By now, even the least tech-savvy email users are privy to the common characteristics of email spam. After dealing with spam for decades, we’ve all seen our fair share, and are likely embarrassed to admit how many times we have fallen for it.
Emails from that infamous Nigerian prince sure fooled people when they first rolled out, despite how obvious it may be now that an email like that is clearly spam. Now we have to worry about the emails we see coming from big companies like Amazon, FedEx, Apple, and PayPal, which are the most commonly spoofed brands in spam emails.
The advancement of anti-malware software has led cybercriminals to shift their focus back to email spam. Though it is considered to be one of the least effective infection methods, the other methods that were working well just a few short years ago are now being thwarted by anti-malware software.
Isn’t that what spam filters are for?
As email clients are becoming more sophisticated in their spam filtering efforts, these criminals are still managing to sneak their way in. Platforms like Gmail and Outlook have worked hard to step up their game in detecting and filtering email spam, and have made significant improvements, but email users need to do more than just rely on filters.
Just because an email lands in your inbox instead of your spam folder, doesn’t mean it’s safe. In fact, some have even reported finding spam emails in their sent folder, something many users wouldn’t even think to consider. As with any form of cyber attack, criminals continue to weasel their way in and find new ways around common protection methods.
One way that spammers are finding their way around filters is through the use of multiple redirects. As email users are redirected from page to page, they eventually land on a malicious file download. Because of the multiple redirects, it is more difficult to detect the spam, as the detection tools can’t access the malicious file directly. If researchers catch on, the spammers only need to remove one of the pages in the long list of redirects to break the link, making it much harder to investigate.
The evolution of email spam
Chances are if you received an email today asking you to send a money order to someone you’ve never met, you’d delete it before you even finished reading the first sentence. Unfortunately, email spam isn’t quite that obvious anymore. If one of these highly evolved bad boys makes it into your inbox, you’d be surprised how hard they can be to detect.
Spammers have begun personalizing these emails, leading users to believe that the email is coming from someone they know or a trusted business. The chances of these emails being opened, or a user clicking on the link or attachment included, is significantly higher.
Spam email subject lines are often much more convincing in this new breed of attacks as well. Instead of a suspicious or vague subject line with multiple grammatical errors, many of these email subjects seem perfectly normal, and often intriguing, resulting in more clicks.
Protecting yourself from spam messages
Regardless of how many safety features and filters you have in place, nothing beats good ol’ common sense. If you receive an email from someone you don’t know, or if it seems it may be someone you know but you don’t recognize their email address, be wary. Don’t open anything you are unsure of.
When you do open an email, keep an eye out for links. Typically, it’s best to access the link directly from the source rather than clicking it in the email, but if you do choose to follow the link within the email text, hover over it first to make sure that it will be taking you where you are intending to go. In most browsers, you’ll see the link URL in the bottom left corner when you hover over it. If something seems off, don’t click it.
If you need to share attachments, you’re better off sharing the file, or receiving a shared file from someone else, through a cloud storage service. This eliminates the need for you to download attachments directly from an email that may pose a potential threat.
It’s not worth the risk
When in doubt, check in with the sender through other means. Call or text your friend or co-worker if you see a suspicious email that looks like it’s from them. Write to a company’s help desk if you receive an unusual email from them asking for oddly personal information. If you’re on your company email account, pass along any activity that raises red flags to your IT team for review. It may seem like a pain, but ignoring these precautions simply isn’t worth the risk.