The rapid growth of the internet is transforming how we engage and communicate. It also creates new opportunities for fraud and data theft. One way cybercriminals exploit the vulnerabilities of new technologies and potential victims is the use of deceptive emails on a massive scale.
In a sample of more than 13 million emails identified as spam, more than 100,000 contained malicious attachments; nearly 1.4 million contained malicious web links. If opened, these attachments and links could infect the recipients’ devices with software that allows cybercriminals to remotely access them.
This paper describes how crime groups increasingly adopt novel approaches to cybercrime. Increased law enforcement capacity, the cultivation of high-level coordination between industry, government and police, and the further development of machine learning techniques should be at the forefront of government initiatives in this area.
References
URLs correct at September 2024
Alazab M & Venkatraman S 2013. Detecting malicious behaviour using supervised learning algorithms of the function calls. International Journal of Electronic Security and Digital Forensics 5(2): 90–109
Anderson R et al. 2013. Measuring the Cost of Cybercrime. In Böhme r (ed.), The Economics of Information Security and Privacy IV:. 265–300
BarracudaCentral 2015. Spam Data.
Broadhurst R 2006. Developments in the global law enforcement of cyber-crime. Policing: an International Journal of Police Strategies and Management 29(3): 408–433
Broadhurst R & Chang L 2013. Cybercrime in Asia: trends and challenges. In Liu j, Hebenton b & Jou S (eds), Handbook of Asian Criminology New York: Springer:49–63
Broadhurst R, Grabosky P, Alazab M & Chon S 2014. Organizations and Cyber crime: An Analysis of the Nature of Groups engaged in Cyber Crime. International Journal of Cyber Criminology 8(1): 1–2
Chantler A & Broadhurst R 2006. Social Engineering and Crime Prevention in Cyberspace. Brisbane: Queensland University of Technology. https://eprints.qut.edu.au/7526/
Cisco 2011. Cisco 2011 Annual Security Report. https://scadahacker.com/library/Documents/Threat_Intelligence/Cisco%20-%20Annual%20Security%20Report%20-%202011.pdf
Cisco 2014. Spam Hits Three Year High-Water Mark. https://blogs.cisco.com/security/spam-hits-three-year-high-water-mark
CYREN 2015. 2015 Cyber Threats Yearbook. https://data443.com/blog/cyren/cyren-2014-cyber-security-yearbook-stats-cyber-analysis-and-prediction-for-2015/
Davis M & Suignard M 2013. Unicode Technical Report #36: Unicode Security Considerations. http://unicode.org/reports/tr36/#Bidirectional_Text_Spoofing
European Commission 2009. EU study on the legal analysis of a Single Market for the Information Society: New rules for a new age? https://op.europa.eu/en/publication-detail/-/publication/a856513e-ddd9-45e2-b3f1-6c9a0ea6c722/language-en
FireEye 2013. FireEye Advanced Threat Report – 2H 2012. https://scadahacker.com/library/Documents/Threat_Intelligence/FireEye%20-%20Advanced%20Threat%20Report%20-%202H-2012.pdf
Grabosky P 2013. Organised Crime and the Internet. The Royal United Services Institute (RUSI) Journal 158(5): 18–25. https://doi.org/10.1080/03071847.2013.847707
Hong J 2012. The State of Phishing Attacks. Communications of the ACM 55(1): 74–81
Internet Governance Forum 2014. Best Practice Forum on Regulation and Mitigation of Unsolicited Communications (e.g. “spam”). https://intgovforum.org/en/filedepot_download/55/27796
Internet Governance Forum 2015. Regulation and mitigation of unsolicited communications. https://www.intgovforum.org/en/content/regulation-and-mitigation-unsolicited-communications-4
International Telecommunication Union (ITU) 2013. Practices to Reduce Spam, Question 22-1/1: Securing information and communication networks: best practices for developing a culture of cybersecurity.
