Internet Spam and Fraud
█ K. LEE LERNER
An increasingly costly and vexing economic security issue involves the high traffic in unsolicited commercial email (termed "spam") and the use of internet communication to commit fraud.
Nearly one-half of the estimated 50 billion email messages sent each day are spam mail that contain usually misleading or fraudulent representations for products or services ranging from health and well-being products to pornography. Internet experts assert that nearly 90 percent of the spam mail sent is sent by a network of less than 200 individuals or direct marketing companies that use spam. Spam is costly to Internet service providers (ISP) and to consumers in terms of money, time, and bandwidth. Spam can also disrupt the normal operation of many network systems. Current efforts to curb spam involve legal restrictions and technical measures to block the transfer of such messages.
Spam technology commonly exploits openings in the program structure of computers (e.g. open proxies, etc.) attached to the Internet that are then designated to act as relays for sending spam. Spammers use special programs to identify vulnerable computers. Messages relayed from these computers often carry only the "innocent" relaying computer's identification. Special internet spiders can also be used by spammers to extract email addresses from websites.
In late April 2003, the state of Virginia enacted tough anti-spam laws and congressional leaders promised action on similar measures at the federal level. One legislative initiative, the "Can Spam Act," would include civil fines for senders of commercial e-mail with fraudulent or otherwise invalid return email addresses. Virginia's law potentially subjects repeat or "serial" spammers to felony penalties. That tough legislation was first passed in Virginia is significant because Virginia hosts a number of major Internet hubs and providers, including the United States' largest ISP, America Online.
The first anti-spam bill was passed by Nevada in 1997, and about half of all states have such laws. Some simply require that bulk email senders offer email recipients a method to prevent further mailings from a particular sender. Other laws prohibit false identifiers, misleading subject headings or require unsolicited e-mail to be identified with "ADV" in the subject line. Messages with a characteristic label or portion of text in their subject line are more easily filtered from email traffic. Conventional filters can also scan email for characteristic strings of text such as "no prescription required" that often accompany fraudulent email related to drugs normally available only by prescription. Other Congressional proposals include the potential creation of a national registry of addresses who do not want to receive spam.
Within the United States, the Federal Trade Commission (FTC) is responsible for internet commercial regulation and has acted to stop spamming by use of anti-fraud laws.
█ FURTHER READING:
Mulligan, Geoff. Removing the Spam: Email Processing and Filtering. Boston: Addison-Wesley Publishing, 1999.
Frank, Diane. "Cybersecurity Center Takes Shape." Federal Computer Week 16, no. 4 (February 18, 2002): 10.
Computer and Electronic Data, Destruction
Computer Fraud and Abuse Act of 1986
Computer Keystroke Recorder
Computer Software Security
Internet: Dynamic and Static Addresses
Internet Tracking and Tracing