The role of email spam in 2023 for cybercrime

After a notable cyberattack in November disrupted routine operations, including appointments and registration, billing, patient care records, and lab reports, India’s leading medical institute nearly came to a complete halt. On the megahospital’s primary and backup systems, the attack corrupted files and data. Chinese hackers recently used two phishing emails to launch a cyberattack on the AIIMS systems. Out of 100 physical servers, five were infected, and more than 3 crore patient records, including those of prominent politicians, were compromised. Chinese online crooks requested approximately Rs 200 crore in cryptocurrencies.

Further, the word “spam” has its roots in a well-known Monty Python Flying Circus sketch in which the canned meat product Spam is repeatedly mentioned. However, the ascribed connotation is that of an unwanted item distributed in large volumes. Spam mail is an extension referring to email distributed in large volumes and often without the consent of the recipient. Sources of spam include humans or botnets (a collection of malware-infected machines under the control of an attacking bot herder). The objectives of spam can range from promotion and marketing to financial gain. Common spamming techniques include botnets, snowshoe spam, blank emails, and image spam. The common types of spam include commercial advertisements, antivirus warnings, spoof emails, sweepstakes or lottery winners, and money scams.

According to various reports, spam emails account for more than 50% of all mail sent globally, with nearly 26.5% of those used for fraudulent financial gain. Spam mail has an impact that extends beyond mailbox sizes and includes losses for individuals and organizations. In H1 2022, business email compromise (BEC) attacks like payroll redirection and invoicing fraud affected 77% of organizations. The menace of email spam can be managed using a two-level approach that begins with end-user awareness and ends with server-level deployment of anti-spam tools, including anti-spam software. A systematic way to build a good cyber posture is to keep training users and updating anti-spam tools on a regular basis. This builds a good reputation for both the domain and the sender email addresses.

1. Email Spam

Most spam is sent with the intention of making money. They can be sent in bulk by networks of infected computers known as “botnets.” Spam is generally disliked by most people, but they accept it as an inevitable outcome of email communication. If spam isn’t constantly filtered and deleted, it can clog email inboxes, but it can also be harmful.

Email spammers often modify their strategies and language to trick potential victims into downloading malware, divulging personal information, or making donations. Spam emails almost always have a commercial or financial motivation. Spammers try to promote and sell questionable products, make inflated promises, and deceive recipients into believing something is true.

A well-known Monty Python Flying Circus sketch in which the canned meat product Spam is often mentioned gave rise to the term “spam.” It’s a common misconception that the term “spam” refers to “stupid, meaningless, irritating malware.”

2. Motivates People to Send Spam Email

Spam email is frequently sent for business purposes. Many companies still use spam, despite the fact that some people think it’s unethical. Businesses may continuously send out large numbers of emails since the cost per email is so low. Another possibility is the harmful attempt to enter your computer through spam email.

3. Spam Email is Risky

Email spam can be harmful. It might contain harmful links that can install malware on your computer. Delete links to spam. The urgency of dangerous spam emails can make you feel pressured to take action. Read on to discover some of the fundamental spam categories.

4. Common Spamming Techniques

Spammers employ a variety of methods to send spam, such as the following:

• Botnets
Command-and-control servers can be used by spammers to get email addresses and send spam through botnets.

• Snowshoe spam
In order to deliver spam to a large number of recipients, spammers employ a large number of Internet Protocol (IP) addresses and email accounts with a good reputation.

• Blank email spam
Sending an email with a blank subject line and message body is the method used here. By finding incorrect bounced addresses, it might be used in a directory harvest attack to validate email addresses. In emails that appear to be blank, Hypertext Markup Language (HTML) code that is occasionally used to propagate viruses and worms can be found there.

• Image spam
The email body contains a JPEG (Joint Photographic Experts Group) or GIF (Graphics Interchange Format) file that contains the message content, which is computer-generated and unreadable to human users. By using this technique, text-based spam filters attempt to be missed.

