Category Archives: Knowledge

Beware of Bitcoin Investment Emails Pushing Clipboard Hijackers

A new malspam campaign is under that contains an attachment that when executed will install a Windows clipboard hijacker that attempts to steal Bitcoins from its victims.

This new campaign was discovered by security site My Online Security who received a series of Bitcoin investment related emails. These emails had subject line that included “FW: Review BTC” or “FW: Review Your New Bitcoin International Investment Update 2019” and contained a archive attachment.

Spam Email

This archive includes a JSE file, which is a JavaScript file, that contains a Base64 encoded executable stored in the file as shown below. When the JSE file is executed, it will decode the Base64 encoded file, save it to %Temp%\rewjavaef.exe, and then execute it.


Once executed, a file called Task.exe will be saved to the %AppData%\svchost.exe\ folder as shown below. This file will then be executed as well.


To make sure that the Task.exe is started every time a victim logs into Windows, a startup file called svchost.exe.vbs will be created in the user’s Startup folder.

Startup folder script

The Task.exe program is actually a clipboard hijacker malware that is based off the open source BitPing program created by a security researcher named A Shadow.

A cryptocurrency clipboard hijacker is malware that monitors the Windows Clipboard for certain data, and when detected, swaps it with different data that the attacker wants. In this particular case, Task.exe will monitor the Clipboard for bitcoin addresses, and if one is detected, will swap it for the 3MSghqkGW8QhHs6HD3UxNVp9SRpGvPkk5W address, which is owned by the attacker.

Source Code

As cryptocurrency addresses are typically long and hard to remember, attackers understand that when sending bitcoins, most people will copy an address from another page, site, or program. This malware will detect the copied address in the clipboard and replace it with their own in the hopes the victim won’t notice the swap. Then when the bitcoins are sent, they would be sent to the address under the attacker’s control rather than the intended recipient.

The best way to avoid malware like this is to not open attachments that you receive from strangers or that you are not expecting. Furthermore, you should never run attachments that could execute commands on the computer. This includes JSE, JS, VBS, CMD, PS1, .EXE, or BAT file extensions.

If Windows is not configured to display file extensions, it is strongly suggested that you enable the display of extensions so you do not open malicious documents or executables by mistake.

online phishing scam

Five smart things you should know about phishing

1. Phishing refers to the practice of sending e-mails posing as a genuine service provider and seeking to access confidential information about credit cards and bank accounts.

2. Such e-mails are designed to mislead the investor. Misaligned logos, expanded or contracted photos, or signatures with dubious designations are a giveaway.

3. Look for spelling and punctuation errors and unnecessary use of technical language. The drafts of these mails are not subject to quality checks of the original bank or institution.

4. No bank or service provider will ask you to open an attachment or click a link on a mail. Always access websites using the URL of the bank.

5. The messages that call for urgent action or dire consequences are usually spam. Banks do not send such communication through e-mails.

Spam SEO

Is SEO considered as a kind of spam activity?

Lately, we’ve been seeing a lot of SEO poisoning cases and felt it necessary to spend a little more time explaining them.

SEO (Search Engine Optimization) is all the rave these days. Anybody that owns a website and is trying to make an impact or working to improve their traffic has heard the term, and undoubtedly have become an SEO expert. If you’re not familiar with SEO, here is your quick definition:

“SEO stands for “search engine optimization.” In simple terms, SEO means the process of improving your website to increase its visibility in Google, Microsoft Bing, and other search engines…” Source: Search Engine Land

Many organizations will actually enlist the help of marketing consultants to assist in this optimization process. Ranking on the first page is highly coveted by many. In essence, if you are able to rank on the first page for a specific keyword, phrase, subject, etc. then you have the ability to generate a lot of traffic to your site. This in turn increasing the odds of visits. If you’re an ecommerce site, this equates to purchases. And if you’re a services company, this often equates to new clients. The idea is simple and highly effective. What is even better is that most search engines like Bing, Yahoo, and Google offer set criteria designed to improve your ranking within their searches.

It all sounds pretty awesome right?

Unfortunately, you’re not the only one who knows this. Today, SEO spam is one of the top five attacks we’re seeing on the web, and it’s quickly pushing its way up to number one. SEO attacks becoming so prevalent, we felt the need to do some homework to better understand them.

