Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Spam Is Still the Choice of Online Criminals, 40 Years Later

July 2018 by F-Secure


Online criminals have gotten savvier but they’re
still relying on the same old tricks they’ve been using for decades. F-Secure
research shows spam remains the most common method of spreading malicious URLs,
scams and malware more than 40 years after the first email spam was sent.

“Email spam is once again the most popular choice for sending out malware,” says
Päivi Tynninen, Threat Intelligence Researcher at F-Secure. “Of the spam samples
we’ve seen over the spring of 2018, 46% are dating scams, 23% are emails with
malicious attachments, and 31% contain links to malicious websites.”

Spam has been one of the main infection vectors for decades, Päivi notes. “During
the past few years, it’s gained more popularity against other vectors, as systems
are getting more secure against software exploits and vulnerabilities,” she says.

The technique still relies on spewing out massive numbers of emails in order to
snare a tiny number of users. And criminals continually refine their tactics to
deliver to better results.

“Spam is becoming an increasingly successful attack vector, with click rates
rising from 13.4% in the second half of 2017 to 14.2% in 2018,” says Adam Sheehan,
Behavioral Science Lead at MWR InfoSecurity, the creators of phishd, a service that
monitors and improves businesses susceptibility to phishing and other data-related
attacks. MWR InfoSecurity was acquired by F-Secure in June of 2018.

While spam is a numbers game, MWR InfoSecurity’s effectiveness model has
identified certain tactics that play on recipients’ psychology to make spam more
potent:

The probability of a recipient opening an email increases 12% if the email claims to
come from a known individual.
Having a subject line free from errors improves spam’s success rate by 4.5%.
A phishing email that states that its call to action is very urgent gets less
traction than when the urgency is implied.
Criminals are not just relying on the content of spam to trick users. They are also
using new methods to infect users who are wise to the dangers of clicking on
unsolicited attachments.

“Rather than just using malicious attachments, the spam we’re seeing often
features a URL that directs you to a harmless site, which then redirects you to site
hosting malicious content. The extra hop is an analysis evasion method for keeping
the malicious content hosted for as long as possible,” Päivi says. “And when
attachments are used, the criminals often attempt to avoid automatic analysis by
asking the user to enter a password featured in the body of the email to open the
file.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts