Spam is far more than a nuisance – both users and their computers can be placed under very real security threats.
McAfee has released the results of its S.P.A.M (Spammed Persistently All Month) Experiment, in which 50 people from around the world surfed the Web unprotected for 30 days. By taking part in the experiment, participants were given permission to go where most Internet users would not dare, in order to discover how much spam they would attract and what the effects would be.
Having studied the daily blogs and analysed the spam itself, McAfee researchers confirm that spammers are as active as ever; they are increasingly using psychological tricks to lure Internet users to part with their contact details, identity information and cash. The experiment clearly shows that spam continues to evolve, utilising more local languages and cultural nuances, as well as becoming much more targeted in a bid to avoid detection.
In the first experiment of its kind, the participants from ten countries received more than 104 000 spam e-mails throughout the course of the experiment – that is 2 096 messages each, the equivalent of approximately 70 messages a day.
One of McAfee’s goals was to highlight that, contrary to what people might think, spam is not only a nuisance but it also poses a very real threat and is showing no signs of slowing down. For anyone that has ever wanted to "click" and find out if an offer really is "too good to be true", the McAfee S.P.A.M. Experiment satisfies that curiosity, without any of the risks.
Many of the spam messages received were phishing e-mails – e-mails which pose as a trustworthy source to criminally acquire sensitive information such as usernames, passwords and bank account details. Other e-mails carried viruses and many encouraged malware to be silently installed on the computers by persuading participants to surf unsafe websites. A number of participants noted a decrease in their computer’s processing speed, as well as an increased number of pop-ups.
Says Chris van Niekerk, regional director of McAfee South Africa: "Many of our participants noticed that their computers were slowing down, which means that while they were surfing, unbeknownst to them, websites were installing malware. In just 30 days there was quite a noticeable change in the system performance of their computers. Notably showing just how much malware was being installed without their knowledge. Spam is much more than a nuisance; it’s a very real threat."
The results of the experiment also reveal a shift away from mass spam e-mails towards more targeted campaigns. Foreign language and social engineering spam are two areas in which participants received a larger than anticipated number of emails. France and Germany were the two countries that received the most foreign language spam with 11% and 14% respectively, something which McAfee expects to increase substantially across the globe in the future.
"If we would have done this experiment two years ago, I would have expected a much smaller percentage of the spam to be written in a foreign language. Although this is a small percentage of the overall spam, it’s something we expect to grow," says Van Niekerk.
With the US being the traditional territory of spammers, participants there were unsurprisingly at the top in the global spam league. Emerging economies such as Brazil and Mexico also took their place in the top five Global Spam League, suggesting that spammers are increasingly targeting new areas.
The most popular subject of spam was financial, for example pre-approved loans or credit cards, which may be symptomatic of spammers taking advantage of the current personal finance climate and perceived global credit crunch.
Despite its notoriety, people are still being fooled by the "Nigerian" spam e-mails, where a person supposedly from Nigeria contacts someone to let them know they are a beneficiary of a long lost relatives’ will in a bid to extract money from them. Internet users in the UK are most likely to be targeted by a spam e-mail of this nature with the UK participants receiving 23 percent of these e-mails.
The diversity of so-called "social engineering" e-mails (e-mails that play on people’s emotions to manipulate them into divulging confidential information) received during the experiment gave McAfee researchers valuable insight into this type of spam; something that they have seen grow significantly in the last five years.
"The McAfee S.P.A.M. Experiment proves to us that even though people think they know the dangers of spam, they don’t understand the true extent. Our participants came from all walks of life, from all over the world and, given their interest to take part in the experiment, they were well aware of the problem. Despite this, they were all shocked by the sheer amount of spam they attracted in such a short timeframe and the lengths the spammers would go to in order to achieve success.
"I think we can see from the experiment that spam is undeniably linked to cyber crime, however it is an immense problem and it’s simply not going away. It’s no longer a question of ‘solving’ it, but one of ‘managing’ it," concludes Van Niekerk.