Spammers are Getting Smarter - Be Careful Not to Fall for It

Tags: Cyber Security

Spam has been a constant concern for computer users since at least the mid-90s. Early spammers would send out advertising and other unsolicited messages from their own email addresses. While annoying, these emails were easily identified and blocked.

In the ensuing years spam techniques evolved, senders learned to spoof their information to mimic more credible sources and thus evade easy detection. This allowed cyber criminals to execute mass email campaigns where they would blanket thousands of people with virus-ridden attachments and malicious links. Email providers reacted by implementing more advanced filter systems that could weed out suspicious addresses and remove them before they ever reach users. Law enforcement agencies moved to shut down major spam distribution hubs such as SpamIt.com to cut these groups off at the source.

These strategies proved so effective that Bill Gates felt confident enough to state that spam would be solved within the next couple of years. A 2015 Symantec survey revealed that spam email levels had declined to a 12-year low, with less than 50% of emails classified as junk. Those advances proved short-lived: Today spam is back, and it’s more difficult to deal with than ever before.

How Spam Has Evolved

Recently, cybersecurity firm F-Secure released a study showing the variety of spam techniques used to infiltrate secured networks, from dating scams (46% of all spam emails) and malicious attachments (23%) to spoofed email addresses that redirect users from legitimate websites to malicious portals (31%). According to researchers, email has become the prime attack vector for cyber criminals because traditional exploits have become are increasingly ineffective.

Recent software updates have shut down tried and tested malware delivery channels such as Adobe Flash browser plugins while ever-advancing antivirus tools have made it difficult to exploit personal and corporate networks through more direct methods.

  • Spam targets a far more vulnerable aspect of computer systems, people. Today, spammers are using social engineering to encourage email clicks. Instead of sending out bulk emails, they mine social media and other sources to create personalized messages that attract your attention.
  • Malware attachments are usually disguised as work documents or receipts with .DOC, .PDF or .XLS extensions.
  • Modern spammers will also make an effort to keep their text and subject lines free of glaring spelling errors to keep up the illusion of legitimacy.
  • Hackers will embed their payload within a seemingly harmless URL that takes users through multiple redirections before they end up at the final malicious website.
  • Cyber criminals will routinely spoof communications from highly trustworthy brands such as Paypal, Amazon, and Apple to gain access to user passwords and user names. Spoofed emails are formatted and written to mimic normal messages from these companies.
  • To evade immediate antivirus detection, cyber criminals will often shield their malware attachments behind password-protected folders, with a password provided in a second document. This protects the attachment from being scanned before opening.

Together, these techniques combine to increase the chances of a successful attack by up to 16.5%. Click rates have risen from 13.4% at the end of 2017 to 14.2% in just half a year which shows just how effective spammers have been.

Emails Are Not the Only Attack Vector

Email is far from the only spam delivery channel. Cyber criminals are targeting their victims through a variety of platforms.

  • Spammers will set up robot accounts on social media and dating apps that trick unsuspecting users into clicking malicious links or downloading malware. These bots take advantage of the fact that these networks are built to encourage interactions between strangers.
  • Robocalls have become an increasingly popular tool for spammers. Call blocking service YouMail estimated that 29 billion robocalls were placed across America in 2016 alone. These calls are usually placed using auto-dialing software that can spoof caller id numbers to mimic local area codes.

Need Help Combating Spam?

Our IT support professionals can help your business detect and filter malicious spam through social media, email, and other digital platforms. Contact us today, to take advantage of our extensive expertise.