Con artists on the Internet have employed various tactics throughout the years. As of now, their primary method is cryptocurrency mining and before that it was ransomware and many other approaches. Still, there’s one more thing that has been around for a very long time and, despite that, remains the preferred one for cybercriminals. It’s spam and it’s still going strong, decade after decade, byte after byte, more than 40 years after the email spam was sent out for the first time. This has been discovered through the research conducted by F-Secure and MWR InfoSecurity.
A few new tricks have been added by con artists, but the core still remains the same, with spam being used to spread malicious URLs, scams and malware, and email being the primary engine for it. According to Päivi Tynninen, Threat Intelligence Researcher at F-Secure, 46% of spam samples that have been noticed during the spring of this year are dating scams, 23% are emails with harmful attachments, and 31% link to dubious sources that should be kept away from. She also adds that the reason for yet another spam resurgence lies in the fact that systems are getting more secure against software exploits and vulnerabilities. So it’s back to basics for cybercriminals, basics that security software isn’t always prepared for. Tynninen says that “just five file types make up 85% of malicious attachments. They are .ZIP, .DOC, .XLS, .PDF, and .7Z.”
The main spam component is still sending out tremendous amounts of emails with an aim of affecting the biggest number of users possible. To achieve that goal, con artists improve their tactics all the time, which allows them to increase click rates. According to Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity, they have risen from 13.4% in the second half of 2017 to 14.2% in 2018. MWR InfoSecurity has created phishd – a service that monitors and makes businesses’ susceptibility to phishing and other data-related attacks better. MWR was acquired by F-Secure in June 2018.
The more spam is sent out, the higher the chances for success are. But MWR dug deeper and, thanks to their effectiveness model, has been able to uncover the methods aimed at the psychology of recipients’ which make for improved results. Such methods include emails being disguised as something that came from a known address (the probability of spam being opened increases by 12% in this case), the lack of errors in a subject line (a 4.5% increase), and urgency being implied in phishing emails that call for action, instead of being direct.
Cybercriminals not only try to affect those who may be new to the online world – they also go for the people that are aware of the dangers waiting for them on the Internet and who refrain from clicking on attachments that come with emails from unfamiliar addresses. Instead of the attachments, links are now sent out that redirect to a harmless site, with this site then redirecting a person to the source that hosts malicious content. Päivi Tynninen says that doing this allows to avoid analysis and keep the malicious content hosted for as long as possible. Adding to that, she mentions that “when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”
Online piracy shouldn’t be considered a primary source of malware – spam still reigns supreme in that department and not all of the users recognize it, opening such emails now more than ever. And that’s the key moment here – if one sees that it’s a spam before him/her, then con artists’ attempts of breaching the computer won’t succeed.