From time to time a customer, friend or family member will ask me about spam.  The conversation will follow a fairly predictable path from “Why do I get so much spam?” all the way to “How do these spammers make money anyway?”  It is a big question with lots of different answers so usually I will just walk them through one specific example of a spam technique and how it can result in profit for the spammer.

Today I was forwarded some spam by a customer wondering whether it was legitimate or not and so came across one excellent example of how a spammer can profit from their malicious endeavors.

Slipping Through the Defenses

The first step towards profit for a spammer is email delivery.  With many businesses and home users protected by anti-spam systems, a spammer needs to either blast out so much junk email that they eventually find an unprotected email address, or they need to craft their email such that it passes through a spam filter undetected.

In this case the latter was true, which actually raised the perception of authenticity to the end user who was not used to very many spam emails reaching their inbox at all.  The quality of the writing also caused it to slip through the recipient’s own mental defenses, convincing them that it was legitimate and that they should follow the actions it suggested.

This spam email contained a link to an affiliate landing page for a piece of utility software.  The domain name included a well known brand name for this particular type of software.  Everyone uses this software, or something like it, so an email announcing a new version of it would appear relevant to most people.

The Affiliate Landing Page

For those that are new to the topic, affiliate marketing is basically a system whereby marketers will promote various products or services in return for a commission on a per-sale or per-lead basis.  Affiliate marketing systems are not necessarily scams, it is a thriving and legitimate business online and many household names on the web have affiliate programs in place.

The landing page for this affiliate was very professionally designed and would lead most people to believe they were on the official website for the software in question.  Only a small disclaimer at the bottom of the page says otherwise, “This website has no affiliation whatsoever with the owner of this software program and does not re-sell or license software“.As with all sales pages this one contains a simple “Download Now” call to action.  If the user has already been tricked into visiting the website from the spam email then this call to action would likely be successful and result in a click.

How the Spammer Makes Money

Having tricked the email recipient into visiting the website, and then clicking the “Download Now” link, the spammer can begin to make his money.  This particular spammer has three ways to make money out of this one single spam email, thanks to the way the website is set up.

Firstly, the website collects name and email address details as step 1 of the download process.  Every software company in the world is doing this these days, so most people are conditioned to giving up this information for free downloads.  Cleverly the spammer keeps this part of the form separate from what comes in step 2.

Even though the spammer reached the victim via email to begin with that doesn’t mean this information is not worth money to them.  Spammers often target large lists of unverified email addresses with very low success rates.  By collecting email addresses via a web form the spammer builds a much more reliable mailing list to target with further spam emails, or to on-sell to other spammers (either of which makes them money).

Brazenly the website “fails” the first email address submission and requests it again.  At worst the spammer gets the same details entered again, but the best case scenario for them is the person tries a different email address of theirs thereby giving up two real addresses to the spammer.

In step 2 the website offers a membership subscription to the visitor.  The membership is for access to some vaguely defined technical support services, how-to guides, and lists of “useful” software.  Such content is easy to produce for a very low cost so any signups that they receive are profitable.  The content itself is often usually based on further affiliate programs earning them more commissions for any other software they can convince you to download and purchase.

As an added bonus the spammer also offers a download of an “internet accelerator”, which usually means some spyware or a browser toolbar that will pop up advertising on the victim’s computer and generate revenue for the spammer through clicks.

Whether or not the victim signs up for a membership during step 2 is irrelevant.  The email address they provided in step 1 contains a download link for the software originally promoted on the spam email.  This link includes the spammers affiliate code so that they are credited with the commission when the trial software expires and the victim potentially goes ahead with purchasing it.  Regular people will reach for the credit card to get rid of the nag screens that frequently pop up on their screen.

An All Too Successful Business Model

By now most friends will be stunned by the apparent complexity of the spammer’s business model, but really it is quite simple.  The spammer buys or builds an email list, chooses some software to promote, and uses various tactics to try and ensure that they either receive verified email addresses to target with more spam or they receive affiliate commissions for any software that is purchased as a result of their spam.  For the icing on the cake they also throw in the membership scheme and the “internet accelerator” download offer to try and maximize their success rate.

A simple affiliate marketing scam that all starts with a spam email.