ITU 2014. ITU and Internet Society collaborate to combat spam. https://www.internetsociety.org/news/press-releases/2014/itu-and-internet-society-collaborate-to-combat-spam/
Krebs 2011. ‘Right-to-Left Override’ Aids Email Attacks. https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/
Krebs 2012. Who’s Behind the World’s Largest Spam Botnet? https://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet/
Krebs 2014. ‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge. https://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/
London Action Plan 2016. The London Action Plan. https://www.ucenet.org/history/
McAfee. (2013). Cybercrime Exposed: Cybercrime-as-a-Service. https://scadahacker.com/library/Documents/Threat_Intelligence/McAfee%20-%20Cybercrime%20Exposed%20-%20Cybercrime%20as%20a%20Service.pdf
McGuire M 2012. Organized Crime in the Digital Age. London: John Grieve Centre for Policing and Community Safety
Mezzour G & Carley K 2014. Spam diffusion in a social network initiated by hacked e-mail accounts. International Journal of Security and Networks 9(3): 144–153
Microsoft 2011. Microsoft Security Intelligence Report, Volume 11, An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011. https://www.microsoft.com/en-us/download/details.aspx?id=27605
Moura G 2013. Internet Bad Neighbourhoods. Doctoral thesis, University of Twente, Enschede, Netherlands. http://dx.doi.org/10.3990/1.9789036534604
Mouton F, Leenen L & Venter HS 2016. Social engineering attack examples, templates and scenarios. Computers & Security 59: 186–209
OECD 2004. Background paper for the OECD workshop on spam. OECD Digital Economy Papers no. 78. https://www.oecd-ilibrary.org/science-and-technology/background-paper-for-the-oecd-workshop-on-spam_232784860063
OECD 2006. Report of the OECD Task Force on Spam: Anti-Spam Toolkit of Recommended Policies and Measures, No. 114. Paris: OECD Digital Economy Papers. https://www.oecd-ilibrary.org/science-and-technology/oecd-anti-spam-toolkit-of-recommended-policies-and-measures_9789264027176-en
Radicati S & Levenstein J 2013. Email Statistics Report 2013–2017. http://www.radicati.com/wp/wp-content/uploads/2013/04/Email-Statistics-Report-2013-2017-Executive-Summary.pdf
Rao J & Reiley D 2012. The Economics of Spam. Journal of Economic Perspectives 26(3): 87–110
Smith R & Hutchings A 2014. Identity crime and misuse in Australia: Results of the 2013 online survey. Research and Public Policy series no. 128. Canberra: AIC. https://www.aic.gov.au/publications/rpp/rpp128
Sophos 2014. How to send 5 million spam emails without even noticing.
Spamhaus 2015. The World’s Worst Spammers.
Stone-Gross B, Holz T, Stringhini G, & Vigna G 2011. The underground economy of spam: A Botmasters perspective of coordinating large-scale spam campaigns. Proceedings of the 4th USENIX conference on Largescale exploits and emergent threats. Berkely, California: USENIX Association: 4
Stringhini G, Holz T, Stone-Gross B, Kruegel C & Vigna G 2011. BOTMAGNIFIER: Locating Spambots on the Internet. Proceedings of the 20th USENIX conference on Security. San Francisco, California: USENIX Association: 1– 16
Symantec 2008. MessageLabs Intelligence: 2008 Annual Security Report. http://www.ifap.ru/pr/2008/n081208a.pdf
Symantec 2012. Symantec Internet Security Threat Report: Trends for 2011, Volume 17. https://www.broadcom.com/support/security-center/publications/archive?
Symantec 2013. Internet Security Threat Report 2013: Volume 18. https://www.broadcom.com/support/security-center/publications/archive?
Symantec 2014. Internet Security Threat Report 19. https://www.broadcom.com/support/security-center/publications/archive?
Takahashi K, Sakai A & Sakurai K 2010. Spam Mail Blocking in Mailing Lists. In K. Nishi (ed.), Multimedi. Vukojar, Croatia: InTech
Thomas K et al. 2015. Framing Dependencies Introduced by Underground Commoditization. Paper presented to the 14th Annual Workshop on the Economics of Information Security (WEIS), Delft University of Technology, Netherlands, 22–23 June 2014. http://www.econinfosec.org/archive/weis2015/
Tran K-N, Alazab M & Broadhurst R 2013. Towards a Feature Rich Model for Predicting Spam Emails containing Malicious Attachments and URLs. Paper presented to the Eleventh Australasian Data Mining Conference: AusDM 2013, Canberra, 13–15 November 2013. https://openresearch-repository.anu.edu.au/items/0ec6410d-c89d-4960-8fbf-fcef4b6ab93e
Trend Micro 2012. Spear-Phishing Email: Most Favored APT Attack Bait. https://documents.trendmicro.com/assets/wp/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
UNODC 2013. Comprehensive Study on Cybercrime. Vienna: UNODC. http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf
Wall D 2015. Dis-Organised Crime: Towards a Distributed Model of the Organization of Cybercrime. The European Review of Organised Crime 2(2): 71–90
Wang D, Irani D & Pu C 2013. Is Email Business Dying? A Study on Evolution of Email Spam Over Fifteen Years. ICST Transactions on Collaborative Computing, European Alliance for Innovation 1(1): 1–14
Wang D et al. 2013. Click traffic analysis of short URL spam on Twitter. Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom) 2013. Austin, Texas: IEEE: 250–259