Spam (e-mail)


Spamming is when one person or company sends an unwanted email to another person. Spam emails are the computer version of unwanted "junk mail" that arrives in a mailbox, such as advertising pamphlets and brochures. Spam emails are usually sent to try to get the person to buy something or do something else that will cause gain for the sender.
Source: Spamming (Wikipedia)

Uses:

  • advertising different products or services (mostly "pharmacy ads"),
  • scams (eg. Nigerian scam or Lottery scams, see here: Advance-fee fraud: "the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain"),
  • phishing - see here: Phishing: "it often directs users to enter details [eg. credit card details] at a fake website whose look and feel are almost identical to the legitimate one.",
  • malware distirbution (enhancing users to click on the links or open an attachment with a malicious file).
  • a variation: chain letters: "a message that attempts to induce the recipient to make a number of copies of the letter and then pass them on to as many recipients as possible" (Chain letter)

An example of a spam message - a fake UPS delivery notification:

spam_ups (59K)

In this case, you are asked to open a "document" attached to the message; in reality, this is an executable - a malicious file which may look like a PDF or MS Office document:
spam_ups2 (3K)

Another example: a malicious spam campaign purporting to be from DHL - Asprox spamming more Sasfis.
Other examples of spam messages - fake notifications: DHL, FedEx, tax return, traffic ticket.

You may also be enticed to click on a link to visit some site or download an executable file - an example: Fake Patch Tuesday Alert! (Security Labs).

Protection:

  • protect your e-mail address, do not post it in public places (eg. forums), consider using two e-mail addresses - private and public (or use a premium service, such as Yahoo! AddressGuard); more information: How to reduce the quantity of spam ,
  • use an antipsam protection - included with most popular web-mails and some e-mail programs (eg. Outlook 2010); some security programs have antispam protection as well (eg. ESET Smart Security),
  • do not open suspicious e-mails! If you do not expect such an e-mail or the title of the message is suspicious, delete it. If you happen to open such a message, and you find it suspicious, do not download an attachment, do not click on any links,
  • treat all messages with unusual requests as suspicious! If you got an e-mail from your friend, it doesn' mean it's safe - there is always a possibility his/her account has been compromised or his/her computer infected. If a message appears to be sent by a legitimate company, mouse over some links and check if the link really goes to where it claims (the address should appear at the left bottom part of your browser window),
  • use an updated antivirus software; make sure all attachments are scanned with it,
  • use an updated browser - modern browsers include some phishing and malware protection features; for example for Internet Explorer's SmartScreen Filter see here: here,
  • use a strong password for your account, make sure you do not use the same password elsewhere.


Additional reading:
- Email and web scams: How to help protect yourself (Microsoft Security Center)
- 7 tips for basic e-mail security
- Protect Your Account Information (UPS - tips and examples of fraudulent e-mails)
- Recognizing and Avoiding Email Scams (a PDF document, US-CERT)
- How to Avoid Phishing Scams
- How can I recognize a phishing email? (Yahoo! Security Center)

Published: 18 May 2011
Updated: 8 August 2011