5. Common Types of Spam

• Commercial advertisements
The CAN-SPAM act’s rules apply regardless of whether an email message is spam or a legal advertisement. When businesses obtain your email address as a free way to market to you, they frequently subscribe you to their newsletter by default. To opt in or out of receiving marketing emails, look for a checkbox whenever you fill out an online form. While some of these emails may be bothersome, the majority are innocuous, and by law, they must offer a clear unsubscribe or opt-out option. If you’ve unsubscribed but are still getting spam, change your email settings so that you don’t get messages from the sender’s address.

• Antivirus warnings
Ironically, spammers frequently use antivirus alerts as a technique. These emails inform you that your computer may be infected with a virus and provide a fix—often an antivirus scan—to eliminate the purported online danger. But if you fall for the trick and click the link, the hacker could get into your computer or download a file that does bad things. Do not click on a strange email link if you think your computer may be infected. To safeguard your endpoints, seek out reliable cybersecurity software solutions.

• Email spoofing
Why do phishing email schemes work so well? Because scam emails expertly imitate official business messaging to persuade you to take action. In a spoofing attack, a spammer chooses a firm brand that their target audience will recognise and trust, such as a bank or an employer, and then replicates its formatting and logos. Check the From line to ensure that the sender’s email address—not merely the

alias—is valid before responding or clicking anything. If in doubt, get in touch with the business to make sure the email is legitimate.

• Sweepstakes winners
Spammers frequently send emails stating that the recipient has won a contest or prize. They might ask you to click a link or provide some personal information in exchange for your prize and push you to act swiftly. Don’t click on any links or reply with any personal information if you don’t know the contest or the email address sounds untrustworthy.

• Money scams
Sadly, spammers take advantage of people’s benevolence. Emails requesting assistance in urgent situations are a popular starting point for money scams. The spammer makes up a tale about requiring money for a horrible life event or a family emergency. Some con artists, like the perpetrators of the Nigerian prince hoax, want only your bank account details or a minor processing fee in exchange for money. Never transmit money or give out personal information without thinking first.

6. Spam Email Statistics

Nearly half of emails sent globally, according to Statista, are spam. And the US, China, and Russia are among the nations from which the majority of these spam emails originate. Read on to learn the most recent email spam statistics and how many spam emails are sent every day from various locations around the world.

• Worldwide email spam statistics
Find out how many spam emails are sent globally by taking a broad perspective. You must first be aware of how many emails are sent globally in order to know that, though. In H1 2022, nearly 319.6 billion emails per day are expected to be sent and received.

45.37% of all emails in H1 2022 were classified as spam.
Spam volume peaked between 2021 and H1 2022, when 283 billion out of 336.41 billion emails were junk.
Out of 105.67 billion emails, there were about 88.88 billion spam emails sent globally in H1 2022.
The carbon footprint of one spam email is around 0.03g of CO2e. Thus, the quantity of spam emails sent in H1 2022 could have caused the release of around 4.5 tonnes of CO2e.

Different types of spam emails
Spam emails can contain ads, chain letters, phishing scams, hoaxes, money scams, malware warnings, adult content, etc.

Marketing and advertising emails are the most prevalent kinds of spam, making up around 36% of all spam emails.
About 31.7% of all spam is made up of emails with explicit content. This is the second most common type of spam.
As the third most prevalent kind of spam, financial-related emails account for around 26.5% of all spam emails.
5% of spam emails contain fraud or schemes. Seventy-three percent of these are phishing emails.

Email spam statistics

Email is used in about 96% of phishing attacks.
In H1 2022, business email compromise (BEC) attacks affected 77% of organisations.
Attacks like supplier invoicing fraud and payroll redirection are examples of BEC.
In H1 2022, the average price of a BEC exploit was $5.96 million.
In H1 2022, 83% of businesses experienced successful email-based phishing attacks.
39% of people reported getting at least one questionable email attachment.
15% of people reported receiving an email from someone posing as their company.

• Spam emails percentage

With an estimated 8.61 billion spam emails sent annually, the United States of America leads the world.
China is in second place, with 8.53 billion spam emails sent, is China. In third position, with 8.09billion spam emails, is Russia.
Brazil ranks fourth with 8.03 billion spam emails sent.
India ranks fifth with 7.97 trillion spam emails sent.
With 7.9 billion spam emails, Germany is sixth.
The Czech Republic ranks eighth with 7.83 billion spam emails sent, just behind Germany.
Poland, Bulgaria, and the UK take the final three spots, sending 7.77,7.73, and 7.71 billion emails, respectively.