In the process we found a useful video by Matt Cutts of Google in Youtube. In the video Cutts answered a interesting question about SEO in Google point of view:

Question: Does Google consider SEO to be spam?
Short answer: No

Long answer is below:

Google don’t consider SEO to be spam. Now a few really tech savvy people might get angry at that. So let me explain in a little more detail.

SEO stands for Search Engine Optimization

And essentially it just means trying to make sure that your pages are well represented within search engines. And there’s plenty of white-hat, great quality stuff that you can do as a search engine optimizer. You can do things like making sure that your pages are crawlable. So you want them to be accessible. You want people to be able to find them just by clicking on links. And in the same way, search engines can find them just by clicking on links. You want to make sure that people use the right key words. If you’re using industry jargon or lingo that not everybody else uses, then a good SEO can help you find out, oh, these are key words that you should have been thinking about. You can think about usability, and trying to make sure that the design of the site is good. That’s good for users and for search engines. You can think about how to make your site faster.

Not only does Google use site speed in our rankings as one of the many factors that we use in our search rankings. But if you can make your site run faster, that can also make it a much better experience. So there are an enormous number of things that SEOs do, everything from helping out with the initial site architecture and deciding what your site should look like, and the URL structure, and the templates, and all that sort of stuff, making sure that your site is crawlable, all the way down to helping optimize for your return on investment. So trying to figure out what are the ways that you are going to get the best bang for the buck, doing AB testing, trying to find out, OK, what is the copy that converts, all those kinds of things.

There is nothing at all wrong with all of those white hat methods

Now, are there some SEOs who go further than we would like? Sure. And are there some SEOs who actually try to employ black hat techniques, people that hack sites or that keyword stuff and just repeat things or that do sneaky things with redirects? Yeah, absolutely. But our goal is to make sure that we return the best possible search results we can. And a very wonderful way that search engine optimizers can help is by cooperating and trying to help search engines find pages better.

SEO is not spam. SEO can be enormously useful

SEO can also be abused. And it can be overdone. But it’s important to realize that we believe, in an ideal world, people wouldn’t have to worry about these issues. But search engines are not as smart as people yet. We’re working on it. We’re trying to figure out what people mean. We’re trying to figure out synonyms, and vocabulary, and stemming so that you don’t have to know exactly the right word to search for what you wanted to find. But until we get to that day, search engine optimization can be a valid way to help people find what they’re looking for via search engines.

We provide webmaster guidelines on There’s a free webmaster forum. There are free webmaster tools. There’s a ton of HTML documentation. So if you search for SEO starter guide, we’ve written a beginner guide where people can learn more about search engine optimization. But just to be very clear, there are many, many valid ways that people can make the world better with SEO. It’s not the case that, sometimes you’ll hear SEOs are criminals. SEOs are snake oil salesmen. If you find a good person, someone that you can trust, someone that will tell you exactly what they’re doing, the sort of person where you get good references, or you’ve seen their work and it’s very helpful, and they’ll explain exactly what they’re doing, they can absolutely help your website. So I just wanted to dispel that misconception. Some people think Google thinks all SEO is spam. And that’s definitely not the case. There are a lot of great SEOs out there. And I hope you find a good one to help with your website.

But.. SEO has evolved in many areas.

The challenge with that is how SEO has evolved. In our own experience, it is no longer this simple, and the majority of the SEO attacks revolve around pharmaceutical injections. A recent study actually discusses why the pharmaceutical affiliate marketing model has become so effective and highly coveted with blackhats today. If you’re wondering why, it’s because of how economically rewarding it is. That’s a post for another day though.

The good news is that principles of these SEO spams are still the same today. In 2010 Sophos described the following:

At the heart of the SEO attack is the ability to feed search engine crawlers content to index and redirect users to malicious sites.

Today that is still key, but their methods have evolved. We’re seeing highly complex malware injections that are intelligent by being able to adapt to incoming traffic. Many are targeting the search engine IPs like Bing and Google, while others are being wrapped into conditional logic that only presents itself when specific conditions are met, and yet others are being tied into Command and Control nodes that are dictating what the site should do on visit.

