Introduction
Have you ever received an email with a suspicious claim in the subject line, such as a promise of a reward, or a demand to pay a fine that you know nothing about? Maybe you’ve opened your inbox to find it flooded with advertisements for services that sound too good to be true. There are many reasons why someone would send unwanted emails. By the end of this reading, you’ll be able to explain the motivations behind them and the possible dangers they present. You’ll also have a better idea of how to identify potentially harmful emails and the steps you can take to protect yourself.
What is Spam?
Spam refers to unwanted or unsolicited emails sent out in bulk via text or email. Often, these emails appear as advertisements trying to get you to purchase or subscribe to a product or site. But sometimes they ask for more, such as trying to elicit your personal information. Even worse, they may be sent as a trojan horse that encourages you to click on a link that will release malicious code into the system.
As you can probably tell, there are many different kinds of spam, some with more harmful intent than others. Let’s explore some of the specific types of spam that potential attackers might use to cause trouble:
Phishing emails are messages that try to hook people and trick them into revealing sensitive information about themselves. These often ask you to click a link and enter your data there. Below you’ll find an example of a suspicious link; notice how the destination URL doesn’t match the one that is displayed.
Email spoofing is when a fraudulent email from a well-known source, such as Shopee or the post office, tries to trick a user into doing an action like completing a payment.
Spear phishing refers to emails designed to be from someone you know, with some encouragement to click a link or otherwise trigger malware to be installed on the computer.
Whaling is a type of spear phishing attack that is aimed at CEOs or high executive officers with threats of legal ramifications if left unaddressed.
Advertisements are emails offering products or services. The offers may even be legitimate, but they are often unsolicited and it can take a lot of effort to stop them.
Chain letters: Emails stating that you will receive bad luck if you don’t forward to 5 of your friends. This is a practice that has evolved and is practiced with social media posts.
Protection against spam
Some good news is that email providers now offer filtering options that will protect users from spam. This includes:
Automatic and continuous virus scanning which continually scans content for spam.
Connection filtering monitors the sender’s profile and only allows reputable sources in.
Filtering functionality that relies on lists of domains and sites that are either allowed or not allowed through.
Quarantining is when suspect messages are labeled as dangerous and kept separate for further investigation.
All of these filters can be configured using transport rules. These rules determine which filters are applied and how stringently the email is vetted. Emails labeled as spam can then be used to train a filter to exclude emails exhibiting specific unwanted characteristics automatically.
So what should Sam do if an email suspected to be spam is received? Even though not all spam email is harmful, they can quickly cause your inbox to fill up, distract you from important emails, or disrupt your workflow, so they should always be reported. Reporting the potential spam email should be done even if Sam is not sure it is spam. Most email clients have report buttons that can be clicked.
In more advanced settings, it is possible to report an email and have a company policy where all reported emails are investigated and pronounced spam or otherwise. In this way, Sam can protect the business from spam by using help from professionals and any specialized IT staff working at the company. The image below displays where the ‘Report’ button can be found within the Outlook web app:
