this spam, virus, and phishing attacks leave us? For many small businesses and individuals it's just too much to handle. That's why in 2005 you will see more consumers turning to Web-based e-mail services like those offered by Google, Microsoft, and Yahoo. Why?
Well, it's a pretty good deal. If you can get 2GB of storage, virus scanning of attachments, and a phishing-screening service, then paying a nominal fee (or nothing) makes the advantages of Web-based e-mail worth putting up with some of its shortcomings.
For the million or so small businesses that manage their own e-mail systems, letting someone else take care of the problems can be a huge relief.
CAN-SPAM Grows More Irrelevant
The year-old Controlling the Assault of Non-Solicited Pornography and Marketing Law, known as CAN-SPAM, gives law enforcement some teeth to bite spammers and forces some rules on e-mail marketers. This makes it a lot easier to tell the difference between good guys and bad guys. But clearly CAN-SPAM hasn't solved everything; and, sadly, it will grow increasingly irrelevant as more spam weasels its way into our inboxes from sources around the world.
Simply put, CAN-SPAM is tough to enforce outside of the U.S. So, like clandestine bank accounts and illicit Internet gambling, spam purveyors simply move offshore. And the real slime simply doesn't follow guidelines like supplying their bricks-and-mortar addresses and an opt-out box. Catch them if you can!
State Laws Slam Spammers
However, some help is on the way: I predict state-level anti-spam laws will be more effective at punishing spammers.
Sick of dealing with spammers, Ohio lawmakers are proposing their own anti-spam law. The current bill establishes criminal and civil penalties for people who use a computer to knowingly send five or more commercial e-mail messages and hide or alter the e-mail's origins. Violators who send more than 250 messages in one day face up to 6 to 18 months jail time.
The law, if enacted, would send the law's worst violators to jail for a minimum of 6 months and levy fines of $25,000 per violation, or $2 to $8 per violating e-mail.
Spam Drives Instant Messaging
In 2005, people tired of missing one valid e-mail in a haystack of spam will turn to instant messaging services from AOL, Microsoft, and Yahoo as an alternative to e-mail. It's already very popular to chat about both important and inane things on IM. But 2005 will be the year that IM will widely supplant e-mail.
Supporting this trend is the wide adoption of always-on broadband accounts. People will leave their IM software active and use messaging clients to have hybrid phone and text conversations. The result will be fewer long-distance charges and less reliance on e-mail (and exposure to spam).
Adoption of AOL Instant Messenger, MSN Messenger, and Yahoo Messenger will also be accelerated by the capability to archive and retrieve chat sessions. You can already store records of sessions, but doing so will get easier with features inside desktop search tools. For example, Microsoft's MSN Toolbar Suite automatically keeps searchable logs of chats.
Anti-Spam Technology Grows Slowly
Anti-spam technology seems to progress at a snail's pace. I predict that in 2005 technology will not be adequate to protect the average computer user from spam.
The latest technological approach to stop spam and phishing attacks is called e-mail authentication. This technology would enable an ISP to verify that an incoming e-mail message was actually sent from the domain in its return address--and if not, reveal the real source. In addition to helping authorities track down offenders, this authentication would give ISPs the power to block e-mail that has forged source information.
E-mail authentication is a great idea, but faces serious hurdles. Namely, vendors must agree on a single, open standard to avoid confusion and crippling costs for small ISPs. Now, several competing authentication systems are proposed by Yahoo, Microsoft, and AOL. Others are being tested by e-mail providers as big as EarthLink and Yahoo.
But even if a standard authentication system is established, spammers will just start authenticating their spam, warn anti-spam companies. After all, CAN-SPAM allows marketers to send unsolicited e-mail; they just can't be deceptive about who they are and where their messages are coming from.
Bill Gates Is Proven Wrong
Microsoft's Bill Gates has been outspoken and optimistic about eradicating spam.
He predicted in January 2004 that technology will help us finally win the battle against spam by 2006. Gates said a combination of technologies and tough anti-spam laws will finally clean up our inboxes.
I hope Bill Gates is right, but I predict he is wrong.
Q. What can I do about the offshore spammers who want me to help them get their money from these so-called inheritance schemes? I get two or three of these e-mails every week. And how did they get my address?
I read somewhere that someone was mailing them back and harassing them successfully. I would enjoy that.
A. That type of e-mail hoax, which has been making the rounds for years, involves an alleged plea for help getting cash out of a country under siege--for a generous cut. There are many newer iterations of this same scam, and people continue to get fooled.
Don't waste your time replying to spam, much less a phishing scam. All you can do about phishing e-mail is delete it. If you want to act, the Federal Trade Commission accepts complaints online.
People have spent precious hours of their lives corresponding with these scammers and have accomplished nothing. By responding to scammers or spammers, you only let the senders know their e-mail is making it past spam filters. They are likely encouraged by your response--it gives them hope that others are reading their e-mail and may be willing to respond.