What is Spam? All You Need to Know

Have you ever come across the following types of emails?

• Buy this pill to grow your hair!
• Get this cream to remove all the problems from your skin!
• Congratulations, you won a huge lottery!
• Welcome to the ‘ABC’ dating site, all the girls are waiting for you!

Well, most of us have certainly encountered a few of these and as good as it seems, they're all fake, and these are all spam. Such annoying advertising falls under spam; according to research, about 98% of spam emails comprise these annoying emails. Cisco Systems analyzed the origins of spam in 2011, and most originated from the United States, Brazil, and China.

While these emails are annoying and rather harmless, the remaining two percent are harmful, including phishing emails to steal your personal information, financial information, and user credentials. The Nigerian princes that promise riches on behalf of a small payment done by Western Union are examples of spam emails that can steal your money.

Other emails that target you to click on attachments and links on the email will load your system with malware and even fall under a phishing scam.

So what is spamming?

Spamming is any unwanted, unsolicited digital communication sent to a large number of recipients by the use of messaging systems (mostly email). The purposes might be for commercial advertisement, sending false information, or any kind of fraudulent activity (like phishing).

Spam is a huge waste of time and resources. There are many applications of spam (which will be covered along the way) used for marketing purposes and illegal criminal purposes. In the age we live in now, email applications come equipped with spam filters. However, users waste their time on what passes through.

According to Oracle Dyn, the total cost of spam in terms of productivity, energy, and technology adds up to $130 billion annually.

The bottom line is if there is an inbox, spammers will clog it.

So spam is only in emails? No.

Spam can be found all over the internet, including internet forums, text messages, blog comments, and social media, among many more. But email spam has made its way to the top as it is the most prevalent and often most threatening to consumers.

Spamming is an economically viable solution because advertisers have no operating costs other than managing their mailing lists, servers, infrastructures, and domain names.

Spam in different media

Spam can be found in a number of places; we will explain some of these types of spam for you to have a better idea.

Email Spam

Email spam, commonly known as junk mail or unsolicited bulk email (UBE), sends unwanted email messages in large quantities. During the mid-’90s, when email was available for the public, spam became a headache, and from then, it grew exponentially over the years.

If we talk numbers, by 2007, 80% to 85% of all emails were spam. Since this was a problem, governments, email service providers, and security firms started filtering spam, and by 2014 the numbers were reduced to 66% of all emails.

Due to spam populating the inboxes of many, many people started harvesting email addresses and selling the compiled databases to spammers. Unfortunately, a common approach relies on users not reading the finer details of agreements, resulting in giving consent to receive spam emails.

Newsgroup forums

Newsgroup spam is a type of spam that targets Usenet newsgroups. Spamming of Usenet newsgroups was used even before e-mail spam surfaced. Spamming is defined in this case as multiple postings of the same content (messages) repeatedly.

Mobile phone spam

Mobile phone spam is the text messages you get on your phone. This is really annoying for two reasons: the phone keeps beeping with unwanted messages, and in some markets, you are charged for incoming texts.

However, now, there are regulations in the US where SMS messages have to have options of HELP and STOP, which complies with the CAN-SPAM regulations. The STOP feature will end communications with the advertiser completely.

Spam on social media

Social Media is not immune to spam. Facebook and Twitter have spam lurking inside the platforms. The spammers will populate the feed, chat, and comments with unwanted content. It is used in many ways, including bulk messages, insults, malicious links, fraudulent reviews are a few among many.

In the case of Facebook, spammers will hack into accounts and send spam (like false links, messages, etc.) to their ‘friends’ by disguising themselves as friends or family.

On Twitter, spammers gain credibility by following verified accounts, and if the owner follows back, that legitimizes the spammer. This allows the spammer to send spam as he sees fit.

Spamming in blogs

This type of spamming occurs on blog sites (stating the obvious). Initially, blog sites had an open nature to comment freely, which led to spamming. However, the spammer will often repeatedly comment on the blogs with a link to their website.

Even in today’s day and age, this tactic is still being used. But since most blog sites have an approval system in place, the spam can be filtered out. The above picture shows all the spam that has been rejected.

Spam on video streaming sites

Just like spamming on blog sites, spammers can repeatedly spam on the comment section. However, they will be filtered by the streaming services. While this spamming occur as text, there’s also video spam.

In video scamming, the uploaded video is given a name and description with a popular figure or event that will attract attention from users. Some videos have certain timed images to come up as the videos thumbnail image to mislead viewers like a still image from a popular movie.

While some videos show a simple text or image guiding the viewers to click on the link on the description, which leads to a different site, these links can lead to online surveys, different websites, or, worst case, install malware.

Other video uploads will be to promote a product or service by focusing on actors and paid testimonials. These types of videos are the ones that do not qualify for the standards of a television studio.

VoIP spam

Voice over Internet Protocol is similar to telemarketing phone calls over traditional phone lines. This happens when a user chooses to opt in to receive spam calls where usually a pre-recorded spam message or advertisement is played.

