Spam levels are up again. In a recent report, spam rose 1.4 percent to make up 71.1 percent of all email messages.
Odds are, your organization is doing what it can to fight spam. Most companies have some sort of anti-spam filtering technology in place to stop any malicious emails it finds before they reach your inbox; and most of these solutions are doing their job because that is how security researchers find out the amount of spam there is out there.
But why do we keep seeing spam levels increase? After all, just last year we were being told that spam levels were dropping to new lows and lifelong spammers claimed that spam just wasn’t that profitable anymore.
Well folks, spam is on the rise because spam still works. Anyone with something to sell and a low ethical threshold will still use spam because it really is cheap to send and even if you get a few victims to fall for your scam you will make a profit. Maybe you won’t have a fleet of sports cars and houses on the beach like spammers in junk email’s heyday, but you will make some money.
Why spam is successful
Spam, in its most basic form, is a way to market a product. Like telemarketers and junk snail mail, spam is unsolicited. Somewhere along the lines, a spammer obtained your email address and started sending you junk emails.
But how they work goes much deeper than this. Sure, there is the old saying from PT Barnum that there is a sucker born every minute; but spam isn’t just about duping the least intelligent people. Very smart individuals fall for these scams because the spammers know how to play them.
Spam, like all marketing if you think about it, relies on social engineering. In political science terms, it is defined as a way to influence people into thinking the way you want them to think. In security terms it is defined as a way to obtain something by manipulation. Spammers influence you and manipulate you into buying their stuff. Usually what they do is start off with a hook. They tie into something that is in the news cycle because it is familiar and can pique a person’s curiosity. Another way they work is to tie their message directly into a person’s emotions.
Take, for instance, a recent spam that is making the rounds that is selling training courses. These courses promise to teach its pupils the secrets of Steve Jobs’ success. Now just about everyone is familiar with Steve Jobs; he is a cultural icon. And these same people know that he took his company to the top not once, but twice; and he made a lot of money while doing it. He, by just about anyone’s standards, can be considered a success.
So the spammer hooks into this. There is the familiarity factor, Steve Jobs. They are not selling the success story of John Doe because that wouldn’t have the same effect. The next step is to tap into the emotions of their victims. In this instance they use greed and ego. The possibility of becoming as rich and successful as Steve Jobs may be worth the gamble. So people buy the training courses based on their dreams of leaving their current job or making a better life for themselves. So they fork over the money and are soon disappointed. Usually the product never arrives, and if it does it is not legitimate.
Not everyone will fall for the scam. In fact, many people may never see this message because their anti-spam filter tossed it out. But all it takes is a small percentage of people to believe in what the spammer is selling to make it profitable.
The truth is, spam will never stop. Laws and regulations can keep legitimate companies from spamming, and punish those that do, but the criminals don’t care. Organizations and individuals need to stay on top of spam by using the technologies available and educating themselves as to the dangers associated with malicious email.