One of the greatest risks to IT Security is the prevalence of spam and malicious e-mail correspondence. Spam currently accounts for 92% of all e-mail traffic.
What is Spam?
Spam is often described as unsolicited, questionable, mass-emailed advertisements (i.e. the electronic equivalent of junk mail) for the purpose of advertising, phishing, spreading malware, spyware, viruses, etc.
How to Identify Spam?
Identifying spam e-mail may seem like an easy task. However, spammers are becoming more adept at copying the look and feel of messages transmitted from popular websites, organizations and other traditional mail sources. These can trick even the most seasoned internet users.
Here are some ways to identify spam email:
Sender’s E-mail Address: An e-mail from a respectable business or reputable online source will almost certainly come from a genuine domain. If the sender address is from a free email service or if your name appears in the “From” field then it is likely spam.
Recipient’s Email Address: Make sure the recipient’s e-mail address matches yours exactly. Be aware of emails sent to multiple accounts, specified as “undisclosed”, or simply missing altogether.
Random Words in Subject Line: Spammers often place random words in subject line and body to avoid text based spam filters that look for common word strings.
Generic Greeting: If it says something along the lines of “Dear Valued Customer” or “Dear [company name] Member”, it is usually spam.
False Sense of Urgency: Some e-mails are designed to panic us into action. Be aware of threats or warnings of potential consequences in the email body that attempt to force you to take steps.
Links and URLs: Legitimate businesses and websites would simply ask you to log into your account at the official website rather than click on a link. Hover the cursor over the link and you can see the actual url address that the link redirects to. If it is different from the official website or looks suspicious, avoid completely.
Unsafe attachments: Avoid opening any attachments whatsoever in suspicious email. They can be disguised as documents, images but can launched malicious viruses and trojans that can wreak havoc on your system.
Grammatical/Spelling Errors: You should be suspicious of any message that is poorly written. Authentic correspondence is typically checked thoroughly before distribution and grammatical errors are usually a dead giveaway.
Requests for Personal Information: E-mails asking for money, personal information, passwords and other sensitive information are almost always a fake. If you think the e-mail is genuine, contact the sender by phone.
Potential Damage caused by Spam
The damage caused to the recipients of spam are as follows:
Loss of data and sensitive information
Damage to computers and network assets
Loss of productivity
Puts strain on corporate network resources: bandwidth, disk space, mail saturation, etc.
The risk of sending spam under your name or from your PC or domain and being identified as a spammer.
How to Protect Yourself Against Spam?
Consider the following guidelines for protecting yourself against spam and minimizing its effects:
Ensure that Antivirus and Anti-malware are installed and up-to-date on all computers and servers. Avoid free antivirus software which can be easily compromised.
Try not to open e-mails from unknown or suspicious senders. Immediately mark as junk and delete unsafe emails.
Never click on e-mail attachments or links from unknown or suspicious senders.
Do not publish your e-mail address on any public websites.
Never reply to a spam message and never click on the “Unsubscribe” link or button. By doing so you have told the spammer that your e-mail address is valid and active.
Never give out personal information like passwords or credit card info over e-mail or on unsecure websites.
Contact your IT Service Provider if unsure of any suspicious e-mail correspondence received.