Image spamming is a new method of email spamming. The text is imbedded in image or picture files, which most anti-spam software ignore. They are not detected as spam simply because they are pictures and not text.

Blocking image spam is proving difficult, as images and pictures (whether as attachments or embedded in the body of the message) are an expected part of a person's daily email intake – for business reasons (e.g., company logos, product shots, electronic newsletters, etc.) or personal purposes (family photos, vacation shots and so on).

Background

Image spamming is, in a sense, an escalation of the spam – anti-spam 'wars' of the early 21st century. Junk email had reached such alarming proportions that people considered it as both a nuisance and a threat. Many anti-virus companies and ISPs launched major efforts to reduce or lessen the problem. Anti-spam filters, originally offered as 'add-ons' to anti-virus software, quickly became standard features of email programs like Outlook, and even web-based programs like Yahoo!Mail and Google's Gmail.

The filters are, in a way, 'text readers' and were geared to recognize and 'lock on' keywords beloved by spammers (such as 'offers,' 'miracle' and so on). Email messages that carried these keywords were shunted off to a 'holding area' where the recipient could review them in safety and at his leisure, deleting those that were truly spam and retaining genuine messages.

In response to tighter anti-spam filters, cyber-criminals began sending image spam. Some image spammers have taken the idea a step further – combining text with photos intended to lend an aura of legitimacy around the activity.

Pump-and-Dump Scam through Image Spamming

In pump-and-dump schemes, cyber-criminals buy low-cost stocks from legitimate stock exchanges and send out image spam using real stock market symbols in the hope of getting gullible investors to buy in and raise the stock's prices far above its actual value. The image spammers then wait until the stock hits a high and then cash in before the value of the stock falls, leaving the investors with near-worthless stocks and their monies depleted.

Pump-and-dump scams have become so prevalent that the US Securities and Exchange Commission (SEC) has stepped in and is monitoring the situation carefully – going so far as to suspend trading on stocks suspected of being used for this scheme.

Blocking Image Spam

Optical character recognition (OCR) programs are one approach that could be used. However, they hog bandwidth, are easy to deceive, are CPU-intensive, and are time-consuming. Some spammers also use handwritten messages which are almost impossible for OCRs to read.

Other methods of getting around OCRs include using background colors, graphics as background or even “tiled” images (slicing up pictures randomly and reassembling them) to avoid image recognition programs that detect previously used image scams.

While time and money are being spent to counter image spam, most security experts believe that the best way to avoid being hit by these is the straightforward approach – for recipients of such emails to ignore the messages, and delete these from their inboxes.