We all get unsolicited commercial emails, aka SPAM. Cisco’s Talos estimates that in January 2021 86% of emails sent were SPAM emails. That means that of the almost 145 billion emails sent 122 billion were SPAM email. The math works out to over 6 SPAM emails for each legit email. At best SPAM is annoying. At its worst, SPAM can be a threat to your PC and your personal information. SPAM email is a threat because 94% of malware is delivered by email, and one in every 3,000 email messages contains malware a payload.
SPAM email is big business
SPAMers can make millions per year. TechRadar says an average full-time SPAMer makes around $7,000 a day – over $2.5 million a year. They can make this kind of money because email spam costs them very little to send. Most of the costs of SPAM is paid by the recipient and the carriers. The SPAMers do not have to pay for all the internet bandwidth tied up in the delivery of their spam emails.
SPAMers send out millions of messages on behalf of online merchants who want to sell a product. SPAMers get paid for sending SPAM email messages, regardless of whether recipients buy any of the advertised products. They also re-sell their SPAM emails lists to other SPAMers. SPAMers can get up to $22,000 for a list of stolen email credentials. In some cases, these cybercriminals also get a percentage of the sale. For pharmaceuticals, the commission can be as high as 50%. A good example is “penis-related spam” which has a 5% click rate, meaning that 5% of the recipients actually open the spam mail and click on the link in the mail.
Why you get SPAM emails
There are a number of reasons why you get SPAM emails.
You are the victim of a data breach. Any company you do business with could be vulnerable. Check haveibeenpwned to see if your account has been compromised – smaller breaches might not be listed.- You posted your email address online. You put it on Facebook or other social media, on a website, or as a public comment. Once on the web, your email is considered fair game for SPAMers.
- At some time you opted in or neglected to opt out. When you signed up for something, buried somewhere was that little checkbox. You didn’t indicate you’d rather be left alone. The service for which you opted-in is either inundating you or they shared your email address with interested parties.
Never unsubscribe from a SPAM email
So how do you stop SPAM from flooding your inbox? The first step is do not unsubscribe from SPAM. Ignore the convenient “unsubscribe” button at the bottom of the message from the Nigerian prince. The “unsubscribe” button is a scam. The cyber-criminals to get more info about you and increase the number of SPAM emails you receive.
1. When you unsubscribe, you confirm to the sender that your email address is valid and in active use. SPAMers now know the account is active and the volume of SPAM you receive will most likely go up. Now that you have validated your address, the SPAMer will sell it to his SPAMer friends. Now you will get SPAM from a completely new source.
A Federal Trade Commission study found that more than half the time, responding to a “remove me” option resulted in either no change or more spam emails.
2. In addition to giving away your email address, unsubscribing delivers lots of information about your email software. Emails contain meta-information that hackers can use to devise attacks.
3. When you respond to the SPAM email, SPAMers think you are interested in the subject matter—whether it’s getting money from a foreign prince, a penny stock tip, or a diet supplement.
4. If your response opens up a browser window, you’re giving away even more information about yourself. By opening a browser SPAMers learn information about your:
-
- Geographic location,
- Computer operating system,
- Web browser.
Additionally, the SPAMer can give you a cookie. A cookie allows the attacker to track you across any other websites they own. They will be able to identify you personally.
5. Worst of all, if you visit a website owned by a spammer, you give them a chance to install malware on your computer, even if you don’t click anything. These attacks, known as drive-by downloads, can be tailored to use exploits the SPAMers knows you’re vulnerable to—thanks to the information you’ve shared about your operating system and browser.
How to stop SPAM email
Use SPAM filters – SPAM filters work by looking at the nitty-gritty technical details of the email. What it’s about. What it says. How it says it. How many other people are getting that same email message? If it looks like SPAM, then the email is placed in your SPAM or junk mail folder instead of your inbox.
If you’re using webmail, like Gmail, Outlook, or Yahoo!, then you have a pretty good SPAM filter already. Gmail claims their SPAM filtering machine learning algorithms are 99.9% accurate.
You can improve the default SPAM filters. You need to train your SPAM filter. To train your SPAM filter – report SPAM every time that you find it in your inbox. Whether you use, Gmail Yahoo, Outlook or Thunderbird, you should take the time to learn and understand its SPAM filtering features.
When you flag an email as SPAM, your email app will use this information to refine its spam filter. The SPAM email filter will automatically get better at detecting SPAM emails in the future. This could be either globally if enough other people say the same things about emails like that. Keep flagging SPAM emails and the number of SPAM emails in your inbox should decrease – perhaps dramatically – over time.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Even after a year of working from home – some things never change. One of them is buzzwords. 
Join the National Cyber Security Alliance – and LinkedIn on January 28, 9 a.m. for the signature video conference event Data Privacy in an Era of Change. It gathers data privacy experts from industry, government, academia, and non-profit for keynotes, panels, and discussions on current topics in data privacy – Register