If you keep up with technology news, you likely have seen one of the many stories over the past year that reported how spam levels are starting to drop. On the surface, this might sound like great news. Less spam means less time wasted deleting throngs of junk email messages that pollute your inbox. But even these reports are quick to mention that spam still makes up over 70 percent of all emails. Considering that an estimated 144 billion emails are sent every day, that 70 percent still adds up to a hefty number.
Even still, the fact that less spam is being sent means progress is being made. Yet while the volume of spam emails is down, the threat posed by malicious emails certainly hasn’t waned. In fact, email borne threats are more dangerous than ever.
Malicious emails are more sophisticated
Until recently, spam emails could be recognized by certain distinguishing characteristics:
- · An abundance of spelling mistakes
- · Errors in common grammar and speech patterns
- · Subject lines written in all caps
- · Multiple exclamation marks in the subject line
- · Using numbers and characters to substitute for letters in the subject line
- · Messages that were just too good to be true
But determining an email message isn’t legitimate isn’t quite as easy these days. Smart attackers now make sure that the grammar and spelling have been cleaned up and they moved away from the goofy looking subject lines. They have also made changes to the content of their emails. You might not see as many messages advertising cheap pharmaceuticals or better mortgage rates; but this is because how spammers make their money has changed. Instead of marketing being the focus, spam emails are being used to deliver links and attachments that can infect your computer and take it over.
“Your typical advertising mailing for a small business will bring in a certain amount of money, while advertisements for Viagra, for which the spammer earns a commission for each client who clicked on the link in the email and made a purchase, is paid at a different rate. However, the biggest profits are generated from malicious spam. An infected computer is worth considerably more than a Viagra purchase. Spammers are particularly interested in making sure that a malicious program gets onto a computer; perhaps that is why malicious spam often resorts to using a variety of tactics and social engineering.” Kapersky Labs, Spam in Q2 2013 Report.
Email Users Aren’t Helping
In a study conducted by TNS Global it was found that 30 percent of the 1000 adults who responded admitted to opening emails even if they were aware that it contained malware or that it looked suspicious. Even after an illicit email was opened, 8.8 percent of those people continued to download the attachment knowing that it would likely infect their computer with a virus or other malware.
The study probed respondents a bit further, asking people why they felt compelled to open these emails knowing that they could be malicious in nature. Women were lured in by invites from social networks. Men were captured more by lures of money and sex.
While it remains shocking that 30 percent of the population would knowingly put not only their computer, but also their personal and financial data, at risk this is not the worst part. These numbers only show the people who admitted to making this mistake and who were aware of their error.
Steps to take after your mistake
Whether you knowingly or accidentally opened a malicious email, damage control needs to be a top priority.
If the email you opened contained a link and you clicked it, the web site it took you to could possibly have installed malware on your computer. Known as a drive-by download, this type of attack exploits on vulnerabilities in your web browser to install malware. Malware can also be installed if the email contained an attachment and you opened, or installed, it.
Even if you suspect the email to be nefarious, update your anti-virus scanner and run a full scan immediately. After you are sure that your computer is clean it might be wise to change your passwords in case a keystroke logger sent your login information over to the bad guys.
Some emails even bring you to counterfeit web sites and ask you to login to check your account or make changes. If this was the method of attack, those passwords need to be changed.
You should also remember that these types of attacks happen at work as well as at home. If you suspect that you opened an illegitimate email in the work place you should notify the right person immediately.
While you still might receive an occasional email asking for help moving millions of dollars out of a war torn country for the member of a royal family, these messages are starting to become less common. However as long as criminals continue to make a profit from spam and other types of malicious emails, they will continue to show up in your inbox.