More and more of them however are integrating themselves into the Pharmaceutical affiliate model as described above. What is perhaps most interesting about this is that those sites are rarely distributing drive-by-download payloads. Instead they are being maintained in pristine condition with no other anomalies other than the improper redirection.

We are also seeing no real preference on the brand or traffic of the site. In fact it appears that they are more than content with low-hanging fruit than they are in penetrating a high-ranking site with a well-known brand. This we find exceptionally interesting.

Many have undoubtedly experienced the impact of these SEO attacks. They often lead to the inevitable warning by Google, “This site may be compromised!” or “Something’s not right here!” We wrote a post describing these warnings earlier this year.

Unfortunately, there is no real solution to this problem. The threat landscape in which most websites live is just too large and most website owners really don’t care about it. That’s probably today’s biggest issue.

So where does that leave things today?

If you have any questions or comments about this post please leave a your comment at our contact page.

PHP Spam Poison – Free Download


The PHP Spam Poison is a fake-page generator that simulates long lists of fake email addresses and links to more generated pages, to be harvested by spam-robots, effectively poisoning their databases with useless email addresses. This spam poisoner was inspired by the WPoison software from

Features of the PHP Spam Poison

  • It uses PHP, so no CGI access is needed.
  • Fast and lightweight.
  • Highly configurable.
  • Can be included by others PHP pages.
  • Require software available in most hosting services.
  • Doesn’t require a SQL database.
  • Works in Linux/Unix and Windows servers (with IIS or Apache).
  • GPL license (open-source).
  • Simple to install.


Required: PHP 4.1.x or higher. Your web server should be able to interpret the PHP language. It really doesn’t matter the platform (tested with GNU/Linux and Windows 2000).
Required: A web server. It should work with any web server running in your workstation or server (tested with Apache in GNU/Linux, with Apache in Windows 2000 and IIS in Windows 2000).

Download the PHP Spam Poison

The current version are available as a tar.gz package or as a zip file at

Also you can find ther the Readme (readme.txt), Changelog (version.txt), checksums (checksums.txt) and license (license.txt) files.

Installation of the PHP Spam Poison


1) Get the files
Get the files from (There are zip and tar.gz files available). Be sure to download also the wordlist.

2) Unpack

Extract the script files in a web server directory. That will create a “phpwpoison” directory with few filesinside. Then unpack the wordlist and save it in the same directory.

3) Change ownership

Change the ownership of those files and the directory “phpwpoison” to the user used by your web server (usually “nobody” in Unix/Linux). To change the ownership in Linux/Unix, you execute in a shell terminal.

chown -h -R nobody:nobody phpwpoison/

In Windows environments, using the Windows Explorer, check the Security tab of the Properties dialog of the directory, and set the permissions so that the user IUSR_servername has permissions to read and write on the “phpwpoison” directory.

If you cannot set the ownership, at least be sure to enable writting permissions in the directory.

4) Rename the directory

Rename the phpwpoison directory to a simple name. Avoid “poison”, “spam”, etc. The idea is to not give a clue to those email-harvester robots that this is a trap.

5) Rename the script

Rename the emailusers.php file to any simple name. Avoid “poison”, “spam”, etc. The idea is to not give a clue to those email-harvester robots that this is a trap.

6) Configure

Edit the renamed PHP file, changing at least the pwp_scriptname variable. If you renamed the script to “listusers.php” then set the pwp_scriptname variable to “listusers.php”. Also, check the pwp_html_postheader and pwp_html_footer variables, where you can
insert HTML so the generated pages match your website look.

7) Test

Try to open the renamed PHP file from your the browser thru the web server. (Please note that by default, the script will make a pause of up to 30 seconds before finishing rendering the page; to modify or eliminate that delay, edit the script and change the options pwp_minsleeptime and pwp_maxsleeptime).

8) You are done.

The following step is optional:

9) Create a spammer list (option available since version 1.1.0)

Maybe you already have a list of email addresses of known spammers. A list with real addresses (not fake addresses like those used by most spammers). Some spammers are just uninformed people thinking that spamming is a good business practice. Some of them will stop spamming when learn that spamming is not good for their business. But for those who don’t…

Let the phpwpoison script create fake email addresses mixed with spammers addresses. Let other spammers know what spamming is all about for the receiver.

