If there is one thing present on every email user's wish list, it would be to never receive spam again. It's like those inserts that fall out of a newspaper when we open it. Nobody asked for them and getting rid of them is more work than they're worth, yet can't escape them. Making up almost 70% of total email traffic, spam reaches every corner of the email world. Email service providers go out of their way to protect users from this problem with a wall of filters, still some of them make their way through to end up in your inbox.
One question I commonly notice users asking is, "How did the spammer get my email address?" The answer may come as a surprise. Remember that seemingly harmless form you submitted after your online Christmas shopping? The pop-up you filled out to download the latest episode of a series? A bumper email you forwarded to 100 friends promising you the chance to win a Tesla car? These are some of the sources spammers use to harvest email addresses.
Unfortunately, these social engineering methods are not the only ways they rely on. Spammers use multiple techniques, from simply deploying crawlers to pull contact information from websites and social media platforms to the more difficult method of guessing combinations of email addresses using the brute force method. Once they confirm that your email is receiving messages (using deliverability and click records), you are now forever trapped in the spammer's database. According to TechRadar, email spammers receive approximately one reply for every 12.5 million emails. And even with a small 0.00001% click rate, the average full-time spammer makes around $7000 a day.
While spammers profiteer by sending unsolicited advertisements and fraudulent emails, the effect on a victim is often quite brutal. The dangers of loss of data, money, and privacy surrounding spam makes it more vital than ever for email users to be aware of spam, and it's working.
Let's take a look into some popular types of spam.
Product marketing: The one where everything's a hoax
Here, spam is used as a marketing tool, like an advertisement to sell a product. Putting aside the fact that you never signed up for these ads, there is also another concern regarding the products spam emails advertise. These products are usually unauthorized and unregulated by any government bodies. Around March 2020, several spam emails started flying around claiming to have found the "cure to the Coronavirus." Many users believed those spam adverts and paid to buy such items, only to be left with unapproved, ineffective, and misbranded products. So, the next time you see a spam ad you didn't sign up for but end up feeling tempted, think twice, or even three times.
Scam: The one where bogus offers are the norm
Scam spam uses human psychology and highly engineered catchphrases to manipulate readers into believing something extraordinary can be attained with minimal effort. A few trademark subject lines of these emails would be something like "Once in a lifetime opportunity!" or "Earn $2000 a day with risk-free investment!" among others. One notable thing is that most of these scams are finance-based, usually promoting non-existent ventures, fake job offers, lottery wins, or pyramid schemes. It, more often than not, results in the victim paying lump money as "advance-fee" to enjoy the benefits of the shady scheme. After the victim pays the required money, the spammer would not only disappear without fulfilling their claim but will also steal the victim's payment details for further exploitation. A golden rule is that when an offer looks "too good to be true," it most probably is.
With phishing, spammers disguise themselves as a legitimate organization, sometimes one the recipient is associated with, intending to extract sensitive personal and financial data from their victims. Phishing uses advanced social engineering techniques that require human interaction, identity theft, fraud, and advanced coding skills to extract your data. It works because most people don't pay close attention to the little details and skims through emails or websites. So, the next time you receive an email with a link to recover your bank account and you are not sure why, hold on to that thought, look carefully, and don't skim through the details.
Spoofing: The one where identity theft is common
The premise of spoofing lies in forging a legitimate email address to trick the recipient into believing that the email is from a trusted source. Essentially, the spammer cons you by disguising themselves to be a sender you are familiar with. Wondering how someone can make the displayed email address look legitimate in a forged email? Unfortunately, it's not a complicated task. The shortcoming of SMTP servers email relies on is that they make it possible for a spammer to disguise the original "from" address.
Business Email Compromise (BEC)—also called man-in-the-email scams—is one of the most prominent attacks that use spoofing techniques to devise fraudulent money or data theft. This is usually done by scrapping publicly available email addresses of prominent people in an organization's websites. And to add more, spoofing coupled with phishing can result in disastrous financial loss for the victim. So, the next time your boss emails you out of the blue asking for login credentials or an immediate asset transfer, make sure you cross-check before doing so.
Something to note: the types of spam we've discussed here don't have to be confined to emails. Email is only one form of communication. And nowadays, spam happens everywhere, from social media to personal calls and messages. So beware, everywhere.
Spam is an inconvenience at best, and there are many types to be aware of. Although only approximately 2.5% of spam emails are dangerous, this small percentage involves identity theft, compromised financial security, and invaded privacy. While ignoring spam is one solution, it is not always the best. The presence of spam can be distracting and is a waste of time, storage space, and email efficiency.
Fortunately, there are ways to limit the spam you receive. We will talk more about how you can avoid spam attacks in the next blog post. But before that, what's your take on spam? Let us know in the comments. Until we meet again, stay informed and stay safe!