Is Personalized Spam Effective?

When researching spam trends and news stories I occasionally come across a story where the trends, statistics or focus are absolutely startling to me.

This happened when I read an article on securitynewsdaily.com claiming that personalized email advertisements were the most hated kind of spam. The article, highlighting the research of the Temple University’s Fox School of Business Management, showed that 95 percent of all people in their study claimed that when they received a personalized advertisement by email – one that addressed them by name – they were turned off.

According to Sunil Wattal, Assistant Professor of Management Information Systems, this distaste for personalized email advertisements is rooted in the consumer’s fears regarding privacy invasions on the part of companies who collect information.

“Given the high level of cyber security concerns about phishing, identity theft, and credit card fraud, many consumers would be wary of e-mails, particularly those with personal greetings,” Wattal and his co-authors, Rahul Telang, Tridas Mukhopadhyay and Peter Boatwright from Carnegie Mellon, wrote in the study.

Are people wising up?

The most promising aspect of this study is the fact that the sample size was so large.

Many times when you see percentages thrown around, the size of the sample could be less than a thousand participants. However, in this case the number of people who received marketing emails as a part of this study was 600,000 with over 10 million email messages sent.

Those numbers, they seem quite promising because it means that people are starting to pick up on some of the more serious threats that can be delivered via email. More importantly, they are starting to see that personalization doesn’t mean that they are safe. Cyber criminals may have to start modifying their methods as a result. Especially since spammers seem to be ramping up their efforts to swipe confidential information from their victims.

Why personalized spam is so dangerous

Personalization appealed to cyber criminals who relied on spam because it grabbed the recipient’s attention right off the bat.

Thinking that, “Hey it’s addressed directly to me so it can’t be a mass mailing (spam),” meant that people easily fell for the scam and clicked on links that were sent to them via spam. Those who work with email know just how easy it is to have an email list that contains names along with addresses so personalization is rather easy. Even for spammers.

And that becomes scarier for email users as big brand names such as PayPal, facebook, TAM, AOL and JP Morgan Chase lead the way as the most popular targets for phishing attacks. And when you add personalization to that type of attack, the bait becomes even more appealing to the recipient.

Avoiding the scams

Knowing that just because you are addressed as an individual doesn’t discount the possibility that the message is spam is a start. But it’s not the only precaution you should take against the litany of phishing scams and other spam that makes the rounds.

There are other things you should be doing. If an email looks suspicious to you, running through this checklist may make it easier to tell if it is legitimate or nothing more than an attempt at your account information.

  • Check out the To: field. Does it contain your email address? If not, treat it as a red flag.
  • Copy a portion of the message itself and paste it into Google’s search box. If you see warnings related to this content, delete the email. No questions asked.
  • Is a URL shortener used? If so, steer clear until you use something to preview it. Extensions are available for most browsers that allow you to see just where a URL goes before you click.
  • Are you being asked to sign a petition? Or forward a petition on to your friends? If so, the message may be spam. Ever since organizations started collecting names for online petitions, spammers have taken note. It’s an easy way for them to redirect victims to malicious web sites by masquerading as a cause they believe in.
  • Are you being told you need to update your account information? While this may seem as old as the Nigerian Prince scam, it is still used by cyber criminals all over the world because it still works. If you need to update your account information visit the website directly, don’t follow a link sent to you through an email.

While all evidence shown in the findings of Temple’s study show that people are getting wise to the techniques used by spammers, it doesn’t mean that the fight is over.

As we have seen in the past it only means that the scam artists will simply get more creative in how they approach their victims.

Written by Jeff

0 Comments

  1. Jake Hamilton · June 19, 2012

    If it walks like a duck, and it smells like a duck….Personalization would be a great tool for spammers to use to get more successful attacks, but the fact of the matter is that the rest of their message still uses all the same tricks. Filter-avoiding misspellings, URL shorteners, suspect attachments. As people become smarter users, a correct name is definitely helping the spammer, but 1 out of 4 red flags lowered isn’t enough to get past most people’s filters.

  2. Jessica Craig · June 21, 2012

    For those users who have heard about spam, a personalized message is really scarier because their first reaction is that the sender knows them, knows their address and possibly knows more about them. As for efficiency, it must be harder for spammers to find names together with addresses, so it involves more work. This is justified to do only when the benefits are more, otherwise from a spammers point of view this is just a waste of time. Probably this inefficiency will stop spammers from using more personalized messages.

  3. Brad Cantor · June 29, 2012

    Yes, the fight is not over. I would expect spammers to catch on with the trend and realize that, yes, people are wising up. And pretty soon, they will find new ways to get into the people’s pockets or get information from them and use those information as leverage.

    I always belief that harsh prosecution is the key. The fight against spam is a multi-pronged approach but when bigger resources devoted to finding the people who do the deed and the people and organizations who aid those spammers in one way or another.

    You have to make it painful for it work. Call is punitive if you must, but I stand by my belief that it’s going to be the most effective battle to win the war.

Leave A Reply