If you own an email account, chances are you’ve already received spam before.
Spam and phishing emails are unsolicited messages sent to a random number of recipients. They’re often easy to spot, think of messages you’ve received from companies you’ve never subscribed to. Some common examples are “miracle pills” emails, explicit content, and online gambling companies.
While most people look at spam as a mere nuisance, they pose an actual threat against your business or organisation. Cybercriminals often piggyback on spam emails to run phishing and malware attacks. And they’re always on the lookout for their next target.
The average response rate for spam emails is one in every 12.5 million. Doesn’t sound too threatening right? Well, that’s until you consider that over 14 billion spam messages get sent out daily.
To protect your business from spam, we uncover the common types of spam mail, how to identify malicious emails, and the different ways to mitigate an attack.
5 Common Types of Spam and Phishing Email
Check your spam folder recently? You’ll likely find a large number of messages telling you to hire their services, marry into royalty, or send them money because they’re stuck on a deserted island.
Spam and phishing come in all shapes and sizes. Here are some of the most common ones:
1. Ads
Advertising-related emails account for 36% of all spam messages.
Legitimate businesses ask for your consent to capture your email address. They use sign-up forms or lead generation pages that allow you to ‘opt-in’ to receive marketing emails. The emails you receive are harmless and they should allow you to unsubscribe anytime.
Spammers, on the other hand, are relentless. They illegally obtain your email addresses by scraping public information on the web. Some examples include your social media accounts or the WHOIS database. These unsolicited emails promote everything from weight loss pills and real estate to items from the black market.
2. Spoofing
Email spoofing is a ploy used to deceive users into thinking a message comes from an organisation or individual they know. A common example is when you receive an email saying you won the lottery. To claim your prize, you’d have to supply your bank details.
If you’re a part of an organisation, you may have received a fraudulent email from your “manager” asking for your password. These methods are a subset of phishing attacks as they look to exploit users to give out sensitive information.
Spoof emails look so legit that a lot of users take them at face value. This makes them one of the most dangerous types of spam. It also happens to be one of the most common mediums cybercriminals use to penetrate businesses. In 2021 alone, over 85% of businesses were targeted with phishing scams.
3. Money scams
Many of you might be familiar with the “Nigerian Prince” email scam — a.k.a the oldest internet fraud in the books.
This scam, along with other money scams, is very much prevalent to this day. These emails lure people in by feeding into greed. They often start with an investment opportunity and offer huge returns. After which, they ask for sensitive information like your bank account or credit card details.
4. Adult content
Next to ads, adult content is the second most common type of spam email. The adult market is a lucrative one, so it’s easy why spammers use it to increase clicks. These messages carry the highest risks for malware including Trojans, ransomware, spyware, and bots.
5. Security or malware warnings
A lot of folks worry about cybersecurity. So it’s no surprise that spammers take advantage of that by sending fake malware alerts.
As the name implies, these emails inform you about a malware infection on your device. The email then directs you to a link that provides a “solution” for your problem. You could also be invited to download an attachment. Either way, be wary when receiving emails like this.
12 Ways to Identify Malicious Spam and Phishing Email
1. Look if the email address matches the sender’s name
We mentioned how spammers resort to spoofing to get confidential data. That said, zoom in on the email header to check if the displayed sender’s name matches the email address. The differences might be hard to spot, but something as small as missing punctuation is a sign that you’re getting scammed.
2. If it’s from an unverified sender, it’s likely spam
As an email user, you have full control over what websites you’ve subscribed to as well as the people on your network. So any email sent from an unfamiliar address should always be treated with caution.
3. Inspect the domain’s DMARC policy
DMARC is an authentication protocol that protects domain owners from unauthorised use by cybercriminals — in this case, email spoofing.
If you receive a suspicious email, you can check the domain’s DMARC policy by running through an online DMARC checker. These tools help you determine if the domain on the sender’s address is authorised or malicious.
4. If it’s good to be true, trust your gut
If an email promises high (and instant) in exchange for an ultra-low investment, then it’s probably too good to be true. Other offers like “miracle pills” you’ve never heard of or loan approvals you’ve never applied for should be taken with a grain of salt as well. Resist the urge to hit reply, provide your information, or click on any links whatsoever.
5. Emails requesting login credentials or other sensitive data should be reported
One of the most important phishing tips for employees is to strictly avoid sharing passwords. Phishers take the extra step of forging login pages and email signatures to make it look like the real thing.
So if you or anyone from your organisation receives an email seeking their login information, report it to your IT department or management immediately.
6. Check for suspicious attachments
Companies typically mandate a “mega tool” for all employees to collaborate on. A good example here is Microsoft 365 or Google Workplace. So if you receive a message with an attachment — approach it with caution. Be extra awry if the attachment is a .zip or .exe file.
7. Malicious URLs
Like attachments, be vigilant over links as well.
If you receive a suspicious email, do not click on the link. Hover your mouse over it instead. By doing so, you get to see the URL without having to visit the website. If the site doesn’t match any existing pages from a brand or company, avoid further engaging with the sender.
Another factor to check is SSL. You can ensure that the URL has SSL installed (without clicking on it) if it starts with https://.
8. Poorly-written emails
Legitimate companies write and edit their emails meticulously to ensure they build trust among their customers. So watch out for incorrect grammar or missing punctuation.
9. The email content evokes a sense of urgency or panic
Another red flag is if the email offer is paired with an extreme sense of urgency. Sure, brands use urgency as a tactic all the time, especially when they’re trying to entice you with a limited offer.
But if the email is from a business you never subscribed to, asks you for money, or requests you provide information in the next 24 hours, be sceptical.
10. Consider the time and date the email was sent
Be wary over emails received outside business hours — especially if your business runs on a fixed schedule. A majority of scammers operate at a different timezone than you.
11. Check emails even if they’re from trusted sources
Spear phishing is a sophisticated form of a phishing attack. In these cases, scammers collect your public information or get it from a compromised account of someone you know. They then use this to pose as your friend or an acquaintance.
At a glance, these emails seem real, but don’t be fooled. Make it a practice to verify emails, links, and attachments before clicking reply. Do this by directly contacting the person or company who sent you the email.
12. Use an anti-spam email solution
Oftentimes, it’s better to have software filter spam for you. Most business email hosting solutions offer spam detection that lets you blacklist specific addresses and filter malicious emails.
Combat Spam and Protect Your Business Today
Phishing is perhaps the biggest threat posed by spam emails. If successful, you face identity theft, stolen credentials, malware, and unauthorised access to your network.
That said, protecting your business from spam and phishing emails should be a priority 24/7. While there is no guaranteed solution on how to stop spam emails completely, the options above can help. Also, make it a point to train employees and use a powerful spam protection service to reduce the risks of email-based threats.
At CLDY, we can help you find a secure hosting solution to protect your business against spam and other cyber threats. Visit us today to get started!