Why We Still Need to Stop SpamWritten by Jeff on February 7, 2013
There was an interesting post on Lifehacker that spoke of Gmail’s new ability to make spam emails that you receive from friends as suspicious. By marking the email as suspicious it will collect data to help prevent the hacking of email accounts. If the source is an abandoned email address the recipient can click the, “Message is just spam,” button and the address will be removed from the contacts list.
Both are great tools to protect against email accounts that have been compromised and are being used to send spam. This is a growing problem that happens all too often and can often be identified when a friend’s email sends a message to you and a small group, usually in alphabetical order from the contact’s list, with nothing more than a link in the body of the message.
But aside from this being a great way to keep you from having to sort through piles and piles of junk email messages, keeping illicit email out of your inbox can also help keep your computer, and all of your resources and information, safe.
Over the past few days, there has been quite a bit of noise regarding hackers breaking into the computers of large news organizations like the New York Times and the Washington Post. Both breaches are being traced back to spear-phishing emails that someone opened, fell for the bait and compromised the network.
Generally, these types of attacks are highly targeted and after corporate or government secrets. But don’t fall into a false sense of security thinking that you are not being targeted. While spear-phishing attacks are aimed at an organization, phishing attacks haven’t stopped using spam to target the individual. And what happens should you fall victim to a phish? Well let’s take a quick look and see…
Your computer becomes infected with malware
When people wonder how those botnets that send spam or launch denial of service attacks get so big they need not look any further than their email. Sending out mass emails that contain malicious attachments is one of the easiest ways to infect a computer. When the recipient downloads what they think to be a file or an update, a malicious program is installed as well. Many times, this turns the computer into a zombie but the malware could also be a keystroke logger that captures usernames, passwords, account numbers, credit card numbers, etc. It could also steal your email login information and use your account to send spam to your contacts; just like what Gmail is trying to stop.
Another way they can infect your computer is to provide you with a link to a site promising something. When you visit that site, your computer is infected by what is called a drive-by-download. In this case, the website delivers the malware to your computer through a script hosted on the page.
You give up the goods
Phishers also have the ability to get your information without having to install malware on your computer. By sending out millions of emails that instruct users of a certain website, social network or payment system that they need to login and change their password they are likely to get some people to do as they are told. Only they are not really logging into the site they think they are. It is a fake site setup by the hacker to capture all of that information.
You buy junk
While phishing scams try to take things from you, traditional spam is still out there trying to persuade you into spending money. While some spam campaigns feature snake oil products or get rich quick schemes, there are times where the spammer is promoting “legitimate” products such as pharmaceuticals, mortgages or loans. People click on the link and some people buy or fill out the form. When this happens the spammer makes some money. When it happens enough times, they make a lot of money and keep spamming.
Spam and phishing mails are still a huge problem. And while some people make that claim that they are not as prevalent as they were years ago, I know most users would agree that they still spend far too much time dealing with spam.