Spam Email

Spam is unsolicited bulk email messages, also known as junk email.

Spammers typically send an email to millions of addresses, with the expectation that only a small number of recipients will respond to the message.

Spammers gather email addresses from a variety of sources, including using software to harvest them from address books. The collected email addresses are often also sold to other spammers. Spam comes in various forms. Some spam emails push scams. Others are used to conduct email fraud. Spam also comes in the form of phishing emails that use brand impersonation to trick users into revealing personal information, such as login credentials or credit card details.

Types of spam vary from more benign marketing spam to more serious threats where hackers look to steal data, compromise accounts, or spread malware.

• Email fraud: Unsolicited bulk email messages that promote products or services. These could also include get-rich-quick offers, “419” scams, or various pyramid schemes. While most are simply a nuisance, these messages can have a negative impact on performance and productivity in organizations if left undetected.
• Phishing emails: Spam messages can carry phishing attacks. These emails look to trick individuals into disclosing sensitive information like Social Security numbers, passwords, or account details. These attacks are usually sent in large numbers to both businesses and consumers — more or less at random — with an expectation that only a small number of recipients will respond.
• Malware spam: Spam is often used to distribute malicious links or attachments to trick users into downloading malware, viruses, or ransomware.

Around 320 billion email spam messages are sent every day. In fact, around half of all email traffic globally is spam. If left undetected, these unsolicited messages will flood corporate inboxes, overwhelming email servers, impacting productivity, and spreading malware. Spam costs businesses about $20 billion per year in losses. It lowers productivity by flooding inboxes with junk mail and impacts server traffic to process messages.

There are several strategies that can be put in place to protect against spam and other unsolicited email:

• Deploy spam and virus filters. If your email security spam filters are properly set up, most spam messages will never make it into your users’ inboxes. Make sure your filtering includes virus scanning, spam scoring, real-time intent analysis, reputation checks, and URL link protection.
• Do not respond to spam. People are curious enough about spam that they respond either out of curiosity, to unsubscribe, or to ask for more information. By responding to spam, you demonstrate to senders that your email address is valid, and this will lead them to send you more spam. Train your users to avoid responding to or forwarding spam messages.
• Train users to identify spam and phishing messages. While spam filters and other technology solutions can help prevent spam and phishing messages from reaching inboxes, educating users about the dangers of phishing campaign emails is a critical component of cyber security for any organization. User security awareness training helps every employee recognize, avoid, and report potential threats that can compromise critical data and systems. As part of the training, mock phishing and other attack simulations are typically used to test and reinforce good behavior.