Happy birthday spam! It’s been 40 years since the delivery of the first spam email to an unsuspecting user’s inbox. Hackers don’t appear to want spam emails to slow down as they continue to use these emails for malware and malicious URLs. The methods may have advanced over time, but the idea of sending out large quantities of emails to unsuspecting users’ inboxes has remained the same. A simple click by an end user equals a fairly lucrative reward for cybercriminals.
Malware delivered via spam appears to follow a predictable pattern. According to F-Secure, spam typically can be categorized as one of three ways, “46 percent are dating scams, 23 percent are emails with malicious attachments, and 31 percent contain links to malicious websites.”
Despite spam hitting the big 4-0 this year and being a popular vehicle of attack for cybercriminals, success rates are actually growing in recent years. Last month, Barracuda Networks reported that an alarming 87% of IT security professional said their company faced an attempted email-based security threat in the past year. 35% of companies became actual victims and lost confidential client information.
Putting Lipstick On a Pig
Cybercriminals are becoming smarter as spam hits its 40th milestone. While mass email campaigns are still popular, hackers have begun to use fraudulent emails disguised as legitimate documents to steal both company money and data. Scams are evolving at a rapid pace, and these carefully crafted spearphishing emails target departments and people that can provide a lucrative payout. So, while these campaigns hit fewer people’s inboxes, the reward can be much larger than mass spam emails.
New computer users are the number one target for spam. It also still exploits fundamental human weaknesses such as greed and the desire to help others. The business attacks prey on the notion of getting things done as quickly as possible. An employee sees the phrase “PAY INVOICE” and opens a malicious attachment without a second thought. In the blink of an eye, the computer is now vulnerable, and it’s too late.
Attackers are paying close attention to what is working, and what is not. For example, the probability of a victim opening up an email increases if the email appears to be from someone they know. The average user may not be aware of the importance of checking who the sender is. This is why education plays such a prominent role in spam and spearphishing. With training, users know the red flags of a fraudulent email.
Not Quite Over the Hill
Technology advancements are helping with keeping spam relevant. Being able to exploit vulnerabilities will continue to allow cybercriminals to make targeted attacks on businesses.
It’s a catch 22 however because technology is also helping business catch spam at a higher rate. There’s been an emergence of software, such as spam filtering and antimalware, that can stop malicious emails from even being delivered to users. Unfortunately, businesses don’t always use these programs. Experts have noted that user education is also helpful in the crusade against spam. Through training, employees become better educated on what to look for when evaluating the emails that arrive in their inboxes. This allows for users to catch malicious emails that may not have initially flagged the spam filter.
Despite the technological advances to both deliver spam and protect against, the end goal has remained the same. Make users click on a malicious link or file.