Travel industry beware of image-based spam – TravelMole guest comment by Jason Ashley, senior partner at BEW Global

Over the past three months, message threats have continued to steadily morph and increase in volume.

Ask most people with an email account and they will tell you that they have noticed more spam in their inbox recently. Industry watchdogs have reported a sharp rise in malicious message volumes with a 20% spike in global mail volumes during July.

There are many culprits leading the field. These include old favourites such as botnots and Zombies (compromised PCs used for spewing spam, viruses and phishing).

There are systems available that can deal with these fairly easily and most people are now familiar with the forms these uninvited emails take.

However, there is a new twist in the development of spam operations. These spammers use tools to generate random images which are deployed at speeds of up to 1 million per hour. This is called image-based spam.

Image-based spam is a constant stream of unwanted messages that use embedded images in order to evade spam filters.

Using images in spam is nothing new, it’s been happening for a long time. What the spammers have developed however is the ability to change the image in real time for each message that’s delivered. To the spam filters each message can appear as unique, which makes identification very difficult. 

So what’s the problem?

With the majority of images being large.gif and .jpg files, Image based spam puts a huge amount of stress on the company’s infrasructure.

Travel companies typically store massive amounts of data, requiring a lot of storage and bandwidth. Image-based spam can be about eight times larger than a regular spam message – a typical message is around 8k in size, compared to 70k for messages sent with this new tactic. These messages create storage and bandwidth problems. Let them go undetected and your systems and data are severely at risk.

Insurance companies that are subject to regulatory compliance standards have to archive all their email messages, so storage can get eaten up very quickly.  Without blocking image based spam, a lot of which is porn, I would say that around 25% of storage space has gone. Then of course there’s always someone keen to click on the message which unleashes any manner of virus into your system.

Make no mistake, these messages aren’t sent by students bored with studies and looking to make a name for themselves. This is a high-stakes, high-profit business. A business that continues to invest heavily in attempts to get messages delivered to users in the face of increasingly effective anti-spam systems.

What can you do about it?

You should look at a multi-layered approach to this problem.

If your company is required to archive its email for regulatory compliance you should engage a solution that blocks incoming spam outside the firewall. If the messages are stopped outside the company, they don’t have to be retained.

If your company doesn’t have to retain emails then choose a system that characterizes the internet’s messaging traffic and make it understandable and actionable. These systems identify spammers using image proliferation and manipulation to evade detection. Multi identity reputation systems are the most effective means of blocking illegitimate mail. Finally, tell your people about the problem. Don’t wait for them to open an unsuspected email then bolt the gate afterwards.

*Jason Ashley is a recognised expert and consultant on IT security. He is a regular speaker at industry events. BEW Global (www.bewglobal.com) has developed a holistic approach to assist organizations with its information protection and network security solutions. Centered on ISO 27001, an internationally recognized security standard, BEW Global provides a framework which includes services and relevant products to help organizations achieve regulatory, compliance and security initiatives. With offices in the major regional commercial markets including Europe North America, and the Pacific Rim, BEW Global provides a truly integrated global perspective on data protection and network security.