How to spot SPAM and stop it in its tracks
- Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
1.1 Unwanted or intrusive advertising on the Internet. Source.
We’ve all received SPAM of some kind. The majority of SPAM emails are not particularly malicious. They’re often from senders we don’t know who are trying to sell us something and the rest tend to be product promotions, newsletters or incentives from companies we’ve dealt with before. On the flip side, a certain percentage malicious emails are sent to try to coerce us into downloading a virus or visiting a malicious website. The exact amount of malicious SPAM you receive often depends on how widely distributed your email address is, and how many measures you have in place to prevent SPAM in the first place. SPAM is an unfortunate by-product of living in the digital age, and it seems as if the tactics used in cyber crime get more sophisticated as time goes on.
Marketing SPAM may be irritating, but it’s mostly harmless. You can delete it and carry on with your day. A lot can be done to prevent it, but that’s another discussion. For the purpose of this article, we will be discussing malicious SPAM. Malicious SPAM emails are sent to entice you to download or click your way into an online trap. The people who send these emails often hide behind false identities such as a bank or building society, iTunes, Paypal etc. By pretending to be someone they’re not, we are more likely to take the bait and take the action the sender intended us to. The techniques cyber-criminals use become more and more sophisticated every day. This has, in part, lead to an unprecedented increase in the number of information security threats we face on a daily basis.
How to spot SPAM emails
The image above shows a snapshot of some SPAM that was automatically filtered by my Gmail account. The lines I have grayed-out are from companies I don’t know who are contacting me and from companies I have dealt with in the past, but whose emails have been SPAMMED because they’re highly sales/marketing focused. My best guess is that some of the companies I don’t know are third parties or affiliates who I have inadvertently given permission to contact me when I signed up for something online. The email I’ve highlighted in yellow is the one we’re interested in for this example. It contains a malicious file. The email managed to sneak through my email filter, but was fortunately separated from my main inbox and marked by Google’s automated SPAM filtering. I have included it to demonstrate a classic example of what a SPAM email looks like. The subject reads “You’ve won!”. Enticing? Yes. Legitimate? No.
When the email is opened, Gmail gives a clear warning: “Be careful with this message. Lots of other people have marked similar messages as phishing scams, so this might contain unsafe content.”. The email contains no content but does contain an attachment which is most likely to contain a virus, trojan, malware or some other malicious program which intends to infect my computer. This is a classic example of malicious SPAM for the following reasons:
- I don’t recognise the sender
- It comes with an all-too-enticing subject line
- There no other identifying features e.g. an unsubscribe button or contact details
- It contains a file that I’m not expecting to receive
- The sender name “B M” does not match up to the senders email address
In this case, I’m fortunate that Gmail has warned me about the file and that I know from experience to be vigilant. This is a major advantage of using Google Apps cloud email and other email services that come with similar features. Google Chrome is also a handy tool to use as your Internet browser because it will warn you when you visit a potentially dangerous website (see the example further down). As the techniques used in these emails become more and more sophisticated, it’s incredibly important that you are on your guard at all times when handling SPAM email.
This example email was sent to a personal account I use regularly. This one gets top marks for craftiness. Legitimate look? Check. Legitimate affiliation? Check – it claims to be from PayPal (who’s services I used regularly). By all accounts, this email looks pretty legitimate, and leads me to sign into the resolution centre with my account information so I can resolve the issue. From experience, I know that I shouldn’t follow the link. Upon closer inspection, I see that the link to the resolution centre isn’t as legitimate as it appears. By right clicking on the link, I can select “Copy Link Address”.
I then paste the copied link address into a text file and I can see straight away that the link is clearly not for PayPal. This provides an excellent example of how these malicious SPAM emails work. They pose as someone they’re not to try and get you to part with valuable information or to get you to download a virus, ransomware or something else that will allow the sender to meet their goals. One of their main goals is to get you to hand over details that will allow them to take money from you. Malicious SPAM emails are a gateway that allows criminals to steal from you.
Google even has a neat warning stating “This site may be hacked.”. What appeared to be a link to PayPal is fact a link to a completely unrelated site, whatever it may be. This is by no means an exhaustive example but it demonstrates exactly how malicious SPAM emails work. They may offer an enticing incentive, they may try and scare you. They can use any inexhaustible combination of techniques but the fact remains that they attempt to lead you into doing something you don’t mean to do. When they use such sophisticated and misleading techniques, there’s no wonder that human error is directly involved in 95% of information security incidents!
Tips to avoid being caught out by SPAM
If it seems to good to be true, it probably is.
Be wary of any emails that offer free prizes or incentives, especially when you haven’t signed up for anything. As we saw in the example above, a SPAMMER will go to any lengths to get you to do something.
Don’t give your personal details through an email link claiming to be a legitimate organisation.
Practically all banks specifically state that they will never ask you to do this. If you aren’t sure and you’re worried that something may genuinely be wrong, it’s best to contact the concerned organisation directly. Use the contact details listed on their genuine website.
Don’t open emails from senders you don’t recognise.
