Project Honeypot has announced that they’ve collected one billion spam messages since they started in 2004. They have a pretty remarkable rundown of the trends for spammers in the last couple of years, including a look at the volume of product spam (V1AGRA, etc) versus fraud spam (419, etc). The majority of spam is still largely fire-and-forget, and only a relatively small percentage of spam is targeted at the recipient.
Interesting to me was that last year there were, basically, no phishing scams involving the popular social media sites. That’s all changed this year, though: “Today Facebook is the second most phished organization online and, if current trends continue, is on track to take the top spot in 2010.” Given the staggering number of people with Facebook accounts, phishing these accounts means the spammers have better odds of finding a sucker. I mean, not everyone has a JPMorgan Chase bank account, so phishing expeditions involving that site are bound to be received by more people that don’t have an account there than do. With Facebook, you’re almost guaranteed to send a spam message to someone who does have a Facebook account. And chances are high that many users use the same password for Facebook that they do for other stuff — like their own email account, for example — so successfully phishing a Facebook account can be a pretty useful thing for a spammer.
At my day job, we receive several million spam messages a day (we have, after all, over 60,000 active accounts at any one time). The alarming thing about these is that many of them are extremely targeted to our organization. Many of them do not contain the tell-tale spelling or grammatical mistakes so common in most spam messages. Indeed, the only indication that these are fraudulent messages is that they ask the user to reply with their username and password. And, depressingly, people do reply. It’s a constant fight to educate people about the dangers of spam.
And remember: spam email is different from the delicious potted meat product from Hormel. You can’t eat spam email, but you certainly can eat the potted meat product!