This is easy and cheap for spammers because calls over the internet are cheaper than traditional phone calls, and it’s easy to anonymize the calls from all over the internet. The spam IP addresses and accounts can be usually identified by taking into account:

• A large number of outgoing calls
• Low call completion
• Short call length

The most common mobile phone scams are pre-recorded scam messages supposedly from banks, credit card companies, and debt collectors. However, there are many applications of mobile phone scams.

Mobile Applications

Spamming in mobile app stores are mainly in three forms:

1. Applications that were automatically generated which has no specific function or any meaningful description
2. The same application gets published multiple times to increase the visibility in the app market
3. Applications that excessively use unrelated keywords to attract users

Spam incorporated with malware

While most spam is harmless, some come hand-in-hand with different types of malware. The spammer has his own motive, which results in what type of malware is sent out. Let’s briefly go through the type of unwanted programs that come with spam:

Different types of malware exist today. Check out the data from AV Tests total malware, which shows the amount of malware over the years.

Malware is integrated with spam emails, and each type of malware has a specific function.

• Macro Virus

These types of viruses can run on all platforms and are usually embedded within a word and excel files. When a macro virus infects a system, it causes a sequence of actions to begin automatically when the infected applications are opened.

• Stealth virus

This has the power to hide modifications by intercepting antivirus calls to the operating system and provides false information.

• Polymorphic virus

This virus makes identical copies of itself on your system. This will take a lot of your CPU power, affecting the performance.

• Self-garbling virus

These types of viruses hide from antivirus software by modifying its code.

• Keyloggers

Keylogging is the action of recording the keys struck on a keyboard without the victim having any knowledge of the issue. The data can be retrieved by the person operating the logging program.

• Trojan horse

This is a type of malware often disguised as legitimate software. Spammers and cybercriminals use these to retrieve user data.

• Bots and Zombies

A bot or zombie is a computer that a remote attacker has accessed and set up to forward transmissions (including spam and viruses) to other computers on the Internet. The purpose is usually either financial gain or malice.

Types of Spam

There are different types of spam out there with different intentions. For example, we have annoying marketing spam on one side of the spectrum, while the other end has serious threats. These include cybercriminals attempting to break into online accounts, steal data, and spread malware.

Marketing spam is annoying, but it’s not a threat. Your email providers usually filter these out, and what passes through the cracks can easily be identified. The others are not so easy.

• Advance-fee scam
• Phishing scam
• Malspam
• Steganography
• Spam on mobile
• Drive-by-attacks
• PuPs - Potentiall Unwanted Programs

Advance-fee scams

Advance-fee scams, the Nigerian scams, or the 419 scams, involve a mysterious sender offering a huge reward for a small payment—usually a small processing fee to unlock the grand prize. Once the cash is wired to the cybercriminal, he disappears with the money.

Note that the name ‘Nigerian scam’ was put in place as the advance-fee scams originated from Nigeria. However, these types of scams are being done worldwide, and only a small fraction is from Nigeria itself.

Another variant of the advance-fee scam is turning victims into money mules. Scammers describe these as ‘payroll management jobs’ where the victim’s bank account is used to launder and transfer money. In exchange, the victims get to keep a fraction of the money.

Even though these seem easy to avoid, people often fall for them each day due to the tricks used by the scammers. These tricks are social engineering tactics that manipulate a victim by using psychology.

Phishing emails

Phishing is a cybercrime that uses social engineering techniques to steal user data like login credentials and financial details. The most common type of phishing attack takes place through emails. An attacker sends an email pretending to be from a trusted source, tricking the victim into opening the email and clicking on the attached link (or download attachments).

Once the malicious link is clicked, one or more of these things will happen:

• Redirects to a fake website that requests personal information (login credentials, credit card details, etc.)
• Installs malware on your system
• Leads to a ransomware attack by freezing your device
• Revealing of sensitive information
• Installation of software with the intent of stealing information (Keyloggers)

The motive is “why to pick a lock when you can get the key from the owner.”

Malspam

Any malware spread out through spam falls under the category; "malspam." Just like advance fee and phishing scams, this also relies on social engineering techniques. They will trick a recipient into taking actions like downloading attachments, clicking on links, or even opening attachments that infect the user’s device.

The downloadable attachments are usually in PDF, PowerPoint, and Word files with malicious codes (like macros). When attachments are opened, the scripts run, and malware is retrieved from cyber criminals' servers.

As mentioned above, the malware can infect your system to be part of a botnet or be a Trojan. The majority of malware attacks usually occur with the use of Trojans.  

Steganography

While spam has a negative image, steganography is one of the ‘good’ spam applications. This is the practice of concealing messages or information within other non-secret text. Usually, this is to send important information to people.

However, this is not encryption, but it’s a way to secretly hide a message within the texts of spam emails. 

Conclusion

As you see now, spam has been around quite a long time, and it won’t end anytime soon. There are a few things you can do to avoid spam:

• Don’t respond to spam
• Turn your spam filter on
• Turn off macros
• Be vigilant about phishing emails 
• Use two-factor authentication
• Install cybersecurity software

Let us know what you think in the comments below. Happy and safe surfing!