Spam still rules as the most popular attack vector for cyber criminals
3 August 2018
Email spam continues to be the most popular infection vector for cyber criminals even though it was first used 40 years ago, say researchers who observed that a majority of spam emails still contain malicious links and attachments and links to scam websites.
In fact, spam has gained more popularity in the past few years considering that it offers cyber criminals a decent chance of success and also helps them avoid new technology solutions that help enterprises and individuals defend against software exploits and vulnerabilities.
“Email spam is once again the most popular choice for sending out malware. Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites,” says Päivi Tynninen, Threat Intelligence Researcher at F-Secure.
Spam is relatively safe and effective
Cyber criminals who rely on spam to distribute malware, to generate more clicks on scam websites, or to redirect users to malicious websites to capture their identities are also refining their tactics to improve their chances of success. Many spam emails look so genuine at first glance that users are often unable to differentiate between a genuine marketing email and a spam one.
Research by F-Secure has revealed that the chances of a recipient opening an email increases by 12 percent if the email claims to come from a known individual, and this fact has motivated cyber criminals to impersonate people known to targeted victims to increase their chances of success.
At the same time, the probability of recipients opening spam emails increases by 4.5 percent if emails are free of subject line errors or grammatical errors. Error-free emails give an impression that they are sent out by genuine firms and not by opportunistic hackers whose command over the language may not be excellent.
Criminals are also drafting spam emails in such a way so as to generate a sense of urgency among recipients, as this forces users to click on certain links without thinking twice. Spam emails that tell recipients about expiring discount offers and exclusive offers for a limited period usually do the trick, even though there are hundreds of other tactics that fraudsters use to generate urgency.
Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity (acquired by F-Secure this year) says that click rates of spam emails rose from 13.4% in the second half of 2017 to 14.2% in 2018, indicating that tricks used by fraudsters are fetching better results. Poor cyber hygiene habits of recipients also contribute to the success.
Younger generation to blame?
Last year, a survey carried out by Get Safe Online revealed that as many as 11% of 18-24-year-olds in the UK fell for phishing emails and lost an average of £613 to scammers. In comparison, only 5% of over-55s in the UK fell for similar phishing scams and lost an average of £214.
“Evidence from the report revealed just 40% of under 25s say they ‘carefully read and re-read all emails’, in contrast with two thirds (69%) of 55+ year olds who scrupulously check all online communication.
“Worryingly, half of under 25s (51%) even admit to regularly ‘replying to or clicking links in unsolicited or spam emails’ – despite it being a common technique used by phishers. However, older Brits are more cautious, with only a quarter ever replying to or clicking on links in suspect emails,’ said Get Safe Online.
“Unfortunately, it doesn’t surprise me that fraudsters have turned their attention to the younger generation – under 25s spend so much of their time online, leaving a trail of personal information behind them, with little or no regard to security or privacy,” said Tim Ayling, Director EMEA, Fraud and Risk Intelligence at RSA Security.
“Cybercriminals are adept at following this trail of breadcrumbs back to their target, and ruthless when it comes to using this information against them for financial gain,” he added.