When Hormel decided to rename its economical canned luncheon meat in 1936, the company chose to call it Spam. It would take approximately 55 years for the name to be applied to unwanted emails. Although there are various stories involving the naming of both the meat product and the email version, no one is completely certain of the truth. One story is that American military personnel were overwhelmed by the amount of Spam they were fed on almost a daily basis, and email users who have checked their spam folders recently can see the association. There is also a theory that Spam will never go bad as long as the can is never damaged or opened, and in the early days of email, it was necessary to open the spam and click on a malicious link to cause harm to the user. The two products share an additional similarity, however. Originally, Hormel made only one type of Spam, but over the years, the company introduced a variety of flavors, sizes, and versions. Hackers and criminals have done the same thing with their malicious emails.
Why Spam Remains the Top Method of Attack Used for Cybercrimes
Cybercriminals are not out to make the world a better place; they are in it for the money. If spam campaigns were not generating some type of profit, they would cease their attacks. Obviously, then, spam is still popular because these attacks work. They may not convince every recipient to open the email and follow the link, but the criminals do not need that to happen. Just look at the math. Suppose a cybercriminal sends out 10 million spam emails a day. If just 1 percent of the recipients fall prey to the scam, there are 100,000 victims.
Convincing the victims to do what the senders want can be problematic, but cybercriminals have refined their techniques to increase the likelihood of success. Although the Nigerian princes may not get as many click-throughs as they once did, these scam artists made a great deal of money originally and are still reeling in at least a few catches every day. However, as users became wiser to such blatant attacks, cybercriminals became more sophisticated, especially in the use of bots to collect data. One area that they began to exploit is the world of social media.
Virtually everyone has at least some online presence that reveals a great deal of personal and business information. It may be a Facebook page that lists his marital status, birth date, mother’s maiden name and/or city of residence. It could be a LinkedIn profile that details the universities she attended, her employment history, or her awards. It might be a Twitter account that reveals political affiliations, favorite celebrities, or concerns about the environment.
With just a modest botnet, a modicum of intelligence, and a desire to make a dishonest living, a cybercriminal can assemble a database containing detailed profiles of potential victims. Based on the information collected, the criminals can craft highly convincing emails targeting specific individuals. For example, knowing where someone works can provide an extensive list of the victim’s fellow employees. The criminal can send the victim an email that appears to be from a colleague, increasing the chances that the message will be opened. The alleged colleague may make what seems to be a reasonable request. Perhaps they say that they need the victim to send an emergency wire transfer to the sender, another colleague, or a supplier. The sender may tell the victim that there is a computer glitch requiring him to click on a link in the email and confirm his credentials. The criminal may ask the victim to download a malicious attachment and verify a piece of information, or he may ask the victim to upload a file. If the victim complies with any of these requests, the results could be financial losses, the unleashing of malware that infects the entire system, or the revelation of critical information that can be used to wreak havoc in the future.
A recent article posted at Technative.com reported on the findings of research conducted by F-Secure in 2018. Of the samples obtained by F-Secure, 23 percent of the emails included malicious attachments, 31 percent directed recipients to a malicious website, and 46 percent involved a dating scam. Knowing the alleged sender increased the opening rate by 12 percent. Furthermore, to circumvent cybersecurity programs, a rising number of the emails do not direct the user to a malicious site; instead, they point to a seemingly harmless site that will then direct the user to a malicious site.
Preventing Malicious Spam
Of all the types of marketing campaigns, email offers the greatest potential return on investment. Companies are not likely to abandon email marketing in the immediate future, so cybercriminals will continue to use malicious spam as well. Defending against the bad actors may begin with educating users, but even people who are very aware of the risks fall victim every day. Furthermore, employees need access to email to perform their duties efficiently and interact with colleagues.
Abusix Mail Intelligence can give you the control and visibility you need to manage your email services. With catch rates of 99 percent for malware and 99.02 percent for spam, AMI is the best in the industry, and its cost averages 25 percent less than similar products offered by the competition. Try Abusix Mail Intelligence free today for a 14-day-trial.