Spam is any form of unsolicited text, call or computer communication sent in bulk. Cybercriminals send spam via emails, IMs, text messages, and also phone calls and voicemails. Experiencing spam is not only distressing, but can pose a severe threat to the privacy of your personal data.
ESET has put together a guide to what spam is, different types of spam, and how you can recognise and stop spam using ESET’s software.
What is spamming?
Spamming is where a spammer sends unrequested mass communication in the form of unsolicited commercial emails (UCE) or unsolicited bulk emails (UBE) to many contacts. Infected networks of computers known as botnets may be used to send out spam. It can be frustrating to deal with, particularly when the spam is used for malicious purposes.
Spam is always unsolicited – if you’ve previously signed up for a marketing newsletter which you now don’t want, this isn’t classed as spam as you requested it. A lot of the unsolicited spam emails we receive are commercial, however, some people spam to commit fraud.
Why is it called ‘spam’?
In the past, some people referred to spam as ‘stupid pointless annoying malware’. You may think the word spam comes from this acronym, but it does not. The term comes from the famous Monty Python ‘Spam’ sketch in the 1970s.
The sketch shows guests in a cafe who are unable to order anything but a type of canned meat known as SPAM®. None of the diners want to eat SPAM®, but it is unavoidable, much like the email spam we receive today.
Even though the sketch was in the 1970s, spam incidents have been recorded before the internet. In the 1860s, spammers sent mass advertising telegrams to politicians in Britain. After this, the first example of unsolicited spam email advertising was in 1978 using ARPANET. Spam rose in the 1990s as the internet grew and has continually evolved since then.
Different types of spam
There are many different types of spam. If you receive deceptive and unsolicited emails or messages, chances are they’re a form of spam. Below is an overview of the most common types of communication used by spammers.
Cybercriminals use phishing emails to send spam to as many people as possible, and this form of spam can be dangerous. Criminals hope to convince a few people to trust them and hand over sensitive data such as logins and bank details. They can then sell on this data or use it for their own purposes.
If you’ve been using the internet since the 1990s, you’ll likely have received an advance-fee scam email at some point. Criminals use these spam emails to solicit an upfront cash payment for a financial reward. They sometimes pretend to be long lost relatives or friends, in order to convince you to pay.
Spoof emails look like they’re from a trustworthy and legitimate sender such as Amazon, PayPal or Apple. This type of spam email often contains familiar branding and logos. The most significant difference is an email will ask you to take immediate action, which can include: paying an invoice, verifying a purchase you haven’t made, providing billing information, or resetting your password or account details.
Tech support scams
With this type of spam, you’ll receive an email asking you to contact tech support to resolve some form of tech issue. Spammers often mimic large companies to trick you into clicking a link or providing information. If you ever believe you have malware on your device, use a reputable company for help and visit their official website.
Unfortunately, antivirus scams are a common approach used by cybercriminals. These spam emails try to convince you that your device has a virus and you need to run an antivirus scan or download antivirus software. Clicking any links could give hackers access to your device or computer, allowing them to download malicious files onto the system.
Spam phone calls
Spammers use phone calls to try and collect crucial personal information. They may pose as a reputable business and ask you to confirm your address, bank details or billing information.
Current event scams
Scammers will often draw your attention using current newsworthy events. Spam emails can even offer helpful information at first, but later ask you for bank account information or personal details, which you should never provide.
These emails often claim you’ve won the lottery or another prize, and ask you to respond quickly with your details. Lottery scams may also request you click a malicious link. If you don’t recognise an email address or the message seems suspicious, do not click any links or provide details.
Malspam stands for ‘malicious spam’ or ‘malware spam’, and is a message which contains malware. If you click on a link or open an attachment, it allows malicious software to infect your computer, tablet or mobile phone. Some of the most common types of malware used in malspam are Trojans, bots, cryptominers, ransomware and spyware.
