The Big Business of Spam: How Cyber Criminals are Making Money

Besides being annoying, spam is also a vector for many cyber attacks. Businesses are expending a lot of effort to fight the onslaught of spam every single day. Even then, 85% of all the email per day is still spam, says the 2018 Cisco Talos report. Interestingly though, 98% of all junk email is advertising that companies send out to promote their products and services. The remaining 2% is actual malicious spam propagated by cyber criminals looking to attack businesses and unsuspecting people.

A growing menace

To fight spam, countries around the globe have regulations that even mandate spammers to be prosecuted and jailed. On their part, tech companies are leveraging the latest technology to filter out spam. But, spam is still prevalent—and growing. Cyber criminals are using newer techniques like social engineering to ensure they maximize their exploits with minimal effort. Growing digitization and automation tools are making it easier than ever for cyber criminals to propagate spam at scale and make easy money.

Spam is big business

Spam is used to trick people into downloading attachments loaded with malware, phish out personally identifiable information of genuine people, and launch denial of service attacks among others. Of all spam attacks, phishing is the most dangerous as it results in people sharing details such as account details, passwords, credit card information and so on willingly, which makes it easy for cyber criminals to access the common online services and abuse them for financial gain. Apart from businesses facing losses worth billions of dollars every year, the end users risk data theft, account takeover, and identity fraud. Spam is a big business for cyber criminals. The total costs of spam which includes productivity, energy and technology is a whopping $130 billion, according to Oracle Dyn.

With the increasing use of smartphones, cyber criminals have found another vector to propagate spam and target mobile users. Robocalls and SMS-based spam are now commonplace and have resulted in nearly $3 million worth of fraud.

Protecting against spam

Prevention is by far the best remedy to protect against spam. Do not respond to spam. For when you click an unsubscribe link on a seemingly harmless mailer, the cyber criminal gets the confirmation that the email address is active and being regularly used. By responding you validate your details, which makes you an ideal candidate for more spam. Similarly, when you press a digit to opt-out, you are validating your mobile number and inviting more spam. Answering a spam call can be particularly dangerous as cyber criminals can record your voice and use it to authorize transactions you never initiated or as authentication for new account opening.

Do not enable macros. When prompted to enable them while opening an attachment, simply click “no”. Double-check the sender's email address and verify a link before clicking it open.

Another method to fortify your defenses is to use two-factor or multi-factor authentication which provides an additional layer of security to your account. Yes, it adds a bit of friction to your online user experience, but it's better safe than being sorry.

The article has been written by Neetu Katyal, Content and Marketing Consultant

She can be reached on LinkedIn.