Skip to main content

Just when you thought spam was dead, it’s back and worse than ever

gmail app on phone
Image used with permission by copyright holder

Emails promising millions of dollars from a Nigerian prince, to malicious attachments, and nefarious links. All of it falls under the banner of spam. An incredible 40 years have passed since the first email spam was sent out over the progenitor of the internet, the ARPANET, but it remains a threat today. In fact, 2018 is becoming the year of spam.

When all else fails, spam

Spam is making a comeback because other attack vectors aren’t working like they used to. Throughout the history of malware, hackers have discovered many methods of attacking end users and businesses, but a new attack is usually met with a response. Methods that were effective a few years ago, like drive-by downloads, aren’t getting the job done any more.

As cyber-security company F-Secure pointed out in its recent blog post, killing off the Adobe Flash plugin support in browsers has clamped down on many browser-based attacks. By removing that potential attack vector, exploit kits have become far less effective and therefore far less common. Combined with the ever evolving abilities of anti-malware software utilizing machine learning and behavioral tracking, spam’s relative success rate is creeping back up.

“We’ve reduced criminals to spam, one of the least effective methods of infection.”

“We’ve reduced criminals to spam, one of the least effective methods of infection,” F-Secure’s security advisor, Sean Sullivan said. “Anti-malware is containing nearly all commoditized, bulk threats. And honestly, I don’t see anything coming over the horizon that could lead to another gold rush, so criminals are stuck with spam.”

That’s despite the fact modern email clients are better equipped than ever to identify and quarantine spam to prevent its malicious intent from being realized.

Fighting with filters

Just last year Google announced brand new features for its Gmail service that helped it detect 99 percent of spam emails and swiftly dump them into the junk folder. It still faces the odd issue though, like users finding spam emails in their sent folder just a few months ago.

Other companies offer similar services with their email clients. Outlook has a “Junk” folder that automatically scans messages and provides manual controls for blocking or whitelisting certain email addresses and top-level-domains. Thunderbird puts the power in the hands of the users by offering a junk filter that it asks you to “train” by showing it what you consider to be junk mail. Popular free email services like EM Client use open source platforms like Apache SpamAssassin.

outlook email
Image used with permission by copyright holder

There’re also several third-party services that can be used to augment existing anti-spam efforts. Mailwasher and SpamSieve are two of the most popular, and though the best versions of them aren’t free, they provide intelligent filtering systems which do a great job of blocking most spam emails.

Despite all of these built-in and add-on options for filtering out junk emails, some are still slipping through. That, combined with the ease of sending spam, is helping it proliferate, and as more malware authors and distributors resort to spamming to make their nefarious gains, they invented new ways to trick both spam filters and people who think they know better.

New spam for a new age

Spam was originally named after the luncheon meat of the same name due to a Monty Python sketch where the word was chanted in an annoying, incessant fashion. But the comparison of a heavily processed product is just as apt today. Modern spam is often smarter and more convincing than you’d expect.

Monty Python - Spam

“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,” said Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity, told The Economic Times.

Spammers personalizing emails to make them seem to come from a legitimate source, or someone known to the recipient, is the most effective tactic, raising the chance of a click on a link or email attachment by 12 percent.

Other methods to increase spam’s efficacy include having a subject line that’s free from errors. That ups the chances of a successful attack by 4.5 percent. Phishing emails can be more successful if an emergency is implied, rather than explicitly stated.

“They are using links that are these crazy redirect loops, that are redirecting you from page to page.”

The requisite steps that the recipient must take to infect themselves with the content of spam emails are changing, too. Malicious email attachments now account for 23 percent of spam emails, as per F-Secure’s Päivi Tynninen. But a new wrinkle to that old attack vector is adding a password to the file which is provided in a second attachment. That means that automated detection tools may not be able to analyze the malicious file, as they can’t access it directly.

Modern spam emails frequently use malicious links. They make up 31 percent of spam emails according, to F-Secure. Those links will eventually lead the clicker to a malicious file download, often executing through some form of macro embedded in a document for Word, Powerpoint, or Excel. Even those links are changing. Where once the original link would send you straight to the malicious software, now your browser will jump through a few hoops first.

