When a group of hackers sought to steal iTunes passwords from Apple customers in France, they didn't spam the entire country. They sent out just 5,000 e-mails to French-speaking targets containing links to a fake login page.
The attack, which took place in October, was a success, at least by spamming standards. Most of the e-mails found their way to their intended recipients' inboxes, a rare occurrence with today's sophisticated spam filters. Agari Data, a cyber-security company, said more spammers are adopting this kind of small-batch approach, known in the industry as 'snowshoe' spam (the name refers to the small footprints it leaves), in the hope of breaking through junk-mail blocking software.
In the French iTunes case, attackers were able to operate their e-mail scam for eight hours before automated filters began to catch on, Agari said. They used e-mail accounts hosted through a small Belgian cloud company that wasn't a known offender.
As artisanal spam becomes a problem, the cyber-security industry is pushing for adoption of new protections that could save our in-boxes. One, called DMARC, is a global registry that lets retailers and other companies register the servers they use to send the kind of mass mailers some people enjoy receiving.