• United States



The Top Spam Scams of the Season

Dec 14, 20073 mins
Build AutomationCSO and CISO

Although holiday-themed spam is less widespread this year than expected, e-mails containing ads for gifts, stocks and Viagra still proliferate

By Katherine Walsh

It’s not just Macy’s that’s decked out for the holidays. In case you hadn’t noticed, so are the contents of the spam filter. Here’s a run-down on the most popular scams of the 2007 holiday season so far.

* The gift of pump-and-dump scams. With a pump-and-dump stock scam, the spammer attempts to lure the recipient into investing in a particular stock, to nudge up the price of a given stock and sell it at a profit. The pump-and-dump stock scams that have been occurring during the last couple months have a holiday twist, says Matt Sergeant, chief anti-spam technologist at MessageLabs. Just after Thanksgiving, MessageLabs filters were hit with a wave of this kind of spam–nearly 300,000 per hour–containing headlines such as “Early Christmas Gift” and “Ho Ho Ho.”

* Pills to make your holidays happier? E-mails offering discount prices for pills such as Viagra and Cialis are also extremely common, says Sergeant. “Right now, many of them contain holiday themed pictures, like Christmas trees, but they are essentially doing the same thing as similar types of spam: trying to lure you to a website selling those pills.”

* “Rolexes” for that special person on your list. Another type of spam that is fairly common right now contains advertisements for replica watches. “The holiday component there is that they are advertising for the holidays and trying to get people to buy Christmas gifts,” says Sergeant.

* Send greetings of spam. Greeting card spam, which is designed to spread worms, is still a threat. However, Sergeant says, most companies have blocked this type of spam, and he predicts spammers will start moving away from greeting card spam fairly soon.

Overall, Dave Marcus, security research and communications manager at McAfee, says he is surprised by the relatively few instances of holiday-themed spam this year–but that doesn’t mean we’re over the river and through the woods yet. He points out that a big Labor Day scam happened during Labor Day weekend; similarly, spammers may be waiting until Christmas gets closer to start their spam runs. “I would expect to see more holiday spam a week or so before the holiday, but it’s hard to tell,” he says.

To protect themselves, recipients should of course avoid clicking on links in such e-mails, because doing so could infect their computers with viruses or spyware. But the best way to avoid falling into a holiday spam trap is to not even open the messages in the first place, says Sergeant. The spammer might be tracking which e-mail recipients have opened the message, thereby confirming a legitimate address that could become the target of even more spam. And of course, do your last-minute shopping elsewhere. “Don’t fall for the slightly cheaper prices you might see advertised in one of these emails,” says Sergeant.

Associate Staff Writer Katherine Walsh can be reached at