It's said that a picture is worth a thousand words, and nowhere is that more evident than for spammers who have replaced their mangled offers of Viagra and charitable Nigerian enterprises with pictures of hot women in stilettos.
But make no mistake -- the picture may be prettier, but it's a bigger risk than ever.
Image spam is a prime cause of the overall rise in spam traffic over the last few years, with image spam climbing from 5 percent of to 40 percent of all spam in just the last year, according to the Symantec security firm.
The reason is simple -- as antispam filters get stronger and more capable of recognizing the typical "word salad" that makes up a spam e-mail, spammers are using images that are harder for filters to parse, and thus easier to get through to your inbox.
As CSO's Scott Berinato put it, "The conceit behind image spam is graceful in its simplicity: Computers cant see...Parsing an image can confound a filter because it sees only noise millions of 0s and 1s in no discrete pattern."
Researchers for the Secure Computing security company recently publicized findings on an even more devious version of image spam. Rather than attaching spam images to an e-mail, spammers use popular photo and image hosting sites to host their spam images, and embed them directly in the e-mail, making it all the easier to get past a spam filter and into an unwitting reader's inbox.
Spammers Turn to Sex
It's another old truism that sex sells, and image spammers are taking full advantage. The latest scam involves sending unwitting users a "girl finder" spam that purports to open a link to an online prostitute locator.
The e-mail itself is harmless, but by getting users to click on it, they open themselves up to potential spam attacks in the future.
Graham Cluely of security firm Sophos told Information Week that "[p]eople need to learn that responding to unsolicited e-mails only encourages the spammers to send even more spam -- something none of us really want."
Image spam scams aren't limited to e-mail. The recently-discovered Pykse.A virus worm attacks users of the Skype PC-calling service through its embedded instant messaging program. The user gets a picture of an attractive model, but clicking on the image downloads the worm to wreak havoc on the user's PC.
How To Protect Yourself
Don't open e-mails unless they're from people you know. If it comes from an unfamiliar address and contains an image, the good odds are that it's probably spam. E-mails purporting to be from your bank or PayPal are invariably "phisher" e-mails designed to get you to open the link and provide your financial information. Move any unfamiliar e-mails to your spam or junk folders until you have verified they're safe.
Disable graphics in e-mails you receive. Most e-mail services such as Microsoft Outlook 2007 and Mozilla Thunderbird automatically prevent graphics from showing in e-mails you receive unless you click on them or enable the graphics yourself. While this can slow things down a bit, it also reduces the chances that you will be caught clicking on a piece of image spam. You can also configure your e-mail account to only receive plain text, blocking rich text and graphics altogether.
Use multiple e-mail accounts. Setting up e-mail accounts for specific needs (One for business, one for personal use, one for shopping and offers) reduces your exposure to spam, and setting up e-mail messages by category can help push spam to your junk folder faster. Web-based e-mail services such as ConsumerAffairs.org, Gmail, Yahoo, and Hotmail have built in antispam and image-blocking tools to prevent any unpleasant surprises when reading your mail.