AppRiver has revealed details of how criminals are using spam to hide their crimes. Fred Touchette, security analyst at AppRiver explains the DSD (Distributed Spam Distraction) technique:
"In January we ran across an identity fraud technique that we see several times a year. This technique is highly targeted towards a specific individual, and is difficult to block in its entirety. It's also difficult to understand if you have no idea what is happening. It’s been dubbed the DSD Technique, standing for Distributed Spam Distraction Technique. It hasn't quite caught on yet, but you never know.
“After a blast lasting anywhere from 12 to 24 hours an inbox will receive around 60,000 of these benign seeming annoyances, and then suddenly they'll just stop. After the binary dust settles you'll wonder what the point was. While it certainly makes it nearly impossible to use your email, it actually has one specific goal in mind, distracting you from your actual valid email. The people behind this spam blast have somehow obtained personal account information for their target as well as their proper email address. In order to hide account transaction information confirmation emails, such as purchase receipts or balance transfers which now arrive instantly via email, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood. Once the bad guys are done with their activities they'll stop the flood.
"The best thing to do if you notice this happening is not to try to monitor the email account, but instead go directly to their account(s) activity (i.e. bank, retailer, etc.) Possibly give any that may be at risk a call in advance. This may sound daunting, but not as daunting as sifting through tens of thousands of emails over a 24 hour period waiting for the one with the clue. These fraudulent transactions need to be caught fast so that they can be stopped at the financial institution before they're finalised.
“Play it safe and if something seems fishy, like in this scenario, it probably is. Good safety precautions when performing any transaction online is key to help prevent things from getting to this point to begin with.”
AppRiver today published its Global Threatscape Report, a detailed analysis of web and email-borne threats and malware trends traced between January and June 2013.