“Attackers are adding additional layers to avoid automatic analysis and researchers trying to intercept their potentially good infections and creating detections for those,” Tynninen said during a recent episode of the Security Sauna podcast. “They are using these links that are these crazy redirect loops that they are redirecting you from page to page, and after a couple to maybe seven different page redirections you get the final payload, which is only the downloader document with macros. ”

statista spam by category
Image used with permission by copyright holder

That number of redirects might seem excessive, but if researchers try to retrace the steps to provide better detection for such attacks, the attackers can take down just one of the redirect websites. That breaks the chain and makes investigation more difficult.

The biggest spam attack vector of them all? Tugging at the heart strings of email users. A full 46 percent of spam emails focus on some form of dating scam. These trick recipients into thinking someone has found their profile on a dating site and wants to chat or meet up.

Old advice still stands

While new methods of attack from spammers and scammers are always a little scary, spam remains as easy to avoid as it is to send.

Unless you specifically requested to receive a certain email attachment from a specific person – don’t open it. Better yet, don’t open anything and have your friend or work colleague send you the file in a more secure platform like a cloud storage service. Don’t click links in emails, either. Always go to the source. If you do have to click a link for whatever reason, check where it’s sending you first by hovering over the link. Chrome, Firefox, and Edge all showcase the raw link in the bottom-left of your screen when you do so. Make sure it’s not sending you somewhere unexpected.

Don’t click links in emails, either. Always go to the source.

F-Secure also highlights a number of brands that are commonly spoofed in spam emails. UPS, Amazon, FedEx, Apple, and Paypal are the companies most often faked, so be wary when receiving emails from those companies.

Above all else, take heart that the effort you put into digital security is paying off. Spam isn’t an effective foodstuff, and it’s not a great way to spread malware either — but when it’s all scammers have to work with, they’ll gladly scoop out another gelatinous spoonful. Don’t join them at the table.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Walmart just discounted this HP laptop from $519 to $279
The HP 14-inch laptop on a small desk with some headphones.

Alert the press! Sound the alarm! The HP 14-inch Laptop received a massive markdown from Walmart. While this promotion lasts, you’ll be able to purchase this budget-friendly laptop for just $280. That’s $240 off the normal selling price! Student laptop deals usually kick into full swing toward the end of August, but this is a great opportunity to nab a powerful PC before the back-to-school rush. 

Why you should buy the HP 14 Laptop
We love all HP laptop deals, but this one’s particularly good. The HP 14-inch N305 is powered by an 13th-gen Intel Core i3-N305 CPU, Intel UHD Graphics, and 8GB of DDR4 RAM. It’s not the most powerful laptop in the world, but you’ll have no issue multi-tasking with desktop apps or running one of your favorite PC games. 

Read more
The best password managers for 2024
have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we

If you're thinking about getting a new password manager, we can help narrow down your choices. Here's a list of the best and most secure solutions for taking your logins with you wherever you go, no matter what device you use.
No more retyping passwords every time you switch from your Windows PC to your iPhone or from a Mac to an Android phone. These premium password managers have more than just the basics, making your life easier and keeping your accounts safe at affordable prices.

1Password (Windows, Mac, iOS, Android, Linux, and Chrome OS)

Read more
This Lenovo laptop is normally $2,919 — today it’s $919
The Lenovo ThinkPad T14s Gen 5 opened up on a table.

Lenovo laptop deals aren’t too difficult to come by, but this promotion was so exceptional, it needed its own spotlighting! Right now, Lenovo is knocking $2,000 off the Lenovo ThinkPad T14s. Since it's normally priced at $2,920, it’s hard to say how long this markdown is going to last. If you’ve been sitting on a laptop upgrade for a minute, now might be the time to get some new gear.

Why you should buy the Lenovo ThinkPad T14s laptop
Built for businesses, the ThinkPad has long been the go-to Lenovo laptop for busy professionals. Portability is one of the strong suits here: At 12.50 inches wide, 8.93 inches from front to back, and 0.65 inches tall, the ultraportable T14s is the ideal PC for frequent travelers. It’s lightweight too, weighing but a mere 2.71 pounds.

Read more