Is Personalized Spam Effective?Written by Jeff on June 19, 2012
When researching spam trends and news stories I occasionally come across a story where the trends, statistics or focus are absolutely startling to me.
This happened when I read an article on securitynewsdaily.com claiming that personalized email advertisements were the most hated kind of spam. The article, highlighting the research of the Temple University’s Fox School of Business Management, showed that 95 percent of all people in their study claimed that when they received a personalized advertisement by email – one that addressed them by name – they were turned off.
According to Sunil Wattal, Assistant Professor of Management Information Systems, this distaste for personalized email advertisements is rooted in the consumer’s fears regarding privacy invasions on the part of companies who collect information.
“Given the high level of cyber security concerns about phishing, identity theft, and credit card fraud, many consumers would be wary of e-mails, particularly those with personal greetings,” Wattal and his co-authors, Rahul Telang, Tridas Mukhopadhyay and Peter Boatwright from Carnegie Mellon, wrote in the study.
Are people wising up?
The most promising aspect of this study is the fact that the sample size was so large.
Many times when you see percentages thrown around, the size of the sample could be less than a thousand participants. However, in this case the number of people who received marketing emails as a part of this study was 600,000 with over 10 million email messages sent.
Those numbers, they seem quite promising because it means that people are starting to pick up on some of the more serious threats that can be delivered via email. More importantly, they are starting to see that personalization doesn’t mean that they are safe. Cyber criminals may have to start modifying their methods as a result. Especially since spammers seem to be ramping up their efforts to swipe confidential information from their victims.
Why personalized spam is so dangerous
Personalization appealed to cyber criminals who relied on spam because it grabbed the recipient’s attention right off the bat.
Thinking that, “Hey it’s addressed directly to me so it can’t be a mass mailing (spam),” meant that people easily fell for the scam and clicked on links that were sent to them via spam. Those who work with email know just how easy it is to have an email list that contains names along with addresses so personalization is rather easy. Even for spammers.
And that becomes scarier for email users as big brand names such as PayPal, facebook, TAM, AOL and JP Morgan Chase lead the way as the most popular targets for phishing attacks. And when you add personalization to that type of attack, the bait becomes even more appealing to the recipient.
Avoiding the scams
Knowing that just because you are addressed as an individual doesn’t discount the possibility that the message is spam is a start. But it’s not the only precaution you should take against the litany of phishing scams and other spam that makes the rounds.
There are other things you should be doing. If an email looks suspicious to you, running through this checklist may make it easier to tell if it is legitimate or nothing more than an attempt at your account information.
- Check out the To: field. Does it contain your email address? If not, treat it as a red flag.
- Copy a portion of the message itself and paste it into Google’s search box. If you see warnings related to this content, delete the email. No questions asked.
- Is a URL shortener used? If so, steer clear until you use something to preview it. Extensions are available for most browsers that allow you to see just where a URL goes before you click.
- Are you being asked to sign a petition? Or forward a petition on to your friends? If so, the message may be spam. Ever since organizations started collecting names for online petitions, spammers have taken note. It’s an easy way for them to redirect victims to malicious web sites by masquerading as a cause they believe in.
- Are you being told you need to update your account information? While this may seem as old as the Nigerian Prince scam, it is still used by cyber criminals all over the world because it still works. If you need to update your account information visit the website directly, don’t follow a link sent to you through an email.
While all evidence shown in the findings of Temple’s study show that people are getting wise to the techniques used by spammers, it doesn’t mean that the fight is over.
As we have seen in the past it only means that the scam artists will simply get more creative in how they approach their victims.