The concept of SPAM and methods of counteracting it

The word “SPAM” originally referred to the popular canned ham produced by Hormel Foods since 1937. This product gets its name as an abbreviation for “SPiced hAM” (peppered ham). SPAM became extremely popular during World War II because of its long shelf life and ease of preparation. This popular meat product has been used extensively in the rations of allied troops. To this day, it is an extremely popular cheap canned food that can be bought in almost any country in the world.

It is thanks to an active, even aggressive advertising campaign and a huge number of brochures sent to every mailbox that SPAM has become a household name for intrusive advertisements, including on the Internet.

Spam as he understands it today, is an unpleasant and even dangerous tool. Every year its volume increases, which creates a lot of inconveniences and risks for both ordinary users and businesses. Today we’ll look at its types, how it spreads, and the dangers and options to protect against it.

Types of spam

SPAM is unwanted messages that are sent by in varying amounts and without the consent of the recipients. It can take many forms and be used in a variety of delivery channels.

• E-mail SPAM (E-mail SPAM).

The most common spam tool that includes unwanted promotional emails. It can be advertising of goods and services: offers to buy medicines, cosmetics, software, etc. The problem in this case is that such emails often contain links to malicious sites or offer questionable products and services. They can also be emails promising large lottery winnings or inheritance from unknown relatives, designed to phish the user’s data.

• SMS spam.

Unwanted text messages sent to cell phones. SMS spam can be both advertising and fraudulent – call a paid number, send a paid SMS, etc.

• Social Media.

Posts or comments containing promotional or malicious links distributed through social media platforms. A prime example is links to fake websites masquerading as real social media pages.

• In messengers.

Unwanted messages sent via popular messengers (WhatsApp, Viber, Telegram). A particularly dangerous and widespread species, as it is the most massive and constantly caught by users.

• In blogs and forums.

Automated or manual messages posted in comments by bots or scammers often contain advertising or malicious links.

• Voice Spam (Vishing).

Unwanted phone calls in which an answering machine or live person tries to sell products and services or solicit personal information. It can also be a cheater who presents himself as an acquaintance or loved one. Due to the active development of AI, this type of deception has become particularly dangerous.

Who sends spam and why

Spammers are individuals or organizations that engage in mass mailing of unsolicited messages. Their motives can range from financial gain to attempted hacking and data theft.

• Scammers.

Scammers use spam to conduct various deception schemes to scam money or obtain sensitive information such as bank card details or personal information.

• Marketers.

Some companies and private entrepreneurs use spam to promote their products and services. This is often without the consent of the recipients and breaches data protection legislation.

• Hackers.

Hackers use spam to spread malware or attempt to compromise accounts. Their goal is to gain access to sensitive information or infect users’ devices.

• Competitors.

Sometimes competitors use spam to damage other companies’ reputations. This can be either a direct attack or an attempt to divert customers’ attention.

Sending spam is a crime punishable under Law No. 3014 on Electronic Communications. This may include blocking the IP address or phone number from which the mailing was made; a fine of five times the cost of the mailing for violation of advertising rules. However, it is extremely difficult to prove the fact of mailing, so it is better to effectively defend against it by conducting effective server administration.

How spammers collect contacts

The methods of data collection for the realization of spam are numerous and it is almost impossible to protect yourself completely from it. For example, spammers can view users’ profiles on social media sites such as Facebook, LinkedIn, and Twitter and collect contact information if it is publicly viewable.

There are also black market traffickers selling databases with contacts that can include millions of email addresses and phone numbers. These databases are often collected illegally. Some companies or intermediaries may collect and sell contact information without users’ consent, violating data protection laws, or the data is simply stolen by malicious hackers by hacking into a company’s database, such as a bank or online store. For example, in 2013, retailer Target suffered a major cyberattack that resulted in the theft of 40 million credit cards and the contact information of 70 million customers.

You can also give away your data if your device or server has been subjected to a virus attack or phishing. Spammers also create fake websites that masquerade as legitimate ones or embed malicious software in programs that users download online.

Spammers can also use programs to automatically create and verify email addresses. For example, they can generate addresses from a template consisting of common names and domains, and pick passwords for them by brute-force.

What kind of spam is dangerous

Is it possible to say that this or that spam is more dangerous? Conventionally, if it is purely advertising spam, it is not dangerous. However, you should realize that someone has put your address on the mailing list, which means they got it somewhere, which is a nuisance in itself. Fraudulent SPAM, on the other hand, can be dangerous both from a technical point of view and regarding the human factor. If in the latter case everything rests on the user’s gullibility and experience in using technology, in the former case, no one is immune. You can click on a phishing link or compromise your password either by accident or by doing nothing at all, simply by becoming the victim of a bruteforce attack or a hack of the database of a site that has your data.

How spamming is dangerous for business

Spamming can carry serious threats to a business. Apart from directly leaking or deleting important data, trade secrets and confidential information from a domain, it can seriously affect a company’s reputation and lead to legal problems. For example, spamming on behalf of a company by competitors can undermine customer confidence, and breaches of data protection and anti-spam laws can result in fines. In this case, your business may appear as the perpetrator of the leak rather than the victim, unless you can convince the relevant authorities to adopt all possible data protection measures.

How to protect yourself from spam

It is 100% impossible to protect yourself from a DDoS attack or spam, but you can and should protect yourself as much as possible from its consequences.

• Use of anti-spam filters.

Anti-spam filters are software that automatically identifies and blocks spam messages. Modern email services such as Gmail and Outlook have built-in anti-spam filters that filter out suspicious emails and place them in the “SPAM” folder. There are separate programs and plug-ins for email clients (e.g. SpamAssassin, MailWasher) that offer additional layers of protection. Also, many antivirus programs (including firewalls) include modules to protect against phishing emails.

• User Education.

Educating employees and users on the basics of safe online behavior is a key element in protecting against spam. Users should be able to recognize the signs of phishing emails, such as suspicious links, requests for personal information.

• Blocking spammers.

Mail services and antivirus programs can use blacklists that include known addresses and domains of spammers. These lists are updated on a regular basis to improve the effectiveness of the defense. Users can create their own filters and rules to block spam by configuring the email client to automatically sort and delete unwanted messages.

• Use of complex passwords and two-factor authentication.

It is recommended that you use unique and complex passwords for each account. Passwords must contain a combination of letters, numbers and special characters. Two-factor authentication adds an extra layer of protection by requiring a second factor (such as a code sent to a cell phone) to be entered when logging into an account.

• Restrict public access to contact information.

Customize the privacy of your social media accounts so that your contact information is only visible to friends or select users. Create separate e-mail addresses for different purposes (e.g., website signups, newsletter subscriptions, and personal correspondence). Also create separate bank cards in your bank accounts from which you will pay for online purchases. Replenish them only as needed.

Also, regularly back up your data, passwords, and if possible, store them on physical media not connected to the network – flash drives, hard drives, or SSDs. Use a quality reliable hosting service for your business.

A comprehensive approach to protection and attention to digital hygiene will help you effectively combat spam and minimize the risks associated with receiving unwanted messages.