What is Spam?
Spam is unsolicited bulk messages sent to multiple recipients. It is the use of messaging and emailing systems to send unsolicited messages to large numbers of recipients for commercial adverting and other prohibited purposes like phishing.
- Spam is unsolicited bulk messages sent to multiple recipients
- Spam has evolved from an annoyance to criminal enterprise, and from hobby to profit-driven attack.
- Spam became prevalent in the 1990s with the increased availability of domains
- Spam unwanted messages swamp messaging and email systems, drowning out important messages
- Spam affects emails, instant messaging, blog, and social media
- Do not reply to spam, be vigilant, use multifactor authentication, and turn your spam filter on to avoid getting spammed
A History of Spam
Today, spam has evolved from an annoyance to criminal enterprise, and from hobby to profit-driven attack. Spam started just as email did. Gary Thuerek sent the first spam message touting a new DEC computer system to ARPANET users in 1978. In 1994, immigration lawyers Canter and Siegel made mass postings advertising their services to hundreds of USENET topic-specific discussion groups (none of them on the topic of immigration to the United States).
At the same time, users realized that emails services lacked adequate security considerations, and used the loopholes to spam efficiently on that medium.
Spammers could easily forge domains and addresses. However, since it was a challenge for spammers to obtain an email address in the early 1990s, receiving sites could quickly identify and block spam and IP addresses. Cyber actors could also relay their spam messages through third-party mail servers.
Domains became readily available in the 1990s, making it easy for spammers to send mass unsolicited emails. In 1996, big companies, including Microsoft, Earthlink, and AOL sued former junk-faxer Sanford Wallace.
Hackers developed malware to insert to computers that allowed them to form vast botnets in the 2000s. We are still dealing with malware today.
Spam Target Areas
Spam is a problem in different media and invariably arises when such media allows users to send many messages without per-message charges. Spam has affected various areas such as Usenet, email, blogs, blog comments, instant messaging, and social media, including Twitter and Facebook.
Spam also appears as junk faxes, VoIP telephony, Instant Message (AOL Instant Message (AIM) and Apple iMessage), and phone text messages. Other targets include web search engine spam, wiki spam, and online classified ads spam.
With toll rates in much of the world approaching zero, junk faxes and VoIP telephony spam incidents are on the rise. At the same time, as users move from one service to another on the Internet, for example, from Myspace to Facebook, spammers follow them.
An advance-fee scam is also known as the Nigerian scam or 419-scam because the attack originated from Nigeria. 419 refers to the section of the Nigerian criminal code the scams violate. Despite its name, only a small fraction of spam originates from Nigeria.
Advance-fee scams involve a mysterious offering you a vast reward in exchange for a cash advance, usually as processing and transfer fees for a more considerable sum. Once you wire the cash to the cybercriminals, they disappear with your money.
Phishing is the most straightforward kind of cyberattack and the most dangerous and effective. Phishing emails trick victims into giving up sensitive information, such as login credentials, personal details, and credit card information, by way of email spoofing and social engineering.
Phishing emails contain familiar branding and content that sound urgent and threatening.
Malspam is a malware spread via spam. Much like advance-fee and phishing emails, malspam leverages social engineering to trick recipients into taking action against your better judgement, like opening an attachment or clicking a download link that infects your computer with malware.
Spam on Mobile Devices
Since mobile phones became a commonplace, and Internet calling (VoIP) became cheap, spammers devised new ways to target victims. Android userbase has more than 2 billion users that cybercriminals can target.
Today, victims have reported spam attacks in the form of prerecorded scam messages purportedly from banks, utility companies, credit card providers, and debt collectors.
Impact of Spam
In 2018, spam made up 85 percent of all daily email, with most originating in the United States, followed closely by Brazil and China. Advertising about products and services comprise 98 percent of all the junk emails suppliers send.
Spam causes problems related to the combination of the bulk aspects and unsolicited aspects. In particular, unwanted spam messages swamps messaging and email systems and drowns out crucial messages. Email users waste time sifting through whatever gets to their inbox, including spam.
Apart from using spam for advertisements, many spammers use the tactic to spread propaganda or perpetrate other forms of fraud. However, it’s only two percent of spam email that kees cybersecurity teams up at night.
How Can I Prevent Spam
Spamming remains popular and economically viable because advertisers have no operating costs beyond the management of their mailing lists, servers, IP ranges, domain names, and infrastructure.
- Use email applications that filter spam out. Most bulk emails never make it past email filters and into your inbox. In case a legitimate email makes their way into spam folder erroneously, you can prevent that from happening by flagging such emails as not spam.
- Do not respond to spam. A survey revealed that 46 percent of users said they clicked or replied to spam out of curiosity, to unsubscribe, or to learn more about the products being offered. By responding to spam, you demonstrate to spammers that your email is valid, encouraging them to send more spam.
- Do not enable macros by default. If someone emails you an attachment and the document asks you to enable macros, click no.
- Be vigilant. Learn how to spot and avoid phishing emails.
- Use multifactor authentication to prevent cybercriminals from accessing your accounts even if your username and password are compromised