- Internet & the Web
In the Struggle Against Spam, the Human is the Weakest Link
Deploying technologies such as anti virus protection, spam filters, web proxies, and firewalls, corporations continuously try to protect information and data assets. Keeping up with the latest scams, exploits, and security updates calls for nonstop vigil, and the spammers keep the pressure on by endlessly broadening the footprints, complexity, and sheer volume of junk e-mail they transmit out. Many junk e-mail filters are not able to keep up with the many variants of e-mail threats. A growing percentage of these are carrying no destructive payload themselves (thus getting around e-mail security that relies on malicious software signatures), but attempt to tempt users to web sites that are capable of "drive-by" infections. What this basically means is that your PC can be infected just by visiting this type of internet site, without even clicking anything or otherwise interacting with it. Promises of free music, ring tones, computer software, or photos provide incentives to see these internet sites.
People are more drawn to the links, and most likely to visit them, because they are being lured by prime human traits by the attackers, like wanting to get something for free, curiousity, and even lust. The trust in the level of corporate protection against spyware and other forms of malicious software is increasing, which is the fundamental reason of this. This "wetware," as spammers and other malicious software creators call it, is leading to them increasing the social aspects of their assaults in order to take advantage of improvements in social networking websites. To battle this type of junk e-mail, organizations have to combine the current technology, including heuristic techniques, point of origin analysis, etc., with clearly stated and communicated policies for dealing with unsolicited commercial e-mail.
Well-educated end users will help eradicate the weaknesses posed by "wetware." Targetting the human component of security measures by mailing deceptive e-mails is normally called phishing. When the attacker has any fundamental data on the victim, these assaults are very targeted and efficient, these attacks are normally called spear phishing.