What do you think of when you hear the term spam? While some may envision the iconic mystery meat that comes in a rectangular can, it’s far easier to steer clear of congealed pork, if that’s not your taste (like it is for our friends in Hawaii), than it is to avoid the spam that arrives digitally as email, text, and social media messages.
The latter type of ‘spam’ took its name from the former. During the 1970s, Monty Python performed a sketch about a café that offered Spam in almost every dish, much to the dismay of a customer who didn’t like Spam.
Nobody who has encountered digital spam likes it much, either. It’s a constant nuisance. In fact, one cybersecurity company estimates spam comprised about 56 percent of all email traffic during the first quarter of 2017.
But spam email isn’t just a source of irritation; it’s a threat.
Let’s take a look at what spam email is, the kinds of dangerous spam we should be wary of, the ways in which we are all vulnerable to spam, and some helpful tips you can use to protect yourself against the dangers of spam.
What Is Spam?
Spam is the disapproving term we use to refer to annoying, unsolicited email messages, otherwise known as junk mail. And it often comes with dangers that we should take steps to avoid.
Phishing is one type of potentially dangerous spam. It occurs when cyber criminals send messages that promise untold wealth or attempt to steal (or persuade you to share) personal, account, or password data.
There are variations on phishing, too. Criminals who ‘spear phish’ focus on specific targets. They gather data about individuals and then send one or more messages designed to get what they’re after through ‘social engineering.’ Symantec (the cybersecurity company you may know as NortonLifeLock) wrote:
“The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: ‘Hi Bob’ instead of ‘Dear Sir.’ The email may make reference to a ‘mutual friend.’ Or, to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give the information they ask for. And, when it’s a company you know asking for urgent action, you may be tempted to act before thinking.”
Whale phishing generally targets high-profile executives or people with specific job titles. The goal is to convince them to disclose passwords or information that give criminals access to confidential information. Recently, a Lithuanian man was arrested after convincing employees at technology companies to transfer $100 million into accounts he controlled.
So, yes, we joke about spam in a can and the annoying spam in our inbox, but cybercrime is no laughing matter.
Why Are We So Vulnerable to Spam?
If you think you’re savvy enough to spot dangerous spam, think again. It can actually be extremely difficult to distinguish phishing scams from genuine digital messages. Often, phishing messages appear to be from reputable organizations or individuals, and it seems criminals refine their approaches every time the public learns how to protect itself.
For instance, one tried-and-true method for identifying phishing scams was double-checking a website’s address and ensuring it had a padlock symbol indicating the site was secure. In April 2017, however, Wired.com reported that:
“A cunning new exploit makes malicious phishing websites appear to have the same URL as known and trusted destinations… a malicious site that can impersonate a legit URL and depict that padlock leaves precious few tip-offs that you’re dealing with an imposter.”
The URL may have one letter difference from the legitimate URL that you won’t even notice.
If your mailbox is flooded with spam, that’s a red flag, too. It may be a distraction designed to prevent you from recognizing fraudulent purchases and bank transactions made with your stolen identity and credentials.
Rather than assume that you already know better than to fall for a spam phishing scam, accept the fact that it could happen to anyone if you are not careful.
How to Protect Yourself From Spam
Since it’s not easy to avoid technology, it’s a good idea to become familiar with the basic steps you can take to protect yourself from phishing scams. The Federal Trade Commission (FTC) recommends taking smart steps to be more aware, mindful, and proactive about avoiding spam and the potential dangers that come along with it.
Know What to Look For
Keep in mind that legitimate companies don’t ask for sensitive information via email or text. So if you get an email or text message that asks you to confirm or provide personal information, account numbers, or Social Security numbers — anything potentially compromising — delete it.
If the email contains a threat, be even more cautious. Cybercriminals often prey on vulnerabilities and use scare tactics. They may claim that your account will be shut down, you’ll be charged an extra fee, a negative mark will go on your credit report, or that some authority such as the IRS will issue a warrant for your arrest. Do not fall for it.
Act on Your Suspicions
If you have any doubts or questions, contact the individual or organization directly by phone. Don’t reply to the email, click on any links in the email, or dial phone numbers provided in the digital message. Instead, do your own research to find the company’s contact information and confirm the request is legitimate. More than likely it will not be because most legitimate companies will not conduct business this way.
If you suspect an email is fraudulent, forward it to firstname.lastname@example.org and contact the organization or individual impersonated.
Use Security Software
Our email and other digital accounts are vulnerable to spam. Make sure you are using security software on all of your devices and set it to update automatically. Don’t ignore the prompts to install updates on your devices as those updates often address vulnerabilities in security that protect against spam messages that contain malware or viruses that can scan and grab your private data.
And think twice before opening attachments or downloading files. If it’s an attachment from an unsolicited email, unexpected message, or from someone you don’t recognize, don’t download it. While it’s true that many email services are better at detecting and blocking these kinds of attachments than in the past, the safeguards are far from foolproof. Attachments may contain viruses or other malware, and it’s not worth the risk.
Because this can happen when you don’t even know it, you should never email personal or financial information of any kind. Never share any account login information by email; cybercriminals have designed ways to detect it as it passes through networks and steal it for their own criminal use.
You will not always know when your account has been compromised, so it’s critical that you review your credit card and bank account statements as soon as you receive them or, better yet, monitor your accounts more frequently to look for any activity that you do not recognize.
As we’ve seen, spam messages are more than a source of irritation; they often arrive in our inboxes with dangers that we need to avoid. It’s something we all need to take seriously.
Fortunately, there are steps you can take to avoid the dangers of spam, protect yourself against spamming cybercriminals, and take action if you are targeted.
The CAN-SPAM Act of 2003 makes bulk unsolicited commercial email illegal, and nearly all of these messages fall into this category. The fraud and cyberattacks initiated by these spam emails are also, obviously, illegal. But criminals don’t follow the law and they know how to get around the protections that have been put in place. So we need to take steps to protect ourselves from the dangers of spam.
No matter how vigilant you become, you may still fall victim to a scam via spam. If you’ve been tricked by spam, there are steps you can take to minimize risks and seek justice. Visit the FTC website at https://www.consumer.ftc.gov/articles/0003-phishing to learn more.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual.