SurfControl, an anti-spam company, says that “brand spoofing spam” – where a spammer sends fraudulent email that pretends to be from a well-known and trusted company — is getting worse, after only a few months of its existence.
The spammer, posing as a customer service or security official, directs the unsuspecting recipient of the spam to a phony Web site. The site then requests confidential financial information or a Social Security number that allows the spammer to commit fraud or identity theft. Over the last few months, SurfControl said in a press release, Best Buy, UPS,
Bank of America, PayPal and First Union Bank have been brand spoofed. Four large Australian banks also have been brand spoofed, including the Commonwealth Bank of Australia. Last Thursday, Sony Electronics reported that it had become aware of a deceptive spam e-mail that had been sent to consumers, requesting personal information such as password and e-mail address, claiming to come from “SonyStyle Customer Service.”
SurfControl says brand spoofing spam was first seen in March and has been growing steadily since then. Brand spoofing spam has grown from zero before March to more than five a month. The increase in such dangerous spam is linked to the growth in the availability of open proxy servers, which allow spammers to send anonymous, nearly untraceable e-mail. According to a researcher at the University of Oregon Computing Center, the number of identified open proxies grew from 1,000 in October 2002, to 100,000 in April 2003.