Spam texts and messages are also used to trick you into clicking a malicious link. Messages can come from unknown senders, or they may mask themselves to look like they’re sending a message from a legitimate business.
How to recognise spam
Once you’ve seen a few types of spam, it isn’t quite as difficult to spot them in the future. However, scammers are constantly evolving to use new phishing or spam techniques on the internet, so you need to keep up with the latest types to increase your online security.
Check the sender’s email address
This is one of the easiest ways to recognise a spam email. Some email addresses will be easy to spot, as they contain a string of strange numbers and letters. However, other spammers may replicate a major brand address with minor changes to the sending address, which are harder to spot so will require a careful eye.
Suspicious links or attachments
Another sign of spam is an email containing links and attachments from unknown or suspicious sources. The best thing to do is to never click any links or download any attachments if you suspect them of potentially being spam. Clicking a malicious link could send you to an unknown website, and downloading an attachment could give hackers access to your computer.
Missing personal details
If you’re a customer of a legitimate company, they’ll address you using your name most of the time. If this is missing from an email, it could be a red flag. Cybercriminals try to gain your personal information by tricking you into providing it with scare tactics and responding in such speed that you miss the obvious signs. Never provide your information to an untrustworthy or suspicious source.
Nothing draws you in more than an exciting offer, but scammers often use this as a tactic to catfish you into clicking a link or providing your details. You may also receive a spam email from what seems like a legitimate company offering you cash or a prize. Phishing emails attempt to draw you in and gain your attention using promising offers such as these before asking for details.
Spelling or grammar errors
Another big giveaway of a spam email is poor grammar and spelling. Everybody can make the odd mistake in an email, but consistent bad grammar, spelling mistakes and punctuation errors are signs to look out for.
How can I stop spam?
Even though it is challenging to avoid spam altogether, you can find out more about how to stop spam emails. Protect yourself and your devices by learning about the most common scams.
Most email inboxes feature a spam filter which does separate the majority of spam emails. However, you should always be cautious. Never provide your personal information or details to anybody you do not know or trust.
Some of the steps you can take to prevent spam messages and emails include:
- Never clicking links or download attachments
- Not responding to spammers or engage them in conversations
- Alerting trusted contacts if you receive spam from them
- Keeping your presence online private and never publish contact information
- If you run a website, ensuring the software is up to date and security measures are in place, such as Captcha
- Using two-factor authentication for any logins
- Using ‘backup’ or disposable email addresses to sign up for landing pages or apps
ESET offers multi-device protection and will safeguard your inbox from spam and phishing threats.
Is there a difference between spam and phishing emails?
Yes, there are differences between spamming and phishing. Both types of scams are sent in bulk, but for different purposes. Spammers are annoying but typically only use spam emails to promote a service, product or offer.
In contrast, phishing scams are carried out by cybercriminals to cause harm to an individual or to gain personal information. They will often use malware to obtain details and use them to commit fraud or other criminal activity. Phishing emails look like they’ve been sent by a legitimate company, meaning they are sometimes harder to spot.
Some of the most common features of a phishing email include:
- Poor spelling and grammar
- Asking for personal information
- Overly emotional language
- Extremely time-sensitive requests
- Emails containing forms
- URLs which do not match the language of the link
Why am I getting spammed?
Criminals use spam to target people online because it is easy and cheap to do. A spam email is cheap for a spammer to send and is sometimes effective. It takes just a few people to respond and a spammer will make money.
Spammers are also good at hiding their identities on the internet. They use spoofing to mask themselves, making it easy to earn a profit without the risk of being caught. It’s hard for authorities to hold spammers accountable if they can’t be traced.
You don’t have to sign up for spam to end up receiving unwanted emails and messages. Unfortunately, some companies sell personal data to third parties, including email addresses. Once a third party has your contact details, they can then send you spam.
As a result, GDPR (General Data Protection Regulation) rules were brought in by the EU in 2018 to help combat this issue, by limiting what a company could legally do with your data.
The original article, courtesy of ESET UK is available here.