Spam emails still work.
Ironically, as internet security improves — killing off threats like exploit kits — criminals have become more reliant on spam, flooding millions and billions of email boxes, knowing that only a tiny success rate is enough to keep them in business.
And spam works because scammers understand some basic principles of psychology that make “social engineering” — known in real life as a “con” — easy.
Here’s what spammers know about you that helps make their dirty work easy:
1. You probably bought something online recently.
And almost every time you buy something online, it generates at least one email — if not several.
“E-commerce is now so common it only takes a simple ‘Your order cannot be delivered,’ nothing else is needed,” Sean Sullivan, F-Secure Security Advisor, explains. “The amount of spam pushed practically guarantees that numerous recipients will actually be waiting for a delivery. And that serendipity is what short-circuits any amount of awareness training.”
This explains why even after decades of warnings, we’re still falling for spam.
2. You trust your favorite brands.
F-Secure Labs analyzed its spam traps and found these are the companies that are most likely to be spoofed by spammers in the first half of this year.
What do all these names have in common? They’re brands you may love and likely interact with regularly, possibly on a daily basis.
“There are so many people that have relationships with these companies, it makes these the most successful ones to imitate in spam,” says Sean.
3. Enough of us will keep clicking on zip files, attachments and links in spam to keep crooks in business.
Your webmail and work mail are probably pretty good at keeping spam out of your inbox, which counterintuitively makes us more likely to click on the things that can infect us in spam. When we interact with small amounts of spam, we just tend to trust the email that makes its way to us.The old advice you heard to never click on anything in an email you weren’t expecting is as important now as ever. But if that advice were enough, we wouldn’t be writing this post. So also, always keep your system, browser and security software updated.
Your IT team at work can take additional steps to make spam less delicious for criminals.