Create a text file with each line containing an email address. Avoid using the default spammers.txt filename. Edit the phpwpoison script and change the variables pwp_use_spammer_list, pwp_spammer_file and pwp_spammer_ratio.


Always create a robots.txt file in your site, to let search engines know that they should not visit the spam trap. Email harvesters usually ignore the robots.txt file, so they will fall into the trap anyway.

For more information about the robots.txt file, visit The Web Robots pages or the Robots.txt Tutorial (from SearchEngineWorld).

For example, the robots.txt file in this website looks like this (meaning that search engines should not follow the spam trap located in the users.php webpage):

User-agent: *
Disallow: /users.php
Disallow: /users.php/

The pages generated by phpWPoison may take a few seconds to render, but it’s not because they are slow. It is because phpWPoison waits a random number of seconds before finishing sending the page. The goal is slow-down the spam-spider. You can adjust this waiting time editing the variables pwp_minsleeptime and pwp_maxsleeptime.

You can include the output of the phpWPoison script so it can be shown as part of a different webpage. Just build you hosting page (as PHP) as usual, but for the content use something like:

include_once (“thepoisondir/emailusers.php”);

Then edit the emailusers.php script and change the option pwp_scriptname to the name of the hosting script. Change the option pwp_standalone to false. Also, adjust the paths of the files set in the options pwp_word_file, pwp_cache_file and pwp_spammer_file (which are relatives to the hosting script).

NOTE: if you include the script into another, the pwp_html_preheader, pwp_html_postheader and pwp_html_footer variables are ignored. Then you should provide the meta tag ROBOTS in the head of the hosting webpage (or be sure to provide a robots.txt file in your site).

Spam Archive

Spam Archive: the largest public library of junk e-mail on the Internet

Is your spouse dissatisfied with the size of your spam? A brand-new website has made several hundred thousand pieces of unsolicited commercial e-mail available for you to download today. Act now!

After a quiet online debut in 2002, the Spam Archive is making quick strides toward becoming the largest public library of junk e-mail on the Internet.

Paul Judge, director of research and development for CipherTrust, the e-mail security firm backing the project, says the site received roughly 5,000 forwarded messages a day during its first week.

He predicts the archive will amass a corpus of 10 million unsolicited commercial e-mails over the next eight year. The archive’s FTP site will begin to make its spam available, 10,000 at a time, starting Dec. 4, 2022.

People have never been so excited to get junk e-mail.

“Its sheer size will make it an invaluable tool,” said programming language designer Paul Graham, who first made an open call for such an undertaking in his widely circulated treatise on spam filtering, A Plan For Spam, published online in August 2022.

Filter builder William Yerazunis applauds the undertaking. He says antispammers need a common source of fresh spam.

“I don’t retain spam that’s over a month old,” he said. “Spam has the same shelf life as fresh food.”

Yerazunis created CRM114, a remarkably accurate filter, using his own private junk mail stash. But he said the archive will forward filter research.

“You have to have repeatability” in producing and testing antispam software, he said. “It’s absolutely necessary for good science to get done.”

Although a bevy of newsgroups and individual archives have been gathering spam for years, experts say they are too small and disorganized to provide researchers with significantly meaningful data.

On the other hand, the FTC maintains an enormous database of spam that sees 40,000 new e-mails every day.

What is phishing?

What is phishing?

Phishing is a kind of scam that happens online, where criminals send emails which appear to have come from a legit company and request you to provide some sensitive information. They do this by including a web-link that supposedly directs you to the company’s website. Thereafter, you are asked to provide your personal information by filling an online form on the scammer’s ‘website’. Their ‘fake link-site’ is designed in such a way that the information you provide is directly received by these crooks who are behind the scam. The kind of information they request for may include credit card numbers, usernames, passwords, account numbers, and much more.

Clues That May Indicate An Email is From A Scammer

The email in most times is not addressed to the recipient, probably because the scammer doesn’t know the recipient. The Identifier “Dear Customer” is used so many times.

  • When you try to log in to their ‘web account’, it could easily indicate that you have exceeded the number of login attempts allowed, yet you have never even logged in.
  • Their messages often contain grammatical errors: Tricking words such as ‘Online Banking’ could all be capitalized. And, if you continue reading keenly, you will find so many wrong sentences that do not make any sense grammatically. Most people usually scan emails quickly, and therefore small grammatical errors could go unnoticed.
  • They insist on assuring the recipients by encouraging them to confirm ‘their’ email by using a scammer link they provide.
  • A true email address gets displayed when the mouse is made to hover over any link on that particular page. I doubt if there exists a company that has all these kind of actions pointing to the same link. This is just directly a scam!

If you happen to see anyone kind of these flaws, that’s just enough for you to know that email is an attempt of phishing.

How To Protect Yourself From Online Email-Scams

1. Use your own link

In case you use the company often, you most likely have a bookmark for the site you can use. If not, use an online search engine such as Google and type in the company’s name. you can then use the genuine link to go to the correct site. If the email is legit, the information you will see is the same as the one you have when you log into your account on the legitimate site. This is just the ONLY way to guarantee that you land on the legit site.

2. Detection software

Install a software that will help you identify malicious sites so that you can get to know whether the site you found is legitimate. Most browsers now have add-ons that can be turned on to provide alerts if a site you are about to fall victim by clicking a malicious link. Be mindful to only install add-ons from the store and watch out for phishing add-ons for browsers.

If you happen to find out that you have already fallen victim to a phishing scam, the best option is to change all of your passwords, immediately.

History of spam

History of spam

The history of spam starts in 1864, over a hundred years before the Internet, with a telegram sent en masse to a number of British politicians. In a prescient sign of things to come, the telegram was an advertisement for teeth whitening.

The first example of an unsolicited email dates back to 1978 and the precursor to the Internet—ARPANET. This proto-Internet spam was an advertisement for a new model of computer from Digital Equipment Corporation. It worked—people bought the computers.

By the 1980s, people came together on regional online communities, called bulletin boards (BBSes), run by hobbyists on their home servers. On a typical BBS, users were able to share files, post notices, and exchange messages. During heated online exchanges, users would type the word “spam” over and over again to drown each other out. This was done in reference to a Monty Python sketch from 1970 in which a husband and wife eating at a working-class café find that almost everything on the menu contains Spam. As the wife argues with the waitress over the preponderance of Spam on the menu, a chorus of Vikings drowns out the conversation with a song about Spam.

The use of the word “spam” in this context, i.e. loud annoying messaging, caught on—to the chagrin of Hormel Foods, the maker of Spam.

Over on Usenet, a precursor to the Internet that functions much like today’s Internet forums, “spam” was used to refer to excessive multiple posting across multiple forums and threads. The earliest Usenet spam included a fundamentalist religious tract, a political rant about the Armenian Genocide, and an advertisement for green card legal services.

Spam didn’t start in earnest until the rise of the Internet and instant email communication in the early 90s. Spam reached epidemic proportions with hundreds of billions of spam emails overwhelming our inboxes.

In 1999, Melissa, the first virus that spread via macro-enabled Word documents attached to emails was let loose upon the digital world. It spread by ransacking victims’ contact lists and spamming itself to everyone the victim knew. In the end, Melissa caused $80 million in damages, according to the FBI.

Without any anti-spam legislation in place, professional spammers rose to prominence, including the self-proclaimed “Spam King” Sanford Wallace. True to his nickname, Wallace was at one time the biggest sender of spam emails and social media spam on sites like Myspace and Facebook.

It wasn’t until the early 2000s that governments around the world started to get serious about regulating spam. Notably, all member countries of the European Union and the United Kingdom have laws in place that restrict spam. Likewise, in 2003 the United States put a set of laws in place cheekily called the CAN-SPAM Act (once again, Hormel just can’t get a break). These laws, in the US and abroad, place restrictions on the content, sending behavior, and unsubscribe compliance of all email.

At the same time, top email providers Microsoft and Google worked hard to improve spam filtering technology. Bill Gates famously predicted spam would disappear by 2006.

Under these laws a rogue’s gallery of spammers, including the Spam King, were arrested, prosecuted and jailed for foisting penny stocks, fake watches and questionable drugs on us. In 2016 Sanford Wallace was convicted, sentenced to 30 months in prison, and ordered to pay hundreds of thousands in restitution for sending millions of spam messages on Facebook.

And yet spam is still a thing. Sorry, Bill.

In spite of the best efforts of legislators, law enforcement and technology companies, we’re still fighting the scourge of unwanted, malicious email and other digital communication. The fact of the matter is that the business of spam requires little effort on behalf of spammers, few spammers actually go to jail, and there’s lots of money to be made.

In a joint study on spam between University of California, Berkeley, and University of California, San Diego, researchers observed a zombie botnet in action and found the operators of the botnet sent out 350 million emails over the course of a month. Out of these hundreds of millions of emails the spammers netted 28 sales. This a conversion rate of .00001 percent. That being said, if the spammers continued to send out spam at that rate, they would pull in 3.5 million dollars in the span of a year.

So what, exactly, are the types of spam that continue to fill our inboxes to the brim and what can we do about it?

What is spam?

What is spam?

What comes to mind when you think of spam? Miracle pills from Internet pharmacies, requests for money from “princes” of other countries, or perhaps the food, Spam? This article is all about spam with a lowercase “s.” While many people enjoy the food Spam, no one wants to be tricked into losing money or downloading malware because of the other kind of spam.

Spam is annoying, but it’s also a threat. While many of us might think we’re savvy enough to recognize any form of it, spammers regularly update their methods and messages to trick potential victims. The reality is that we’re all constantly under attack from cybercriminals and the proof is in your inbox.

So read on to learn what spam is, how to recognize it, and how to protect yourself against it.

Spam definition

Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.

What does spam stand for?

Spam is not an acronym for a computer threat, although some have been proposed (stupid pointless annoying malware, for instance). The inspiration for using the term “spam” to describe mass unwanted messages is a Monty Python skit in which the actors declare that everyone must eat the food Spam, whether they want it or not. Similarly, everyone with an email address must unfortunately be bothered by spam messages, whether we like it or not.

If you’re interested in the origins of spam in greater detail, see the history of spam section below.

Types of spam

Spammers use many forms of communication to bulk-send their unwanted messages. Some of these are marketing messages peddling unsolicited goods. Other types of spam messages can spread malware, trick you into divulging personal information, or scare you into thinking you need to pay to get out of trouble.

Email spam filters catch many of these types of messages, and phone carriers often warn you of a “spam risk” from unknown callers. Whether via email, text, phone, or social media, some spam messages do get through, and you want to be able to recognize them and avoid these threats. Below are several types of spam to look out for.

Phishing emails

Phishing emails are a type of spam cybercriminals send to many people, hoping to “hook” a few people. Phishing emails trick victims into giving up sensitive information like website logins or credit card information.

Adam Kujawa, Director of Malwarebytes Labs, says of phishing emails: “Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.”

Email spoofing

Spoofed emails mimic, or spoof, an email from a legitimate sender, and ask you to take some sort of action. Well-executed spoofs will contain familiar branding and content, often from a large well-known company such as PayPal or Apple. Common email spoofing spam messages include:

  • A request for payment of an outstanding invoice
  • A request to reset your password or verify your account
  • Verification of purchases you didn’t make
  • Request for updated billing information

Tech support scams

In a tech support scam, the spam message indicates that you have a technical problem and you should contact tech support by calling the phone number or clicking a link in the message. Like email spoofing, these types of spam often say they are from a large technology company like Microsoft or a cybersecurity company like Malwarebytes.

If you think you have a technical issue or malware on your computer, tablet, or smartphone, you should always go to the official website of the company you want to call for tech support to find the legitimate contact information. Remote tech support often involves remote access to your computer to help you, and you don’t want to accidentally give that access to a tech support scammer.

Current event scams

Hot topics in the news can be used in spam messages to get your attention. In 2020 when the world was facing the Covid-19 pandemic and there was an increase in work-from-home jobs, some scammers sent spam messages promising remote jobs that paid in Bitcoin. During the same year, another popular spam topic was related to offering financial relief for small businesses, but the scammers ultimately asked for bank account details. News headlines can be catchy, but beware of them in regards to potential spam messages.

Advance-fee scams

This type of spam is likely familiar to anyone who has been using email since the 90s or 2000s. Sometimes called “Nigerian prince” emails as that was the purported message sender for many years, this type of spam promises a financial reward if you first provide a cash advance. The sender typically indicates that this cash advance is some sort of processing fee or earnest money to unlock the larger sum, but once you pay, they disappear. To make it more personal, a similar type of scam involves the sender pretending to be a family member that is in trouble and needs money, but if you pay, unfortunately the outcome is the same.


