What is spam?

Contact us
From “harmless” advertising emails to threats to the entire IT infrastructure of companies

Spam affects everyone

Anyone who uses the Internet will sooner or later come into contact with spam. In most cases, this is “just” advertising that is sent unsolicited. Sometimes, however, such emails can also cause immense damage, as they are based on fraudulent (or simply malicious) intentions. Companies in particular need to protect themselves, as data theft can quickly lead to high losses and reputational damage.

Definition: What is spam?

Spam (or junk mail) refers to unsolicited messages that are sent electronically. It is usually sent by email, but can also be sent via social networks, text messages or advertising banners. Junk mail accounts for an estimated 90 percent of global e-mail traffic. Most of this is advertising. The term “spam” is short for Stupid Pointless Annoying Message. This suggests a commercial or advertising nature, but this is not always the case: some spam emails contain malicious content and file attachments that can pose a risk to private individuals and companies.

It is characterized by the fact that the recipient has not previously consented to receiving the message. Junk mail is usually sent to a large number of recipients as part of mass mailings. The senders obtain the email addresses beforehand via purchased mailing lists, for example.

What types of spam are there?

Advertising spam

Special offers, counterfeit products at knock-down prices and advertisements for sexual enhancers: sooner or later, every inbox is infiltrated by dubious mailings of this kind. If the offer sounds too good to be true, it usually is. Mailings with proselytizing or racist content are also common, as are fake messages, e.g. about celebrity deaths.

Subscription traps

With this method, the recipient receives an invoice for a subscription that has supposedly been taken out. They are asked to pay, often stating that they are in arrears and only have a short time left to pay. This is intended to build up pressure in order to tempt the recipient to act quickly and recklessly.

This type of spam is particularly problematic when well-known companies such as popular streaming platforms are named as the supposed sender. If you have actually taken out a subscription with one of these providers, you are more likely to classify such junk mail as authentic and follow up on the request.

Phishing

In a phishing email, the recipient should either click on a malicious link or open a file in the attachment. This is how cyber criminals obtain personal data, e.g. by requesting account information. Trustworthy and well-known companies are often chosen as the supposed sender, including banks, health insurance companies or Microsoft support.

A typical trick: A spam mail claims that the bank account will be blocked unless the recipient enters their details via a link provided and thus verifies the account. A time limit is given (often 24 hours) within which the action must be carried out, otherwise the account will be blocked. The recipient then enters their data on the authentic-looking login page and forwards it directly to the cybercriminals.

Malware

Junk mails can contain malicious file attachments that infect a device with malware. The malware is often hidden in Word documents, PDFs or zip files, for example in a PDF invoice. When the invoice is opened, the malware installs itself on the recipient’s computer. There are various subclasses of malware:

  • Ransomware: Malware that encrypts files or the entire device and only releases them in return for a ransom (“ransom”).
  • Spyware: Spyware that records and forwards the recipient’s files, messages, conversations and online activities.
  • Trojan: As with the ancient Trojan horse, the “enemy” is smuggled in covertly. In this case, it is a malicious program that deletes, modifies or blocks data and/or restricts overall system performance.

Free e-book: “IT security for SMEs”

This practical guide is aimed at medium-sized companies and provides essential knowledge about IT security in an understandable way. It is suitable for both beginners and experienced users.

The following contents await the reader:

  • The current IT security situation in medium-sized companies
  • Specific challenges for SMEs
  • Cybersecurity and data protection – importance and relevance
  • Protective measures for e-mail communication against hacker attacks
  • Securing business data from unauthorized access
  • Necessary software solutions for more IT security
  • Strategic measures to optimize IT security
Zum kostenlosen Download

Where do spammers get their e-mail addresses from?

Criminal spammers often obtain their data from address traders or from the darknet. Data theft is also common, especially from large and well-known service providers whose email lists are correspondingly extensive.

In so-called harvesting, spambots search websites for email addresses that are publicly accessible. These could be found in contact information, forum posts, comments or other public areas. Sweepstakes are also popular, in which contact details are collected and then used for spam emails or sold on to third parties

Why is spam dangerous?

Lösung für E-Mail-Security

An important point in the risk assessment is that the mass mailing of spam messages is relatively cheap for cyber criminals. This means, for example, that not only selected companies but also private individuals are targeted by spammers.

Spam can also be very dangerous because it not only distributes unsolicited advertising, but is also sometimes used to install malicious software (malware) on the recipient’s device. This results in the theft of personal data and manipulation. Phishing emails also request sensitive data that can give cyber criminals quick access to their victims’ bank accounts, for example.

Sorting out spam is also time-consuming and therefore costly, especially for companies. There is also a risk that business emails will quickly get lost in the flood of spam. At the same time, inboxes become clogged and servers are unnecessarily overloaded.

How do you recognize spam?

Unknown sender

Unknown or suspicious e-mail addresses often indicate junk mail.

Unwanted content

Undesirable content such as advertising for questionable products, fraudulent offers or obscene content are typical.

No personal salutation

General salutations such as “Dear customer” or “Hello” are used instead of the personal name.

Unsolicited attachments or links

Unexpected attachments or links are often included. You are asked to disclose personal or sensitive information.

Spelling and grammatical errors

Spam emails can often contain spelling and grammatical errors. This will not usually be the case with authentic emails, e.g. from a bank.

Pressure to act quickly

Typical are urgent calls to action, e.g. a limited offer that is only available for a short time.

Missing deregistration option

Legitimate marketing emails usually contain an option to unsubscribe from the mailing list. If this option is missing, the email is probably junk mail.

Phishing attempts

Requests for personal information such as passwords, account information or social security numbers are often phishing attempts.

How do you protect yourself from spam?

Mark suspicious mail and block sender
If an email is conspicuous, it should be marked directly as spam and moved to the spam folder. This teaches the email program to treat similarly structured emails as junk mail in future. The corresponding senders can be blocked so that no more emails are received from these addresses in future.
Create alias e-mail addresses
Some email services offer the option of creating alias email addresses. These can be used to protect the main email address by creating separate addresses for different purposes.
Do not reply to spam
Under no circumstances should the e-mail be answered, as the sender will then know that the e-mail address is active.
Update software and operating system regularly
Email software, operating system and anti-virus programs should be kept up to date to close security gaps that could be exploited by spambots.
Use of a temporary e-mail address
We recommend using a temporary e-mail address for online registrations, newsletter subscriptions or forum posts. In this way, the main e-mail address and the inbox remain free of advertising and/or malicious mail
Be careful with attachments and links
Attachments should not be opened and links in suspicious emails should not be clicked on, as this can lead to malware infections or phishing attacks.
Do not disclose your e-mail address publicly
Email addresses should not be publicly visible in public forums, social media or on websites, as the data is collected by spam bots. Only pass on your own email address to trustworthy sources. It is advisable to check the data protection guidelines to see whether information is passed on to third parties.
Implementation of e-mail security software
In addition to manual measures, anti-spam software is essential. The integrated protection of email services is often not enough, especially for companies. Professional solutions recognize and block spam and malicious emails immediately.

Make an inquiry now