Spam – the well-known pain in the neck

Table of Contents

What is SPAM?

Jeanyone who uses an e-mail account today knows the term - one is bombarded with it every day. Spam (also called junk mail) causes huge economic damage worldwide.

Spam is either an attempt to get you Malware (viruses or Trojans), someone earns money from you by displaying several hundred pop-up advertising banners, or attempts are made to trick you into entering sensitive data (such as bank account, etc.). The spam often contains a link that takes you to a prepared web page; which in turn is used to spread ransomware. Ransom means ransom, and that's what happens: Through Ransomware the recipient loses access to his data, in the worst case all members of the domain and - if at all - only released again by paying a ransom (in virtual currency, e.g. Bitcoin or Monero). One of the best-known ransomware attacks was “WannaCry” in spring 2017; several hundred thousand computers were affected. Spam isn't just annoying because it clutters up your inbox unnecessarily. No, spam can sometimes be dangerous. Spam emails can contain potentially dangerous scripts that, among other things, spy out access data and/or passwords. Classic examples of spam can be found on the BSI website
Do you want to test the security of your IT under real conditions?
With our penetration test we will find your weak points!
More about the penetration test

How does the spam sender get to my email address?

There are several ways an email address can get into the hands of a spammer:

Giveaways

Most sweepstakes these days require you to provide an email address

address dealer

Address data is lawfully purchased and resold to other companies, including for promotional purposes

Guessing email addresses

A large part of the e-mail addresses is guessed, since there are e-mail addresses that are present in almost every domain, such as postmaster@desired name.de or info@desired name.de

Harvester (German: harvesting machine)

These are small programs that search websites specifically for e-mail addresses, e.g. from guest book entries or the imprint of websites

Spammers usually send their message to several million recipients via purchased botnets or misconfigured mail servers, knowing full well that only a very small percentage of recipients read/open the emails and thus fall into the trap.

Therefore, sending is relatively cheap for the spammer; the majority of the transmission costs are borne by the provider and recipient. Every byte of spam that is transmitted costs the companies and Internet providers hard cash, since they are not charged for the time but for the volume of data.

If there is a high volume of junk mail received, corporate servers may even fail completely. Additionally, the junk mail creates additional energy and time/effort for companies to maintain their spam filters to keep them up-to-date. It is estimated that over 90 percent of all e-mail messages worldwide are spam e-mails.

Development of the share of spam mails in companies worldwide (January 2018 - December 2019)

survey spam share worldwide in companies

What types of spam are the most common?

Unsolicited promotional email

Unsolicited commercial email (UCE) is any type of unsolicited commercial email that is sent. Typical examples of UCE are questionable offers or offers that appear to be particularly cheap, for example sexual enhancers, online gambling casinos, pornography, financial services, medication, etc. UCE is even partially legal in Germany.

Backscatter (the term originally comes from physics and means "backscatter")

E-mails that are generated in response to an incoming e-mail and delivered to an uninvolved third party are referred to as backscatter. Backscatter is often triggered by malware or spam e-mails, since fake senders are usually used here.

Spam over Internet Telephony

Spam over Internet Telephony (SPIT for short) are unwanted and automatically recorded calls via VoIP.
It's rare, but unfortunately it still happens. You always notice this when you let your answering machine accept all missed calls.
Telephone connections are set up automatically. The moment you accept the call, the audio data is imported via the RTP protocol. These are mostly recorded advertising messages, but also requests to take part in dubious competitions with the lure of high prizes under a fee-based telephone number.
Banner ads on websites are also spam. With one click you can trigger an avalanche of pop-ups as well as catch malware.

And then there is spamming in forums or on social networks. Since there is a large audience here, the spammer uses automated bots that post advertisements and links to websites in the comments. However, such comments are usually recognized quickly and deleted again.

Forecast for the number of emails sent and received daily worldwide from 2020 - 2024 (in billions)

survey spam share worldwide in companies
Would you like more information about IT security?
Just give us a call or use our contact form!
Contact us now

What measures are there in the fight against spam?

At every point where spam is generated or transported, measures can be taken to at least reduce the amount of spam.

Today, basically every e-mail program already has an integrated spam filter that recognizes advertising e-mails in advance and sorts them out directly, i.e. moves them to the spam folder in your inbox. Spam filters directly at the e-mail provider have the advantage that the recognized spam e-mails are sorted out before they are delivered. This saves bandwidth and your own mailbox.

Configuring spam filters in such a way that they are tailored to the user/user group has high success rates (false positives can usually be completely excluded and false negatives can be reduced to 1% to 10%), but the one-off effort is very high and you need it expertise. In addition, the filter must be constantly adapted to the new methods and types of spam.
Heuristic spam filters learn to recognize and sort out spam based on various characteristic features. You will learn the difference between "HAM" (desirable mail) and "spam" (unsolicited mail). Here, too, the user must always keep a watchful eye on the "sorted out" messages - sometimes "clean" e-mails are wrongly filtered due to one or the other feature.

A combination of local and network spam filters is effective protection.

PSN Icon Clipboard

Criteria according to which spam filters sort out unwanted messages are, for example:

  • Known IP addresses of spammers from published blacklists
  • the corresponding reverse DNS entry of the sending domain
  • abnormal sender addresses
  • Striking text in the content or subject line of an e-mail or unusual content in the e-mail body
  • the SPF entry of the supposed sender (without an SPF entry, all incoming mails are "waved through"). You should of course also check the entry yourself
Icon shield

The best protection against spam is and remains prevention!

  1. Make sure that further use of the contact details is indicated. You should only pass on your address if you trust the information provided and you agree to the intended use
  2. Choose an email address so that neither your first nor last name or your date of birth appears in it. This makes it difficult for spammers to capture addresses
  3. Get a separate email address for your internet business, participation in internet forums, guest books, newsletters, etc. In this way you can keep your email address, which you use for professional or private contacts, free of spam as far as possible
  4. To protect your computer, install an antivirus program and keep it up to date.
  5. If you are sending an email to multiple recipients, use bcc (Blind Carbon Copy); so you can protect the addresses of your contacts.
  6. If you want to continue to participate in sweepstakes on the Internet, use disposable addresses or alias addresses.
  7. Never respond to a spam email. This means: never click on links or images contained in the email. Images and other files may contain potentially dangerous scripts. It's best not to click in the body of the email at all.
  8. Never reply to a spam email. This confirms that the email address is valid and actively used. Under no circumstances should you open attachments to spam emails, they almost always contain malware.
  9. Don't fall for subject lines that encourage you to take action (e.g. account suspension, PayPal account, Amazon account, etc.)
  10. E-mail senders can be forged very easily. A healthy dose of suspicion with any incoming email is appropriate; regardless of whether the sender is known or unknown! It is better to check with the sender (if you know the sender) that the e-mail you received is correct, if you suspect it. If you do not know the sender, ignore the e-mail with the probability that it is spam.
  11. If you deactivate the auto-preview option in your e-mail program, you protect yourself from the automatic execution of malware which may be embedded in an e-mail in HTML format.
  12. Evidence of fraudulent e-mails can be impersonal salutations such as "Dear customer" or "Dear customer", unusual attachments (e.g. zip file), requests for disclosure of sensitive data (bank account) or spelling mistakes in the text. So read carefully!
Icon Threat Modeling Assets

Threat Modeling: From the point of view of company-specific assets

The third perspective of threat modeling focuses on a company's assets, critical information, data, and machines and their whereabouts. Then you work out the profile of a possible attacker. You ask yourself what his motivation could be, how valuable these assets would be for him and how much effort he would have to put in to get these assets.

Detection and resilience with threat modeling

It is appropriate for companies not to choose just one threat modeling approach alone, but at best all three in order to get the most comprehensive picture of the situation possible. Because in reality, the more difficult it is for an attacker to reach his target, the more likely he will look for other and easier targets.

But not only is it important to withstand an attack when it comes, but also how to detect attacks in the first place. No matter how resilient an IT infrastructure may appear, there is never a complete guarantee that there is no possibility of compromise and it is always better to find IoAs (Indicator of Attacks) than IoCs (Indicator of Compromise).

OTHER CONTRIBUTIONS

Table of Contents