垃圾邮件转战电子日历
难道你真的安排了一场和叙利亚石油公司(the Syrian Petroleum Company)的午餐会? 多半没有,不过,如果你的Outlook日历弹出诸如此类的邀请时,可别被骗了。 垃圾邮件曾经的招数是狂轰滥炸收件箱,不过它们最近探索出了一条令人发指的新方法,在Outlook和谷歌(Google)日历上无休无止地弹出邀请和会议请求。这种骗术算不上多高明——日历垃圾邮件仍然兜售巴西莓饮品和外国投资机会,但它们的确非常烦人。 “这是垃圾邮件发布者(从一众同行中)脱颖而出的方法,”赛门铁克公司(Symantec)安全、技术及响应部总监凯文•哈利表示。“如果收到邀请,你通常不会想到是垃圾邮件。你可能会点开瞧瞧。” 垃圾会议请求乍一看去挺像回事,只有详细阅读一下才能发现它们不过是在推销一些异想天开的项目。我的同事最近收到了一封这样的邀请:“来自工程师理查德•摩根,大马士革叙利亚石油公司(the Syrian Petroleum Company)石化/石油勘探工程师。我和其他两位工程师,来自印度的B.S.•巴布以及来自委内瑞拉的大卫•奎贾得•费舍尔需要你的协助以进行投资………”只要你读到这里,垃圾邮件制作者就算胜利了,他们只盼着在无数阅读他们信息的人中能有个把好骗的。 如何分辨垃圾日历非常简单。微软公司(Microsoft)的一位发言人称,用户可以用分辨垃圾邮件的招数。例如不熟悉的请求来源、未经认证的发件人以及内嵌不明网站链接,这些都是垃圾日历的标志。 但用户通常不大清楚应该如何处理垃圾日历。你可能觉得“拒绝”这些来自叙利亚石油公司的虚假会议是自然的、令人舒坦的举动,不过这时候“拒绝”并不比“接受”好。哈利解释称,无论哪种方式,你都验证了自己电子邮件地址的有效性,而这正是垃圾邮件制作者想要的。如果选择忽略,那么结果就是继续受到它们的困扰,提醒消息就会越来越多,而且在虚假会议的起始时间快到来的时候,还会有15分钟的倒数计时。哈利如是说:“他们恰到好处地利用了邀请技术的优势。”哈利如是说道。 所以,正确的做法是删除垃圾要求,同时确保你的电脑没有设置自动回复邀请。当然,有关垃圾邮件的一切条款都适用:不要点击链接、图片或附件,里面可能含有病毒。 与此同时,谷歌和微软都鼓励用户报告垃圾日历:点击谷歌的“报告垃圾邮件”按钮,或是在微软日历中将邀请标记为“垃圾邮件”。这个举动将帮助这两家公司辨识垃圾邮件,也会帮助它们在今后屏蔽垃圾邮件。 事实上,垃圾日历并不是什么新鲜事物,近几年零星有出现。汉普顿表示,微软认为垃圾日历并没有什么特别之处。不过,安全公司Sophos高级安全专家切斯特•维斯尼奥斯基持不同意见,他认为垃圾日历或将成为垃圾邮件制作者的新前线。维斯尼奥斯基上周刚刚收到了一封与巴西莓有关的邀请。他说:“在屏蔽垃圾邮件方面我们已做得非常好了。”现在的邮件过滤器可以过滤掉99.5%的垃圾邮件。“这是一场猫抓老鼠的游戏。垃圾邮件制作者们正在寻找我们的过滤器不能覆盖的领域。”(哈利称,有迹象显示一些垃圾邮件制作者已经放弃尝试了:目前69%的邮件是垃圾邮件,而2010年,这一比例高达93%。) 当然,互联网上还有远比虚假邀请更凶险的威胁,如果垃圾日历是下一个大事件,那也许不算太糟。哈利称,不少垃圾邮件制作者正在聚焦如何入侵远比电子日历更私密的空间,那就是:你的手机!(财富中文网) 译者:项航 |
Have a lunch meeting planned with the Syrian Petroleum Company? Probably not, but don't be fooled if your Outlook calendar says you do. Spam, long the scourge of the email inbox, has taken a creepy twist in recent months, popping up in the form of invitations and meeting requests on Outlook and Google (GOOG) calendars. It's not exactly sophisticated—calendar spam still peddles acai berry diet elixirs and exotic investment opportunities—but it sure feels invasive. "It's a way for a spammer to stand out," says Kevin Haley, Director of Security, Technology and Response at Symantec (SYMC). "With an invite, you don't expect it to be spam. It may draw you in," he says. Spam meeting requests at first glance appear personal and almost plausible—you have to read a bit to realize that they are promoting some kind of hare-brained scheme. One that popped up on a colleague's calendar recently began: "This is Engineer Richard Morgan a petrochemical/oil exploration engineer with the Syrian Petroleum Company located in Damascus. Myself and two other engineers Engr. B.S. Babu an Indian and engr. David Quijada Fischer from Venezuela needs your partnership to investing some funds ...." The fact that you get even that far is a win for spammers, who are hoping that just one out of the many who read their message will be a sucker. There's nothing tricky about spotting calendar spam. A spokesperson for Microsoft (MSFT) says people should look for the same things they do in all spam, like an unfamiliar source, an inauthentic sender, or links to strange-looking sites. It's a little harder for people to know what to do with the calendar variety, though.While it may feel natural or satisfying to 'decline' that phantom meeting with the Syrian Petroleum Company, 'declining' is actually no better than 'accepting'. Either way, you're verifying your email is a working address, which is one thing spammers are after, Haley explains. And if you just ignore the request, the effect is continued spamming, with incremental reminders and then a 15-minute countdown to your non-event. "They're really taking advantage of the technology of the invite," says Haley. Instead, then, you should delete the spam request, and be sure that your computer is not set to automatically accept invites. And as the case with all spam, you should avoid clicking on links, images, or attachments, which may hide malware. Google and Microsoft also encourage users to report calendar spam—either through Google's "Report Spam" button or by marking the request as "junk" in Microsoft Calendar—which helps the companies identify and block spam in the future. Calendar spam is not in fact new, but has surfaced sporadically in recent years. Hampton says Microsoft has not seen it at an unusual level, but Chester Wisniewski, a senior security analyst with Sophos—who just last week received an acai berry-related invite on his Google calendar—thinks calendar spam may be the next frontier for spammers. "We've gotten pretty darn good at blocking spam in our email," he says, noting that email filters now screen out more than 99.5% of spam messages. "It's a cat and mouse game. Spammers are trying to figure out where our filters are less sophisticated." (It would appear some spammers have given up altogether: 69% of all email is spam, down from 93% in 2010, according to Haley.) There are of course far more sinister threats out there than the unsolicited invitation, and if calendar spam is the next big thing, that may not be so bad. Haley says spammers are increasingly focused on an invading a space far more personal than your calendar—your phone. |