Spam is on the rise – Again!

 

Email spam is once again the most popular choice for sending out malware. If you’re going to encounter malware in 2018, chances are it will happen through spam. Digital spam has been around for more than four decades and has remained as one of the main infection vectors. “During the past few years, it’s gained more popularity against other vectors, as systems are getting more secure against software exploits and vulnerabilities,” says Päivi Tynninen, Threat Intelligence Researcher at F-Secure.

According to Päivi, 2018 has proven to be quite a busy year thus far. F-Secure has identified spam samples to consist of dating scams (46%), emails with malicious attachments (23%) and links to malicious websites (31%). F-Secure have also found that there has been considerably less prevalence of ransomware in 2018 than what was found in 2017. “We’ve found that just five file types make up 85% of malicious attachments,” Päivi says. “They are ZIP, DOC, XLS, PDF, and 7Z.”

What is the reason for the spam “resurrection”? Ultimately, it’s because spam works.

It works because criminals are always getting better at understanding what “social engineering” entails. This “social engineering” allows a criminal to employ knowledge of user psychology to improve the design of spam. There are simple tactics that noticeably improve click rates. Spam that seems to come from a familiar name or someone the recipient knows, spam with flawless subject lines and spam that uses a call-to-action where urgency is implied but not emphasized, are all more effective.

People hoping to spread malware have to rely more and more on email spam because of all the improvements made in antivirus and endpoint protection software today. Criminals are now limited to email exploits only, so one should not regard email etiquette as frivolous. Rest assured, spam is one of the least effective methods of infection and can be controlled. Staying on top of email practices and protocols will contribute to the protection of your network.