what is spam?
Spam affects everyone
Anyone who uses the Internet will sooner or later come into contact with spam. In most cases, this is “only” advertising that is sent unsolicited. Sometimes, however, such emails can also cause immense damage, as they are based on fraudulent (or simply malicious) intentions. Companies in particular need to protect themselves, as data theft can quickly lead to high losses and reputational damage.
Definition: What is spam?
Spam (or junk mail) refers to unwanted messages that are sent electronically. They are usually distributed by e-mail, but also via social networks, SMS or advertising banners. Junk mail accounts for an estimated 90 percent of the world’s e-mail traffic. The majority of these are advertisements. The term “spam” is the abbreviation for Stupid Pointless Annoying Message. This tends to suggest a commercial or advertising nature, but this is not always the case: some spam emails contain malicious content and file attachments that can pose a risk to private individuals and companies.
It is characteristic that the recipient has not previously consented to receiving the message. Junk mail is usually sent to a large number of recipients as part of mass mailings. The senders receive the e-mail addresses in advance via purchased mailing lists, among other things.
What types are there?
Advertising spam
Special offers, counterfeit products at ridiculously low prices and advertisements for sexual enhancers: sooner or later, every inbox is infiltrated by dubious mailings of this kind. If the offer sounds too good to be true, it usually is. Mailings with proselytizing or racist content are also common, as are fake messages, e.g. about the deaths of celebrities.
Subscription traps
With this type, the recipient receives an invoice for a supposedly concluded subscription. You are asked to pay, often with the remark that you are in arrears and only have a short time left to settle the amount. In this way, pressure is built up to tempt the recipient to act quickly and rashly.
This type of spam is particularly problematic when well-known companies such as popular streaming platforms are named as the supposed sender. If you have actually taken out a subscription with one of these providers, the likelihood of classifying such junk mail as authentic and following up the request increases.
Phishing
In a phishing e-mail, the recipient should either click on a malicious link or open a file in the attachment. This is how cyber criminals obtain personal data, e.g. by requesting account information. Trustworthy and well-known companies are often chosen as the supposed sender, including banks, health insurance companies or Microsoft support.
A typical trick: A spam mail claims that the bank account will be blocked unless the recipient enters their data via a link provided and thus verifies the account. A time limit is specified (often 24 hours) within which the action must be carried out, otherwise the account may be blocked. The recipient then enters their data on the authentic-looking login page and forwards it directly to the cybercriminals.
Malware
Junk mails can contain malicious file attachments that infect a device with malware. The malware is often hidden in Word documents, PDFs or zip files, for example in a PDF invoice. When the invoice is opened, the malicious program installs itself on the recipient’s computer. There are different subclasses of malware:
- Ransomware: Malware that encrypts files or the entire device and only releases them in return for a ransom.
- Spyware: Spyware that records and forwards the recipient’s files, messages, conversations and online activities.
- Trojans: As with the ancient Trojan horse, the “enemy” is infiltrated covertly. In this case, it is a malicious program that deletes, modifies, blocks data and/or restricts overall system performance.
Where do spammers get their e-mail addresses from?
Criminal spammers often obtain their data from address traders or from the Darknet. Data theft is also common, especially with large and well-known service providers whose email lists are correspondingly extensive.
Harvesting involves spambots searching websites for email addresses that are publicly accessible. These could be found in contact information, forum posts, comments or other public areas. Also popular are competitions in which contact details are collected and then used for spam emails or sold on to third parties.
Why is spam dangerous?
An important point in the risk assessment is that the mass sending of spam messages is relatively cheap for cyber criminals. As a result, not only selected companies, but also private individuals are targeted by spammers.
Spam can also be very dangerous because it not only distributes unsolicited advertising, but is also sometimes used to install malicious software (malware) on the recipient’s device. This results in the theft of personal data and manipulation. Phishing emails also request sensitive data that can give cyber criminals quick access to their victims’ bank accounts, for example.
Sorting out spam is also time-consuming and therefore costly, especially for companies. There is also a risk that business emails will quickly get lost in the flood of spam. At the same time, inboxes are clogged and servers are unnecessarily overloaded.
How do you recognize spam?
Unknown sender
Unknown or suspicious e-mail addresses often indicate junk mail.
Unwanted content
Undesirable content such as advertising for questionable products, fraudulent offers or obscene content are typical.
No personal salutation
General salutations such as “Dear customer” or “Hello” are used instead of the personal name.
Unsolicited attachments or links
Unexpected attachments or links are often included. The user is asked to disclose personal or sensitive information.
Spelling and grammatical errors
Spam e-mails can often contain spelling and grammatical errors. This will not usually be the case with authentic e-mails, e.g. from a bank.
Pressure to act quickly
Typical are urgent calls to action, e.g. a limited offer that is only available for a short time.
Missing deregistration option
Legitimate marketing emails usually contain an option to unsubscribe from the mailing list. If this option is missing, the e-mail is probably junk mail.
Phishing attempts
Requests for personal information such as passwords, account information or social security numbers are often phishing attempts.
If it is not obvious whether it is junk mail, do not open any attachments or links and do not disclose any personal information. If, for example, it could be a genuine request from a provider with whom you are a customer, you should contact the company in case of doubt and inquire about the authenticity of the e-mail before complying with the request. However, not via the corresponding e-mail, but via the official contact details on the website.
How do you protect yourself from spam?
Mark mail, block sender
Do not answer
Use a temporary e-mail address
Do not disclose your e-mail address
Alias e-mail addresses
Regular updates
Be careful with attachments and links
Implement email security software
Mark suspicious mail and block sender
If an e-mail is conspicuous, it should be marked directly as spam and moved to the spam folder. This teaches the e-mail program to treat similarly structured e-mails as junk mail in future. The corresponding senders can be blocked so that no more emails are received from these addresses in future.
Alias e-mail addresses
Some e-mail services offer the option of creating alias e-mail addresses. These can be used to protect the main email address by creating separate addresses for different purposes.
Do not reply to spam
Under no circumstances should the e-mail be answered, as the sender will then know that the e-mail address is active.
Update software and operating system regularly
Email software, operating system and anti-virus programs should be kept up to date to close security gaps that could be exploited by spambots.
Use of a temporary e-mail address
A temporary e-mail address is recommended for online registrations, newsletter subscriptions or forum posts. In this way, the main e-mail address and the inbox remain free of advertising and/or malicious e-mails.
Be careful with attachments and links
Attachments should not be opened and links in suspicious emails should not be clicked on, as this can lead to malware infections or phishing attacks.
Do not disclose your e-mail address publicly
Email addresses should not be publicly visible in public forums, social media or on websites, as the data is collected by spam bots.
Your own e-mail address should only be passed on to trustworthy sources. Here it is important to check the data protection guidelines to ensure that the address is not passed on to third parties.
Implementation of e-mail security software
In addition to these manual measures, anti-spam software is recommended for adequate protection against spam. However, the already integrated protection of a conventional e-mail service such as Microsoft Outlook is usually not sufficient here. Companies in particular need a professional email security solution, as the potential risk of data theft (e.g. e.g. through social engineering methods targeting employees) is too high. The software ensures that spam, whether advertising or malicious, is immediately recognized as such and blocked.