Spam refers to irrelevant or unwanted messages, mainly in the form of emails, SMS, URLs, or notifications that are sent to a large number of users by unknown entities. A surge of spam can inundate email servers, making readers miss out on the crucial messages they need to see.
While most spam is just a nuisance, criminals can use it to unleash malicious attacks. For example, scammers send spam to gain illegal access to devices and compromise your systems by unleashing phishing attacks or spreading malware through the system.
In this article, we will walk through the various types of spam, how to identify them, and the steps you can take to fight them.
Table of Contents
Types of spam
Though spam began primarily as an email phenomenon, it is now widespread in many forms, from SEO and social media spam to smishing spam and malware spam.
SEO spam
SEO spam, otherwise known as “spamdexing,” is a form of spam where hackers use SEO spam to inject websites with spammy links and build backlinks to their scam websites. This is a shortcut way for scammers to inflate their organic search engine rankings in a short span of time.
SEO spam is a common form of website attack, with a Sucuri report noting that SEO spam is one of the fastest-growing infection trends. For instance, in 2018, almost 51% of website attacks were related to SEO spam.
Social media spam
With increased social media usage, spammers have found a golden opportunity to target users on these platforms. The motive behind social media spam for hackers is to amplify traffic or revenue for a spammer’s website.
In an effort to measure social media spam, content marketing agency FoundationInc teamed up with Question Pro and Orbit Media. Among other findings, the report revealed that:
- Social media accounts like Facebook and Instagram are the most spammy.
- 60% of users get spam DMs.
- 20% of users get spam DMs every day.
- Users on LinkedIn get fewer spam messages.
Smishing
Smishing (a portmanteau of SMS phishing) is a phishing attack where scammers send phishing messages through SMS to users on their mobile devices. Smishing messages can also be delivered via popular text messaging platforms like WhatsApp, Messenger, Viber, Snapchat, and Skype.
Hackers use social engineering techniques to manipulate users into clicking on malicious URLs. Smishing is a popular method for delivering spam, as users have a higher level of trust in messaging platforms than in emails.
Malware spam (malspam)
Malspam or malicious spam is usually delivered via spam or phishing emails and gets activated when users open infected files and get directed to malicious delivery sites.
Threat actors use spoofing techniques (impersonating a trusted entity to make users open or click an email) and deliver malware like Trojan horses, keyloggers, spyware, and ransomware to a user’s device.
The deadly Emotet malware that infected more than a million computers and caused billions of dollars of damage worldwide is a case of malspam.
Chain letter spam
Another kind of spam is chain letter spam, which encourages multiple people to forward messages to other email users. Fraudsters capitalize on human greed and entice them into forwarding chain messages.
Money spam is another example of chain letter spam that is sent to multiple people, promising them huge sums of money in return for a small investment. “Nigerian prince” fraud scams are a well-known example of money spam.
How to recognize spam
Today’s email clients are growing more effective at identifying and filtering spam — but as anyone who has had to go searching in their Spam folder for an important personal email knows, they’re not perfect.
No matter how much we try to avoid it, all of us, at some point in time, have fallen victim to spam. After all, spammers are experts at making spam emails look credible. Fortunately, certain indicators can help you detect spam and avoid clicking on it. Here is how you can identify spam.
Generic greeting messages
Spam emails usually begin with generic greetings like “account holder,” “dear sir,” “valued customer,” etc. A legitimate sender will address you by your name instead of a copy/paste generic greeting.
A forced sense of urgency
More often than not, spam emails create a sense of urgency and demand the reader take action immediately. According to a study by KnowBe4, phishing emails with the following subject lines had the most clicks:
- IT Reminder: Your Password Expires in Less Than 24 Hours (12%)
- All Employees: Update your Healthcare Info (10%)
- Change of Password Required Immediately (10%)
- Revised Vacation & Sick Time Policy (8%)
- Quick company survey (8%)
- Email Account Updates (8%)
Poorly writing and grammar
Professional organizations don’t send emails containing poorly worded sentences or with evident spelling mistakes. If you notice any of the above, it could indicate a spam email.
Forged domain name
Threat actors will modify the spelling of the address field to make it difficult to distinguish from a legitimate source at first glance. This technique is called email spoofing, where scammers impersonate a legitimate email address to fool users into clicking on the mail and possibly sharing vital info.
For example, PayPal might be written as Paypal, or Walmart might be spelled as WalMart. A rule of thumb is to check the domain name for spelling mistakes since trusted companies will never go wrong with their spelling.
Unknown attachments
A safe cybersecurity practice is never to download unknown attachments from sources you do not know. Be careful when downloading them, as it may result in malware being downloaded on your device and causing damage.
Be especially cautious with file attachments like .vbs, .exe, .js, or .scr. Since executable files like .exe can install files on your computer, they can be used to easily infect computers with malware.
Tips for preventing spam
In 2022, approximately 53% of worldwide email traffic was spam, with Google alone blocking around 100 million spam messages every day. If you are fed up with the never-ending stream of junk emails clogging your inbox, here are some quick and easy tips for dealing with them.
Don’t share your email address too widely
We freely share our email addresses without thinking much about it, whether signing up for newsletters or company coupons or sharing it on social media. Each time you do so, however, you’re increasing your chance of exposure to hackers and spammers.
To be on the safe side, it’s better to keep your email address private and share it only when it’s necessary to do so. You can create a “dummy account” only for generic subscriptions and company signups, or better yet, use a temporary email address — there are lots of free hosting options available online.
Obfuscating your email ID or using email aliases will improve email security and prevent your ID from falling prey to email harvesters.
Beware of suspicious emails
Be wary of suspicious emails from unknown people or ones that invoke a sense of urgency. If anything seems off, simply delete the email instead of opening and engaging with them, as doing so increases the chances of you receiving even more spam.
Don’t respond to spam emails
Never reply to emails that you suspect may be spam. When you reply, it confirms that your email account is active, making the spammer target you with more spam. Instead, you can either block the sender, or, if you are unsure, independently email the relevant party from your address book or the company’s contact page to ensure you are dealing with the correct people and not a spoofer.
Use a third-party spam filter
Most likely, your email service provider already uses a spam filter to filter out spam messages. But for additional security, invest in a third-party spam filter. Spam filters use instance-based or rule-based algorithms to parse the contents of an email before sending them forth. With two spam filters working side-by-side, you can rest assured that even if spammers manage to breach one filter, there is still another one to catch it.
Report spam emails
Flagging junk email as spam is another step you can take to prevent excessive spam from landing in your inbox. Reporting spam emails will alert your mailbox provider about the spammer’s activities and prevent them from contacting you further.
Create a new email ID
You may need to create a new email address if you have tried all the methods but still receive excessive spam messages. Once you have created a new account, you can notify all your contacts to let them know you have a new email ID.
Bottom line: Avoiding dangerous spam
While not all forms of spam are dangerous, excessive spam leads to bandwidth expenses, productivity loss, and other unseen costs. And that’s not to mention the cybersecurity challenges that phishing emails pose. Although there is no way you can stop spam entirely, you can still restrict the amount of spam you receive by adopting the steps outlined above.
One of the most important steps to protect your network and your endpoints is installing an effective firewall. Here are the best firewalls for SMBs — and the best firewalls for enterprises.