"If you're going to encounter malware in 2018, chances are it will happen through spam," says Sean Sullivan, F-Secure's Security Advisor.
Digital spam has been around for more than four decades. It is named after a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in every dish and where patrons annoyingly chant "Spam!" over and over again.
During the past few years, it's gained more popularity against other threats, as systems are getting more secure against software exploits and vulnerabilities.
It is now once again the most popular choice for sending out malware, according to new research from F-Secure. Of the spam samples collected this spring, 46% are dating scams (scammers creating a fake online profile to take advantage of people looking for romance on dating websites, apps and social media to extort money, gifts and personal details), 23% are emails with malicious attachments, and 31% contain links to malicious websites.
There are several reasons why spam is resurgent. First of all, spam works. It works because criminals are always getting better at "social engineering," which employs knowledge of users' psychology to improve the design of spam. Spam that seems to come from someone the recipient knows, spam with error-free subject lines and spam that uses a call to action where urgency is implied but not emphasised are all more effective.
Second of all, other tactics have become less effective. The demise of Adobe Flash as one of the most popular plugins on websites has shifted criminals away from exploit kits, which enabled the attack vector known as drive-by downloads.
Here's what spammers know about you that helps make their dirty work easy:
1. You probably bought something online recently
Almost every time you buy something online, it generates at least one email — if not several.
It only takes a simple 'Your order cannot be delivered' email to fool someone. The amount of spam pushed practically guarantees that numerous recipients will actually be waiting for a delivery. This explains why even after decades of warnings, we're still falling for spam.
2. You trust your favourite brands
F-Secure Labs analysed its spam traps and found these companies are most likely to be spoofed by spammers: Amazon; PayPal; Apple; Microsoft; Eharmony; Facebook and Match.com.
What do all these names have in common? They're brands you may love and likely interact with regularly, possibly on a daily basis.
"There are so many people that have relationships with these companies, it makes these the most successful ones to imitate in spam," says Sullivan.
3. Enough of us will keep clicking on zip files, attachments and links in spam to keep crooks in business
Your webmail and work mail are probably pretty good at keeping spam out of your inbox, which counterintuitively makes us more likely to click on the things that can infect us in spam.
When we interact with small amounts of spam, we just tend to trust the email that makes its way to us. The old advice you heard to never click on anything in an email you weren't expecting is as important now as ever. But if that advice were enough, we wouldn't be writing this post. So also, always keep your system, browser and security software updated.
Hey everyone, I've worked for TalkTalk since 2004, as a member of the new broadband support team, moved to second line the following year, then CEO tech team and on to Community in 2009. You'll usually find me on the Broadband and Fibre boards (and email now and again). I'm interested in technology and photography and I'm a big coffee fan, have loads of coffee gadgets and roast my own coffee beans