Security Terminology Demystified: Spam

Nov 3, 2019

Is it a tin of unidentifiable meat that was once a staple of the 1970s diet or is it the security threat that everyone forgets?

Spam, both the extremely concerning meat product in a tin and the email security threat, is the scourge of humans around the world. It’s the leaves that pile up against the door in a storm and take ages to clear up.

It’s the wading through ‘*are you still looking for a Love life?’ emails that sometimes sneak through your spam filter.

And, on the flip side, it’s the fervent apologising to clients and colleagues when their genuine emails are sucked up by the spam filter and deadlines are left to rot. Spam is, quite possibly, the most annoying security threat you will ever encounter, and therein lies the danger.

It’s easy to forget that this badly written, loud-mouthed, embarrassing uncle of email technology is actually a serious security concern.  In fact, security expert and leading security speaker, Dave Piscitello puts it perfectly, “Spam is a criminal infrastructure enabler.” In 2017, the Cisco Talos Email and Web Reputation Center reported the average spam volume as 367 billion, in September 2019 that amount was 409,51 billion. That’s versus 68.90 billion legitimate emails. Daily.

 

The definition

Spam is defined as the electronic equivalent of the bits of paper stuck to your gate selling tree cutting services, the un-asked for newsletters and papers shoved through your car window in a heatwave, and the junk mail that tumbles out of your post box whenever you can be bothered to check. It’s a combination of legitimate advertising, malicious code, phishing, trojan horses, viruses, traditional scams, rude messages (some in the subject line), and the code that will turn your PC into a zombie.

There are several concerns when it comes to spam, the most important being the one that was already mentioned earlier – it is very easily dismissed or clicked on because it’s so pervasive and can appear so very harmless. The problem is that often people don’t realise that the so-called legitimate advert is an email packed full of malicious code. Another problem is that the more people make the mistake of opening or accessing spam, the more the spammers will keep it up. If only 1% of 1000 people open or reply to an email and get caught by a virus or get phished, that’s still 100 people that made that one email into a success. It’s a numbers game and the sheer volume of spam sent out by spam bots and users and hacked systems and agencies makes these percentages worthwhile.

Spam should make you worry for the following reasons:

  1. It’s how the bad guys get the malicious code and security threats into your inbox and in front of your eyes. One bad click and they’ve got you.
  2. Spam can block up your network and cause it to slow down, badly. If enough spam is thrown at a system at high enough speed your machine and network could collapse. If you’ve become part of a botnet, your PC will be the zombie sending spam to other systems.
  3. It can get mixed up among the legitimate emails.
  4. It’s your problem. Spam filters can only do so much, and often they do too much. You’re the one who has to do the hard work to ensure that your system, life and inbox aren’t overwhelmed with spam.

An example: Cutwail is an example of how spam can be used as a weapon thanks to malicious malware, and used extremely effectively. Cutwail was discovered in 2007 and by 2009, it was estimated that it had infected an estimated two million systems, was sending an average of 74 billion spam emails a day, and was responsible for 46.5% of the spam being sent out globally.

 

The threat

There are several things you need to be aware of when it comes to spam:

  • It’s the fake email, the bad spelling, the threat, the advert, the dodgy subject line and the friend whose been hacked. These emails can be anything from phishing to Trojans to botnets to scams and every, single one is sitting in your inbox, waiting for you to make a mistaken click.
  • It’s annoying but you need to be prepared. Invest into an antivirus solution that’s capable of catching spam before it hits your inbox. Take the time to customise the filters and don’t get frustrated if the system gets it wrong. It’s not perfect and spam is always evolving.
  • Always check your spam filter. Be warned, it won’t be pretty but it’s a really good idea to set aside time each week to go through your spam filter (don’t click on them!) to make sure that no legitimate emails have been stuck in spam jail by mistake. This will help you to avoid the issues of missed deadlines, annoyed friends and frustrated colleagues.
  • Don’t put your email address on the internet. This only makes it tasty fodder for email address harvesters who will scoop it up and sell it on to the scammers. If you must put your email online, rather spell out the @ as [at] and use inverted commas “” to shake things up. A person will be able to interpret it but a bot probably won’t.
  • No, that unknown wealthy relative from Nigeria isn’t real. This is the most famous of spam messages and has been actually given the name “419 scam” as this is the Nigerian Criminal Code for fraud. Nigeria may have made it famous but variations of this spam are everywhere and can catch even those who know the risks.

Fun fact: Monty Python fans will be delighted to know that the comedy team is considered to be very likely responsible for the fact that we call junk email ‘spam’. The origin is the comedy sketch by Monty Python that referenced the rising tide of people enjoying, well, spam (the food). The word ‘spam’ was used in the Multi-User Dungeon (MUD) community as a reference to the sketch and spamming was used to flood chats with useless text using a bot. See the link? You can follow the story of spam’s origins in this investigative post right here. Or you could cheer yourself up by simply watching the Monty Python sketch right here.

 

The protection

Here are five steps that you should follow to manage your spam:

  1. Invest into a solid antivirus solution – If you have a security software solution installed, like Norton Security Premium, then it will help protect your system against spam by removing suspicious emails at the outset. However, if one slips through then you should always avoid clicking on anything until you’ve verified it.
  2. Don’t publish your email address – It’s not worth the hassle and it will result in your email being used by spammers to send you endless amounts of spam (not the food).
  3. Ensure anyone using a PC understands what spam is – Kids, adults, employees, co-workers – don’t let other people make the mistake of opening spam or being scammed. Explain how it works and help them manage their spam filters more effectively.
  4. Create a spam email address – For entering competitions or filling in forms or for use on the general internet, use an email address that is just for that purpose. Don’t use your work or personal email addresses.
  5. Be aware of everything. The spelling, the URL, the SSL certificate, the nature of the request and the validity of the contents. Don’t fall victim to any of the issues that spam introduces.