Spam that delivers a pink slip

Network World - Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read "Urgent - employment issue," and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.

And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.

Score another one for spammers.

Called targeted spam or spear phishing , this type of spam that's currently on the rise is particularly vexing because the spammer is able to "spoof" the sending e-mail address to make it look like it's coming from within the organization of the recipient, making it difficult for spam filters to catch. And, unlike traditional spam that is sent in the thousands, spammers are sending just handfuls of these messages at a time, again making it difficult for antispam technology to detect.

"We blocked a ton of spam at our e-mail gateway because the [sender] addresses are not valid, but these were," says Sharon Finney, information security administrator at Dekalb Medical Center that has 3,500 employees.

The IT department at the medical center found out about the scam when an employee in the HR department, who had received a frantic call from one of the scam's recipients, called the company's CIO. The first thing the IT department did was to set its Web filtering software to block all users from visiting the site linked to in the spam, says Finney.

Then Finney got on the phone with Proofpoint, the company's messaging security vendor, which used its automatic update service to add a rule to its customers' antispam filters that blocked e-mails containing the same link in attempts to protect others from the scam. Although these e-mails are highly targeted to their recipients and are sent in trickles instead of blasts, they're becoming more and common.

"I don't think we were the only ones targeted by this, I've talked to other local hospitals and they've gotten it, too," says Finney. "It's going to get ugly. Spammers are going to get stealthier and more targeted -- these recent e-mails had terminology specific to healthcare, so they knew we are a hospital."

Officials with Proofpoint, Dekalb Medical Center's messaging security vendor, agree that targeted spam is on the rise.

"We're seeing this more and more, typically either in large organizations or with very well-known brands," says Rami Habal, director of product marketing with Proofpoint. Once the company has been alerted to the scam, blocking it is easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases; gone are the days of simply filtering for the word "Viagra".

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.