7. How do You Stop Spam Email?

Because it can come from botnets, spam email can be challenging to stop. Botnets are collections of infected computer systems. As a result, it may be challenging to identify and stop the initial spammer. Mark any messages you get that seem suspiciously like spam in your email programme, such as those from senders you don’t know. Don’t open any links or files that are attached, not even the ones that say “opt-out” or “unsubscribe.” These links could take you to dangerous websites or downloads, or spammers could put them there to make sure your email address is real.

Users can reduce their vulnerability to spam emails via the following:

Reporting, preventing, and deleting any messages that appear suspicious in their inboxes, such asspam.
For local email clients, add an anti-spam filter from a third party.
Modifying the filter to prevent messages containing specific terms or phrases that are frequentlyused in spam emails from being delivered.
Creating a list of domains, IP addresses, and email addresses that the user trusts and wishes toreceive email from.
Using a temporary email address or a fake email address online, such as on forums.
Never open attachments or links in emails from senders you don’t recognise.

Legitimate senders can stop their emails from being mistaken as spam by doing the following:

Keeping their sender’s reputation in good shape;
Using authentication systems like Sender Policy Framework and Domain Keys Identified Mail
Getting rid of words that can cause anti-spam filters to mark the email as spam;Creating useful and user-friendly information and enhancing email delivery with appealing subjectlines;
Utilizing a trustworthy bulk email service;
Asking users to opt in can help to ensure that they are interested and less likely to mark the emailas spam.
Using a reliable bulk email service.

8. We can Use Anti-Spam Software

Software known as “anti-spam” seeks to identify and prevent potentially harmful email from user inboxes. Spam is often an unwanted message that you didn’t ask for, and it’s also often an ad for a product that may be harmful or real, but is still unwanted.

9. Anti-Spam Software Working

Filters used by anti-spam software restrict access to user inboxes to known and authorised email addresses only. If anti-spam software marks a legitimate email as spam by mistake, it usually lets you look at emails that have been marked as spam.

10. Importance of an Anti-Spam Software

Email inboxes are”decluttered” by anti-spam software, which removes time-wasting and annoying emails.
Anti-spam software aids in preventing fraudulent emails that deceive recipients into disclosing private information.
Anti-spam software helps keep viruses, malware, and ransomware from getting into the computer networks of a business.

11. Features of Anti-Spam Software

0.0001%falsepositives,itprevents99%ofspamfromenteringanorganization’snetworksystem.
With a 100% availability SLA, we block 100% of malware attacks.
Clear out your inboxes by using graymail products that are simple to file, including mailing listsand newsletters.
It provides users with the resources they require to maintain their own lists of permitted and blocked senders. As a result, tech support will become less necessary.
Allow administrators to manage anti-spam software policies centrally and precisely.

12. Popular Anti-Spam Techniques

➢ Spam email addresses that have been designated by the user.
➢ Automatic spam detection by users or admins
➢ Researchers and law enforcement personnel can recognise spam.

13. Conclusion

Spam is unwanted and undesirable junk email that is occasionally sent in large volumes to a large recipient list. Sending undesirable email to a large list of subscribers in bulk is known as “email spam,” sometimes referred to as “trash email.” Spam can be sent by real people, but more often than not it is sent by a botnet, which is a group of computers that have been infected with malware and are controlled by one attacking party (the bot herder). Spam can also be distributed through social media platforms, text messaging, and email. In this article, we are discussing email spam from the perspective of common users. Further, maintaining current with email security advances is crucial for your company in this situation. More than 440 million emails containing phishing scams and malware were found in H1 2022, according to several studies, proving that cybercriminals are still as active and driven as ever. We explain this in this article to assist you in improving your cybersecurity posture.

The article has been written by

Dr. Rajeev Kumar is Assistant Professor, Centre for Innovation & Technology, Administrative Staff College of India (ASCI), Hyderabad, and also, he is cyber security practitioner.

Prof. Valli Manickam is Professor and Director, Center for Innovation and Technology, ASCI, and is also currently Dean of Training Programs (Short and Long Duration).

Katyayani Palaparty is an IT manager at the ASCI.