'Artisanal spam' fashions emails in a new kind of cyberattack

So-called "artisanal spam" targets smaller groups of victims with painstakingly crafted messages, with the aim of breaking through spam-filtering algorithms and tricking users into giving away their digital credentials.

Cyberattack on French iTunes users designed for maximum effect on fewer targets

'Artisanal spam': A new kind of phishing

6 years ago
Duration 5:43
Patrick Peterson, CEO of cyber-security firm Agari Data, explains the latest trend in spam email

Traditional spam email attacks follow a mass-market, "one-size-fits-all" approach: by sending the same message to as many targets as possible, a small number of people will be tricked into sharing their passwords or downloading a malicious program.

But a new kind of attack, so-called "artisanal spam," targets smaller groups with painstakingly crafted messages, with the aim of breaking through spam-filtering algorithms and achieving a higher rate of success.

Patrick Peterson, CEO of U.S. cyber-security firm Agari Data, says his company started noticing the attacks between six and nine months ago. Since then, he estimates, these kinds of attacks have numbered "in the low hundreds," although he notes that it can be hard to track such relatively small attacks.

"It's just a continuation of a long-term trend we've seen around criminal innovation," Peterson told CBC News.

This new method of spamming, said Peterson, is more likely to slip through the spam filters built into most email clients, and more likely to get criminals what they want — account credentials like usernames and passwords, as well as potential targets for malware attacks.

French connection

The most notable incident so far, according to Peterson, took place on Oct. 13, 2015. It targeted about 5,000 French users of Apple's popular iTunes music software, in a two-pronged attack designed to steal usernames and passwords, and possibly use those credentials to install malware on the victims' computers.

The criminal or criminals behind the attack "carefully curated" a French-language email, said Peterson, and specifically targeted email accounts based in France. That ensured the recipients would be more likely to read the email. The attackers also targeted users of smaller, local French internet service providers, who Peterson said might not be targeted as frequently as users of major email services like Gmail or Hotmail.

An 'artisanal spam' email attack carefully targeted French users of Apple's iTunes software. (Agari Data)

The goal was to maximize what Peterson calls the delivery rate, the number of targets who actually read the malicious email.

"We saw the vast majority of these messages delivered to the victims," said Peterson. "We don't actually have statistics on how many of them either installed malware on their computers or gave away their iTunes credentials, but I can say that the delivery rate was far greater than your typical mass-market spam."

It's very difficult nowadays to keep up in the cyber arms race.–Patrick Peterson, CEO, Agari Data

Like many other malicious email attacks, the French incident convinced targets that their iTunes accounts were at risk if they didn't click on a link and enter their credentials. Unlike most big spam attacks, though, the perpetrators took the time to customize their messages.

"It's just a question of good copy-writing skills and a lot of attention to detail, so that [the spam] looks just like the original," said Peterson. "The reality is, it's not that difficult. It's just that historically, criminals have been able to blast billions of these, and if half the people didn't think it was authentic, the criminals didn't lose too much sleep because they had sent so many."

Be skeptical about emails

Because it's relatively easy to produce an authentic-looking spam message, Peterson said, internet users should never assume they can tell the difference. He suggested people should be skeptical when evaluating emails.

"If you were walking down the streets of Toronto and someone came up to you and claimed to be from your bank or your auto warranty with a problem, people know how to respond to that," said Peterson. "But for some reason, when someone plops something in their inbox pretending to be similar entities, people just believe it."

If an email tempts you to clicking on an external link, Peterson recommends hovering your cursor over the hyperlink and checking to see if the destination URL is what it claims to be.

It's possible that users of smaller internet service providers are more at risk from these types of attack, added Peterson.

"It's very difficult nowadays to keep up in the cyber arms race. Even the largest providers with the most resources are struggling."


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?