“No one likes spam email, but malware spam is even worse.”
True, that. Malware spam’s real world equivalent would be junk mail with an envelope of anthrax taped to it.
The practice of spreading malware through email spam has been rising in popularity among cyber criminals. In fact, it was the most common method cybercriminals used to spread malware in 2018, according to F-Secure Labs, accounting for 9 out of 10 infection attempts throughout the year.
Its return has a lot to do with improved security of operating systems and browsers, which has left malware authors with fewer alternative avenues of exploitation. The number of active exploit kits, which take advantage of security holes in software so malware can infect a machine, has decreased by 87 percent since 2013.
When criminals can’t slip in through technical means, they’ll switch to targeting the user of the machine to try to convince YOU to let them in. They’ll do it however they can – even if it means using spam email to piggyback on recent tragedies like the Boeing 737 Max crashes.
As reported last month, a new campaign of spam emails pretends to attach a file with leaked information about other airlines that will soon experience similar crashes. Who wouldn’t want to be privy to that information? Instead, however, the attachment installs Trojans that steal information and allow criminals to remotely access your computer.
Another common spam technique is to leverage major holidays or other timely events such as tax filing season. For example, with the April 15 tax deadline looming in the US, a recent campaign pretends to attach important tax documents. Instead, however, the malicious attachment installs the Trickbot banking Trojan, which hijacks your online banking sessions.
What can you do to stay on guard against malware spam?
“My advice would be, stop clicking on things,” says F-Secure’s Janne Kauhanen. While his advice may be a bit tongue-in-cheek, the gist of it is right on: If you don’t click on a spam email attachment, it can’t infect you. For more about malware spread by spam and how you can avoid it, get it straight from the experts in this video.