Despite advances in anti-spam technology, spammers consistently manage to foil the products designed to thwart them. As long as sending unwanted e-mail remains a profitable proposition for spammers, they will continue to find ways around filters with techniques that are becoming more advanced.
In the last six months HTML-based spam has started replacing text-based spam, says Sue Larsen, vice president for global content team at SurfControl. "It can be just an image pulled down from a server," she says about this new form of spam. This "hidden agenda" technique lets the spammer split spam words by mixing ASCII text and HTML to make them unreadable by dictionary-based scanning tools.
Another technique called treacherous tracks, makes it possible to capture a recipient's e-mail address when he clicks on a picture embedded in the message. More severe still are "dodgy domains," which let spammers commit fraud by redirecting users to a fake Web site masquerading as a legitimate one.
Dodgy domains have been used in several cases of online fraud committed against banks, such as Citibank, and e-commerce sites, such as eBay. "They just hijack you," Larsen says.
A recipient of the e-mail who doesn't recognize that the originating e-mail address doesn't match the company name in the e-mail might click on a link embedded in the message that brings the recipient to the dodgy domain. There the recipient is asked to enter personal and financial information, such as Social Security number or bank account number, which allows the spammers to steal the recipient's identity.