SAN FRANCISCO (AP) -- Yes, guys, those spam e-mails for Viagra or baldness cream just might be directed to you personally. So, too, are many of the other crafty come-ons clogging inboxes, trying to lure us to fake Web sites so criminals can steal our personal information.
A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use.
Unlike traditional spam, most of which is blocked by e-mail filters, personalized spam, known as "spear phishing" messages, often sail through unmolested. They're sent in smaller chunks, and often come from accounts the criminals have set up at reputable Web-based e-mail services. Some of the messages are expertly crafted, linking to beautifully designed Web sites that are bogus or immediately install malicious programs.
Cisco's annual security study found that spam is growing quickly - nearly 200 billion spam messages are now sent each day, double the volume in 2007 - and that targeted attacks are also rising sharply.
More than 0.4 percent of all spam sent in September were targeted attacks, Cisco found. That might sound low, but since 90 percent of all e-mails sent worldwide are spam, this means 800 million messages a day are attempts are spear phishing. A year ago, targeted attacks with personalized messages were less than 0.1 percent of all spam.
The latest attacks include text-message spam, e-mails trying to trick business owners into coughing up credentials for their Google advertising accounts, or personalized "whaling" e-mails to executives claiming that their businesses are under investigation by the FBI or that there's a problem with their personal bank account.
As the world's largest maker of networking gear, Cisco is in a unique position to study the traffic flowing through its customers' networks, which include the biggest Internet providers and corporations. The latest study was based in part on the company's ability to monitor 30 percent of all Web and e-mail traffic through its hardware and software and a network of companies that contribute data.