Fully recognizing and understanding something is vital when it comes to avoiding it. You may think that a wolverine is a cute, furry animal to cuddle with if you were not aware of their overly aggressive nature and the fact that they can occasionally steal food from bears (they can!). The same premise can be applied to email. No, not the stealing from bears thing, but the truth is the best way to avoid potentially harmful email and spam is to be aware of what it looks like, and the methods spammers use to employ it.
Securelist (of Kaspersky Labs) recently released their comprehensive report about the spam that was prevalent during the month of June. It is a pretty detailed and interesting report, so take a look if you have time. Here are some highlights:
Hello, I am a Nigerian (Ukrainian) Prince, I Would Like to Online Date You and Take You to The World Cup…
Current events are being capitalized as spammer’s tools more and more frequently these days. In June many people found emails promising World Cup tickets or spinning a new Ukrainian twist on the classic “Nigerian Prince” scam (he has inherited millions, but needs to transfer the money to your account, you will get a percentage for helping! Just send him your bank info…).
Father’s Day spam made its appearance as well, in the form of fake advertisements for gadgets and popular Father’s Day gifts. Online dating was another large target for spammers in June. Working to capitalize on the ever growing trend of finding a match online, spammers would offer recipients access to new dating sites or downloaded lessons, such as “24 Lessons for Attracting Women”.
But HOW on Earth Do These Work?
Well of course none of these emails are CAN-SPAM compliant, but the trick is they work very hard to appear as legitimate, business or marketing emails.
World Cup emails were sent out with fraudulent links that the user would then fill out their information in order for a chance to win tickets. The link was attached directly to the graphic files that were in the email. Spammers also convinced their targets the emails were real by using the domains of Visa and FIFA.
Spammers also will often attach a line of junk text (such as a literary quote) to the bottom of an email in order to help avoid spam filters, as many of the Father’s Day phishing emails did. Emails that promote a brand new service such as a dating site can be effective simply because without existing knowledge of the product or service, the target has less reason to doubt the email’s authenticity.
Being aware of current events that spammers may exploit and of the methods they typically use to do so will keep you a step ahead and help reduce the amount of potentially hazardous emails you encounter day to day. Having a solid working knowledge of these templates and tactics is also quite important from a business perspective, simply because adopting a style for a legitimate email that looks or feels remarkably close to spam is probably not the best email strategy.