We have met the enemy and he is us.
So says the Radicati Group, which Wednesday released preliminary
results of a survey showing that it's bad behavior on the part of
users -- us, in other words -- driving the spam and virus threat.
And you thought it was spammers and hackers.
"Frankly, it surprised us that users are still responding to 'spam'
and opening 'unsolicited' mail," said Sarah Radicati, the chief
executive of the Palo Alto, Calif.-based market research firm which
conduced the online poll.
According to Radicati's survey, 31 percent of those polled have
clicked on embedded links within spam at one time or another.
"Clicking on embedded links helps spammers determine 'live' accounts,
which encourages repeated spam attacks," said Radicati. And
enterprises can be compromised by a single miscreant. When an active
account with a domain is identified, organizations are at greater risk
of follow-up directory harvest attacks.
Eighteen percent of users admitted that they'd clicked on the
"unsubscribe" link in spam, another behavior that's exploited by
spammers, who then know the address, and perhaps the entire domain,
are active and so potential targets for follow-on spam campaigns. Even
worse, spammers sell and trade lists with virus writers eager to
accumulate bots, so by telling a spammer they're "live," users
increase their risk of later receiving worms and viruses.
But the most stunning statistic, said Radicati, was the last: more
than 10 percent of the respondents have purchased products advertised
in spam.
"With the near-zero cost of sending out huge volumes of spam, the fact
that more than one in ten users are purchasing products is clearly
continuing to drive the economics of spam," said Radicati.
"Although one person's spam may be another person's information," she
said, "it's clear that education isn't working. Either the spam
product offers are just too good to pass up, or users still have an
enormous lack of awareness of the danger of clicking on e-mailed
links."
Companies need to do a much better job, she said, of educating their
employees. "They're not," Radicati said. "They may say 'don't do this'
and 'never do that,' but there's simply not much formal training."
Our continued bad habits, she said, explains why e-mail security
threats -- spam, worms, phishing -- continue to explode.
"Anti-spam technology routinely achieves 90 percent plus catch-rates,
yet no technology in the world can protect an organization if users
exercise bad e-mail behavior."
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . Hundreds of new articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, The Associated Press.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml