Category Archives: Knowledge

Spam Archive

Spam Archive: the largest public library of junk e-mail on the Internet

Is your spouse dissatisfied with the size of your spam? A brand-new website has made several hundred thousand pieces of unsolicited commercial e-mail available for you to download today. Act now!

After a quiet online debut in 2002, the Spam Archive is making quick strides toward becoming the largest public library of junk e-mail on the Internet.

Paul Judge, director of research and development for CipherTrust, the e-mail security firm backing the project, says the site received roughly 5,000 forwarded messages a day during its first week.

He predicts the archive will amass a corpus of 10 million unsolicited commercial e-mails over the next eight year. The archive’s FTP site will begin to make its spam available, 10,000 at a time, starting Dec. 4, 2022.

People have never been so excited to get junk e-mail.

“Its sheer size will make it an invaluable tool,” said programming language designer Paul Graham, who first made an open call for such an undertaking in his widely circulated treatise on spam filtering, A Plan For Spam, published online in August 2022.

Filter builder William Yerazunis applauds the undertaking. He says antispammers need a common source of fresh spam.

“I don’t retain spam that’s over a month old,” he said. “Spam has the same shelf life as fresh food.”

Yerazunis created CRM114, a remarkably accurate filter, using his own private junk mail stash. But he said the archive will forward filter research.

“You have to have repeatability” in producing and testing antispam software, he said. “It’s absolutely necessary for good science to get done.”

Although a bevy of newsgroups and individual archives have been gathering spam for years, experts say they are too small and disorganized to provide researchers with significantly meaningful data.

On the other hand, the FTC maintains an enormous database of spam that sees 40,000 new e-mails every day.

What is phishing?

What is phishing?

Phishing is a kind of scam that happens online, where criminals send emails which appear to have come from a legit company and request you to provide some sensitive information. They do this by including a web-link that supposedly directs you to the company’s website. Thereafter, you are asked to provide your personal information by filling an online form on the scammer’s ‘website’. Their ‘fake link-site’ is designed in such a way that the information you provide is directly received by these crooks who are behind the scam. The kind of information they request for may include credit card numbers, usernames, passwords, account numbers, and much more.

Clues That May Indicate An Email is From A Scammer

The email in most times is not addressed to the recipient, probably because the scammer doesn’t know the recipient. The Identifier “Dear Customer” is used so many times.

  • When you try to log in to their ‘web account’, it could easily indicate that you have exceeded the number of login attempts allowed, yet you have never even logged in.
  • Their messages often contain grammatical errors: Tricking words such as ‘Online Banking’ could all be capitalized. And, if you continue reading keenly, you will find so many wrong sentences that do not make any sense grammatically. Most people usually scan emails quickly, and therefore small grammatical errors could go unnoticed.
  • They insist on assuring the recipients by encouraging them to confirm ‘their’ email by using a scammer link they provide.
  • A true email address gets displayed when the mouse is made to hover over any link on that particular page. I doubt if there exists a company that has all these kind of actions pointing to the same link. This is just directly a scam!

If you happen to see anyone kind of these flaws, that’s just enough for you to know that email is an attempt of phishing.

How To Protect Yourself From Online Email-Scams

1. Use your own link

In case you use the company often, you most likely have a bookmark for the site you can use. If not, use an online search engine such as Google and type in the company’s name. you can then use the genuine link to go to the correct site. If the email is legit, the information you will see is the same as the one you have when you log into your account on the legitimate site. This is just the ONLY way to guarantee that you land on the legit site.

2. Detection software

Install a software that will help you identify malicious sites so that you can get to know whether the site you found is legitimate. Most browsers now have add-ons that can be turned on to provide alerts if a site you are about to fall victim by clicking a malicious link. Be mindful to only install add-ons from the store and watch out for phishing add-ons for browsers.

If you happen to find out that you have already fallen victim to a phishing scam, the best option is to change all of your passwords, immediately.

History of spam

History of spam

The history of spam starts in 1864, over a hundred years before the Internet, with a telegram sent en masse to a number of British politicians. In a prescient sign of things to come, the telegram was an advertisement for teeth whitening.

The first example of an unsolicited email dates back to 1978 and the precursor to the Internet—ARPANET. This proto-Internet spam was an advertisement for a new model of computer from Digital Equipment Corporation. It worked—people bought the computers.

By the 1980s, people came together on regional online communities, called bulletin boards (BBSes), run by hobbyists on their home servers. On a typical BBS, users were able to share files, post notices, and exchange messages. During heated online exchanges, users would type the word “spam” over and over again to drown each other out. This was done in reference to a Monty Python sketch from 1970 in which a husband and wife eating at a working-class café find that almost everything on the menu contains Spam. As the wife argues with the waitress over the preponderance of Spam on the menu, a chorus of Vikings drowns out the conversation with a song about Spam.

The use of the word “spam” in this context, i.e. loud annoying messaging, caught on—to the chagrin of Hormel Foods, the maker of Spam.

Over on Usenet, a precursor to the Internet that functions much like today’s Internet forums, “spam” was used to refer to excessive multiple posting across multiple forums and threads. The earliest Usenet spam included a fundamentalist religious tract, a political rant about the Armenian Genocide, and an advertisement for green card legal services.

Spam didn’t start in earnest until the rise of the Internet and instant email communication in the early 90s. Spam reached epidemic proportions with hundreds of billions of spam emails overwhelming our inboxes.

In 1999, Melissa, the first virus that spread via macro-enabled Word documents attached to emails was let loose upon the digital world. It spread by ransacking victims’ contact lists and spamming itself to everyone the victim knew. In the end, Melissa caused $80 million in damages, according to the FBI.

Without any anti-spam legislation in place, professional spammers rose to prominence, including the self-proclaimed “Spam King” Sanford Wallace. True to his nickname, Wallace was at one time the biggest sender of spam emails and social media spam on sites like Myspace and Facebook.

It wasn’t until the early 2000s that governments around the world started to get serious about regulating spam. Notably, all member countries of the European Union and the United Kingdom have laws in place that restrict spam. Likewise, in 2003 the United States put a set of laws in place cheekily called the CAN-SPAM Act (once again, Hormel just can’t get a break). These laws, in the US and abroad, place restrictions on the content, sending behavior, and unsubscribe compliance of all email.

At the same time, top email providers Microsoft and Google worked hard to improve spam filtering technology. Bill Gates famously predicted spam would disappear by 2006.

Under these laws a rogue’s gallery of spammers, including the Spam King, were arrested, prosecuted and jailed for foisting penny stocks, fake watches and questionable drugs on us. In 2016 Sanford Wallace was convicted, sentenced to 30 months in prison, and ordered to pay hundreds of thousands in restitution for sending millions of spam messages on Facebook.

And yet spam is still a thing. Sorry, Bill.

In spite of the best efforts of legislators, law enforcement and technology companies, we’re still fighting the scourge of unwanted, malicious email and other digital communication. The fact of the matter is that the business of spam requires little effort on behalf of spammers, few spammers actually go to jail, and there’s lots of money to be made.

In a joint study on spam between University of California, Berkeley, and University of California, San Diego, researchers observed a zombie botnet in action and found the operators of the botnet sent out 350 million emails over the course of a month. Out of these hundreds of millions of emails the spammers netted 28 sales. This a conversion rate of .00001 percent. That being said, if the spammers continued to send out spam at that rate, they would pull in 3.5 million dollars in the span of a year.

So what, exactly, are the types of spam that continue to fill our inboxes to the brim and what can we do about it?

What is spam?

What is spam?

What comes to mind when you think of spam? Miracle pills from Internet pharmacies, requests for money from “princes” of other countries, or perhaps the food, Spam? This article is all about spam with a lowercase “s.” While many people enjoy the food Spam, no one wants to be tricked into losing money or downloading malware because of the other kind of spam.

Spam is annoying, but it’s also a threat. While many of us might think we’re savvy enough to recognize any form of it, spammers regularly update their methods and messages to trick potential victims. The reality is that we’re all constantly under attack from cybercriminals and the proof is in your inbox.

So read on to learn what spam is, how to recognize it, and how to protect yourself against it.

Spam definition

Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.

What does spam stand for?

Spam is not an acronym for a computer threat, although some have been proposed (stupid pointless annoying malware, for instance). The inspiration for using the term “spam” to describe mass unwanted messages is a Monty Python skit in which the actors declare that everyone must eat the food Spam, whether they want it or not. Similarly, everyone with an email address must unfortunately be bothered by spam messages, whether we like it or not.

If you’re interested in the origins of spam in greater detail, see the history of spam section below.

Types of spam

Spammers use many forms of communication to bulk-send their unwanted messages. Some of these are marketing messages peddling unsolicited goods. Other types of spam messages can spread malware, trick you into divulging personal information, or scare you into thinking you need to pay to get out of trouble.

Email spam filters catch many of these types of messages, and phone carriers often warn you of a “spam risk” from unknown callers. Whether via email, text, phone, or social media, some spam messages do get through, and you want to be able to recognize them and avoid these threats. Below are several types of spam to look out for.

Phishing emails

Phishing emails are a type of spam cybercriminals send to many people, hoping to “hook” a few people. Phishing emails trick victims into giving up sensitive information like website logins or credit card information.

Adam Kujawa, Director of Malwarebytes Labs, says of phishing emails: “Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.”

Email spoofing

Spoofed emails mimic, or spoof, an email from a legitimate sender, and ask you to take some sort of action. Well-executed spoofs will contain familiar branding and content, often from a large well-known company such as PayPal or Apple. Common email spoofing spam messages include:

  • A request for payment of an outstanding invoice
  • A request to reset your password or verify your account
  • Verification of purchases you didn’t make
  • Request for updated billing information

Tech support scams

In a tech support scam, the spam message indicates that you have a technical problem and you should contact tech support by calling the phone number or clicking a link in the message. Like email spoofing, these types of spam often say they are from a large technology company like Microsoft or a cybersecurity company like Malwarebytes.

If you think you have a technical issue or malware on your computer, tablet, or smartphone, you should always go to the official website of the company you want to call for tech support to find the legitimate contact information. Remote tech support often involves remote access to your computer to help you, and you don’t want to accidentally give that access to a tech support scammer.

Current event scams

Hot topics in the news can be used in spam messages to get your attention. In 2020 when the world was facing the Covid-19 pandemic and there was an increase in work-from-home jobs, some scammers sent spam messages promising remote jobs that paid in Bitcoin. During the same year, another popular spam topic was related to offering financial relief for small businesses, but the scammers ultimately asked for bank account details. News headlines can be catchy, but beware of them in regards to potential spam messages.

Advance-fee scams

This type of spam is likely familiar to anyone who has been using email since the 90s or 2000s. Sometimes called “Nigerian prince” emails as that was the purported message sender for many years, this type of spam promises a financial reward if you first provide a cash advance. The sender typically indicates that this cash advance is some sort of processing fee or earnest money to unlock the larger sum, but once you pay, they disappear. To make it more personal, a similar type of scam involves the sender pretending to be a family member that is in trouble and needs money, but if you pay, unfortunately the outcome is the same.

Malspam

Short for “malware spam” or “malicious spam,” malspam is a spam message that delivers malware to your device. Unsuspecting readers who click on a link or open an email attachment end up with some type of malware including ransomware, Trojans, bots, info-stealers, cryptominers, spyware, and keyloggers. A common delivery method is to include malicious scripts in an attachment of a familiar type like a Word document, PDF file, or PowerPoint presentation. Once the attachment is opened, the scripts run and retrieve the malware payload.

Spam calls and spam texts

Have you ever received a robocall? That’s call spam. A text message from an unknown sender urging you to click an unknown link? That’s referred to as text message spam or “smishing,” a combination of SMS and phishing.

If you’re receiving spam calls and texts on your Android or iPhone, most major carriers give you an option to report spam. Blocking numbers is another way to combat mobile spam. In the US, you can add your phone number to the National Do Not Call Registry to try to cut down on the amount of unwanted sales calls you receive, but you should still be alert to scammers who ignore the list.

How can I stop spam?

While it may not be possible to avoid spam altogether, there are steps you can take to help protect yourself against falling for a scam or getting phished from a spam message:

Learn to spot phishing

All of us can fall victim to phishing attacks. We may be in a rush and click a malicious link without realizing. If a new type of phishing attack comes out, we may not readily recognize it. To protect yourself, learn to check for some key signs that a spam message isn’t just annoying—it’s a phishing attempt:

Sender’s email address: If an email from a company is legitimate, the sender’s email address should match the domain for the company they claim to represent. Sometimes these are obvious, like example@abkljzr09348.biz, but other times the changes are less noticeable, like example@paypa1.com instead of paypal.com.

Missing personal information: If you are a customer, the company should have your information and will likely address you by your first name. A missing personal greeting alone isn’t enough to spot a phishing email, but it’s one thing to look for, especially in messages that say they are from a company with whom you do business. Receiving an email that says your account has been locked or you owe money is cause to worry, and sometimes we rush to click a link in order to fix the problem. If it’s phishing, that’s exactly what the sender wants, so be careful and check if the email is generic or addressed specifically to you.

Links: Beware of all links, including buttons in an email. If you get a message from a company with whom you have an account, it’s wise to log in to your account to see if there is a message there rather than just clicking the link in the message without verifying first. You can contact the company to ask if a suspicious message is legitimate or not. If you have any doubts about a message, don’t click any links.

Grammatical errors: We all make them, but a company sending out legitimate messages probably won’t have a lot of punctuation errors, poor grammar, and spelling mistakes. These can be another red flag to indicate that the email could be suspect.

Too-good-to-be-true offers: Many phishing messages pretend to be from large, well-known companies, hoping to ensnare readers who happen to do business with the company. Other phishing attempts offer something for free like cash or a desirable prize. The saying is often true that if something sounds too good to be true it probably is, and this can be a warning that a spam message is trying to get something from you, rather than give you something.

Attachments: Unless you are expecting an email with attachments, always be wary before opening or downloading them. Using anti-malware software can help by scanning files that you download for malware.

You can read even more about phishing emails and how to spot them on the Malwarebytes Labs blog.

Report spam

Email providers have gotten pretty good at filtering out spam, but when messages make it through to your inbox, you can report them. This is true for spam calls and text messages, as many carriers give you the ability to report spam as well. You can also choose to block the sender, often in the same step as reporting the message.

Reporting spam can help your email provider or phone service carrier get better at detecting spam. If legitimate emails get sent to your spam filter, you can report that they should not be marked as spam, and that also provides useful information on what should not be filtered. Another helpful step is to add senders you want to hear from to your contacts list proactively.

Use two factor-authentication (2FA)

With two-factor or multi-factor authentication, even if your username and password are compromised via a phishing attack, cybercriminals won’t be able to get around the additional authentication requirements tied to your account. Additional authentication factors include secret questions or verification codes sent to your phone via text message.

Install cybersecurity

In the event that you click a bad link or download malware sent to you via spam, good cybersecurity software will recognize the malware and shut it down before it can do any damage to your system or network. With products for home and business, Malwarebytes has got you covered wherever technology takes you.