Gravity Blog

Home / Blog / Spam in 2021

Spam in 2021

We're all familiar with spam. Despite the picture, I'm not referring to the canned spiced ham, but the unwanted communication we get over a multitude of platforms - but most commonly known in email.

Why do they spam?

Spammers (people who send the spam) us for a few reasons, they're looking to:

  • sell something,
  • steal data, or
  • be malicious

... or maybe all of the above.

Now, you might think spam is only a small issue, but Talos Intelligence states that as of July 2021, spam accounts for over 84% of all daily emails world wide. That's almost 283 billion spam emails.

Spotting a Fake Email

I received the most convincing spam email I've ever seen recently. And surprisingly it was a plain, boring email.

ID: <email address>

User password <email address> expires today due to recent patches on our servers.

To continue using your old password and migrate to the new security feature, follow the prompt below.

Continue


IT Support

The only giveaway was that the link was totally weird. If I was on a touch screen, I would have had to: tap and hold, copy, then paste into something I could read it in to check it. Fortunately, I could just hover my mouse over the link to see that it was funky.

Links within an email aren't the only thing to watch for of course, there are often hints in the language and/or word choice. ZDNet's article on the 12 most common phishing email subject lines can give you some clues before you even open an email.

How They Attempt to Fool Us.

What could possibly drive a person to not think about something properly? Urgency, panic or desire. Spammers play on this, and try to freak you out that you only have a certain tiny time frame to do something; that you'll loose somethig important if you don't act; or that something very desirable is on offer - and you should go check it out.

But the only way they can get some sort of outcome for themeselves is to have you or your email program interact with a link or an attached file.

Files can contain malicious payloads, meaning that they can do things that you wouldn't choose to do. Such as download a virus or malware (software that has malicious intent), or upload data that it somehow collected.

Links on the other hand are mostly about convincing you to enter certain details for your existing accounts. This can include leveraging your prefill data saved within your browser. Like the example above, while I didn't visit the link, I presume it would request me to login. The malicious actors would then have my details allowing them to have-at my email.

There are some cross-overs of course, where simply visiting a webpage will make your browser or anti-virus explode with alerts.

On the whole though, if you can avoid acting on spam emails, then you will stay fairly safe. But there's always a chance that you'll act first or someone else will use your device. It is important therefore, to have up to date anti-virus.

Going back to your example, would having them read your email be that bad?

Yes. Yes it would. They send and receive emails as me. That means:

  • they can see all the valid and working email addresses I've been contacting to increase their target list,
  • they would have access to any personal or confidential information residing in my email,
  • they send emails as me to request changes to services or banks I may have connected to that account,
  • they could reset passwords for any accounts I have connected to that email, and
  • some services use email as the second factor in 2FA or MFA, meaning they could get access to those accounts too.

Concisely put: if they get into your email, they get to BE you online. And this is one of the biggest cyber-crime issues of our time.

So next time you get an email in relation to an account of great value to you:

  • take the time to inspect the link,
  • look for the from email address, and
  • make sure they use the name they always use.

Ultimately, if you're not sure because of a single typo in the email, or the website you end up at is an older looking design. Close the browser tab or window, and in a new one, type in the real address yourself. Most places love to hear about these things, so you could even call them to confirm. They might praise your scepticism and attention to detail and ask for a copy of the email!

If you wish to talk about anti-virus, drop us an email.