Short for “malware spam” or “malicious spam,” malspam is a spam message that delivers malware to your device. Unsuspecting readers who click on a link or open an email attachment end up with some type of malware including ransomware, Trojans, bots, info-stealers, cryptominers, spyware, and keyloggers. A common delivery method is to include malicious scripts in an attachment of a familiar type like a Word document, PDF file, or PowerPoint presentation. Once the attachment is opened, the scripts run and retrieve the malware payload.

Spam calls and spam texts

Have you ever received a robocall? That’s call spam. A text message from an unknown sender urging you to click an unknown link? That’s referred to as text message spam or “smishing,” a combination of SMS and phishing.

If you’re receiving spam calls and texts on your Android or iPhone, most major carriers give you an option to report spam. Blocking numbers is another way to combat mobile spam. In the US, you can add your phone number to the National Do Not Call Registry to try to cut down on the amount of unwanted sales calls you receive, but you should still be alert to scammers who ignore the list.

How can I stop spam?

While it may not be possible to avoid spam altogether, there are steps you can take to help protect yourself against falling for a scam or getting phished from a spam message:

Learn to spot phishing

All of us can fall victim to phishing attacks. We may be in a rush and click a malicious link without realizing. If a new type of phishing attack comes out, we may not readily recognize it. To protect yourself, learn to check for some key signs that a spam message isn’t just annoying—it’s a phishing attempt:

Sender’s email address: If an email from a company is legitimate, the sender’s email address should match the domain for the company they claim to represent. Sometimes these are obvious, like, but other times the changes are less noticeable, like instead of

Missing personal information: If you are a customer, the company should have your information and will likely address you by your first name. A missing personal greeting alone isn’t enough to spot a phishing email, but it’s one thing to look for, especially in messages that say they are from a company with whom you do business. Receiving an email that says your account has been locked or you owe money is cause to worry, and sometimes we rush to click a link in order to fix the problem. If it’s phishing, that’s exactly what the sender wants, so be careful and check if the email is generic or addressed specifically to you.

Links: Beware of all links, including buttons in an email. If you get a message from a company with whom you have an account, it’s wise to log in to your account to see if there is a message there rather than just clicking the link in the message without verifying first. You can contact the company to ask if a suspicious message is legitimate or not. If you have any doubts about a message, don’t click any links.

Grammatical errors: We all make them, but a company sending out legitimate messages probably won’t have a lot of punctuation errors, poor grammar, and spelling mistakes. These can be another red flag to indicate that the email could be suspect.

Too-good-to-be-true offers: Many phishing messages pretend to be from large, well-known companies, hoping to ensnare readers who happen to do business with the company. Other phishing attempts offer something for free like cash or a desirable prize. The saying is often true that if something sounds too good to be true it probably is, and this can be a warning that a spam message is trying to get something from you, rather than give you something.

Attachments: Unless you are expecting an email with attachments, always be wary before opening or downloading them. Using anti-malware software can help by scanning files that you download for malware.

You can read even more about phishing emails and how to spot them on the Malwarebytes Labs blog.

Report spam

Email providers have gotten pretty good at filtering out spam, but when messages make it through to your inbox, you can report them. This is true for spam calls and text messages, as many carriers give you the ability to report spam as well. You can also choose to block the sender, often in the same step as reporting the message.

Reporting spam can help your email provider or phone service carrier get better at detecting spam. If legitimate emails get sent to your spam filter, you can report that they should not be marked as spam, and that also provides useful information on what should not be filtered. Another helpful step is to add senders you want to hear from to your contacts list proactively.

Use two factor-authentication (2FA)

With two-factor or multi-factor authentication, even if your username and password are compromised via a phishing attack, cybercriminals won’t be able to get around the additional authentication requirements tied to your account. Additional authentication factors include secret questions or verification codes sent to your phone via text message.

Install cybersecurity

In the event that you click a bad link or download malware sent to you via spam, good cybersecurity software will recognize the malware and shut it down before it can do any damage to your system or network. With products for home and business, Malwarebytes has got you covered wherever technology takes you.