If you do, use extreme caution and follow the guidance in this list.
Don’t open email attachments you weren’t expecting.
As in my example above, you never know what you might be downloading.
Look out for incorrect spelling or poor grammar.
It’s highly unlikely that a legitimate organisation will send you an email that’s full of incorrect spelling or poor grammar. This is especially true of large corporates. Be careful with emails that fit this criteria, especially if they try to direct you towards a website or if they contain an unexpected attachment.
Beware of email that poses as a Government Agency.
I’ve seen a number of examples of this in the past. The email will pose as an organisation like HMRC or another Government agency and will try and coerce you to take action, typically through scare tactics. Most government agencies will contact you by post, so if you suddenly receive an unexpected email from an alleged government agency, be extremely vigilant.
Setup a separate email account for when you signup or shop online.
If you regularly shop online with a lot of different websites or if you routinely sign up to newsletters or similar, it’s worth setting up a separate email account specifically for these purposes. Use your main email account for anything important, and a separate account for anything unessential. This can help to prevent your important email account from being shared with third parties or senders you didn’t ask to be contacted by (this shouldn’t happen but it does!).
It’s very unlikely that someone is going to casually contact you via email unannounced if there’s a genuine and urgent problem to be addressed. This is particularly true of banks, which are a major false-front SPAMMERS use. For example, I have received a number of SPAM emails claiming to be a range of banks. Some I have used, and some I’ve never engaged with. Considering there are only a few major banks in the UK, the chances are pretty high that a SPAMMER will reach you claiming to be your legitimate bank. If you get an email you’re not sure about, contact the organisation you genuinely use and double check with them. They will be interested to know who is impersonating them and you may even help prevent the sender from targeting other people.
Watch out for email addresses that don’t match up with the name of the sender.
As shown in the example above, SPAMMERS will pose as anyone they want to trick you into engaging with the email. This technique is not 100% reliable because the email address the email was sent from can often appear to be legitimate. If you’re not sure, don’t click on any links in the email and delete it. To reiterate, if the email is that important, you’re probably going to know about it already. When in doubt, call the legitimate company the SPAMMER is pretending to be to double check. Remember not to give personal details over the phone.
Report spam to the company that’s being impersonated.
I recently contacted Apple after receiving an email stating I had signed up for some ludicrous subscription or other. Of course, I was asked to log into my iTunes account to rectify the issue. Apple asked me to forward any SPAM claiming to be sent by them to firstname.lastname@example.org. Many other organisations have similar departments who are focused on combatting these senders who are breaching the law through impersonation.
Keeping your business secure
Install a reliable anti-virus and anti-malware application.
If you run into a malicious email and accidentally download something you shouldn’t, your anti-virus and anti-malware can help protect your computer and network from an attack. This can also help you remove any infections you may run into along the way.
Use an email client with built-in SPAM filters.
Google Apps comes with built-in SPAM filters. This is by no means 100% foolproof but I have seen the amount of SPAM I receive reduce drastically since I’ve been using Gmail. While no solution can guarantee your protection, these prevention mechanisms will go a long way. It’s still incredibly important to be as vigilant as possible. Expect SPAM and know what to look for when it arrives.
Regularly install patches and updates to keep your network up to date. It’s worth scheduling this to happen automatically or at the very least at regular intervals. Updates are released in response to known application faults and emerging security threats, so remember that they’re there to protect you.
Use a dedicated firewall.
A firewall goes a long way toward protecting your network from attacks through the internet. This will prevent unauthorized access to your network and you can configure it to work for you. If you’re not sure, seek professional help. If you’re based near Hertfordshire, Bedfordshire, Buckinghamshire or London we can help you. Contact us.
Isolate problems when they occur.
If a device is infected, remove it from the network. This will help to prevent malicious programs from spreading through your network like wildfire. Disconnect an infected device from the Internet as soon as you suspect there may be a problem. If your device is disconnected from the Internet, there is no way your data can be transferred or your details stolen. Be aware that this may not prevent your device from being vulnerable the next time it is connected to the Internet.
According to IBM, human error is involved in 95% of security incidents. People aren’t always on their guard, so it helps to spread the word and let people know about the kind of threats that are out there. If you get a suspicious email, let people know so they can avoid opening a similar one. Spend some time showing people what they should be aware of, and consider professional training for your workplace. Prepare for the fact that you’re likely to be targeted, and you’re already half way there.
Have safeguards in place.
Ensure you have a backup and disaster recovery in place in case your network is compromised. If you’re attacked, you will have a plan in place and a backup in case you need to wipe a computer to remove an infection. In most instances, infections can be safely removed without wiping a computer completely, but you’ll thank yourself for having a backup if you need to wipe a device to its factory settings.
Seek professional assistance.
Engage with a professional company who manages information security on a daily basis. It pays to work with a company that knows what they’re doing, particularly if you’re concerned that your business doesn’t have appropriate security measures in place. Professional companies like iQuda make it their day job to protect their clients from information security threats, so it’s worth outsourcing this area of your business.