Cutting down Spam Emails
Protecting users from email spam is an ongoing battle - there’s no single way to block every single spam email while ensuring that legitimate mail isn’t blocked. Even with the best email filtering services available, spam messages can occasionally get through. As such, it’s important to be able to recognise spam emails, whether you’re at home, in school or at work.
In a lot of cases, people can detect spam more effectively than digital processes - when a message gets through any filtering you’ve set up, it’s often instantly recognisable as spam. However, that’s often not the case, and can lead to a false sense of security when less noticeably false emails get through.
In this blog, we’ve put together some information to help you minimise the effect of spam emails - we’ve started off with a look at some of the most common forms of spam, and followed up with some best practices for recognising spam.
Major Types of Spam
One of the many factors that complicates blocking spam is the sheer diversity of message content found in the emails. While there’s a vast number of different approaches around, many messages fall into the following categories:
Phishing: One of the most dangerous kinds of spam, phishing emails claim to be sent from some legitimate source (for example, Amazon, HMRC, and eBay), yet are actually from spammers, looking to pick up your passwords, personal info, card details and more. Most phishing emails will copy the layout of legitimate emails, which can make them difficult to identify.
Spearphishing: A subset of phishing, spearphishing mails are designed to target a specific person. As an example, a company director may receive an email claiming to be an unpaid bill - with some malware embedded in an attachment. Again, it can be difficult to determine whether one of these emails is legitimate or spam.
’Personal Messages’: You’ll often see emails that seem to be addressed to you, whether they’re offering digital services, free money, or claim to be particularly impressed by your looks. Of course, practically all of these are fake. Again, there’s often malware included in any attachments, while other emails are designed to solicit personal details.
Adverts: A lot of spam takes the shape of adverts for semi-illicit objects (‘personal enhancements’ and the like). While these emails are pretty much always identifiable, they may contain malware, and the products they advertise are, unsurprisingly, useless.
Recognising and Preventing Spam
As we’ve said, a lot of spam can be quickly recognised by the reader. There’s a few tell-tale signs that crop up in a lot of the emails - even the ones that get through:
Particularly bad grammar - Most spam emails are automatically created by bots, or are written by users with English as a second language. You’ll tend to see words with the wrong ending, uncapitalised words, and poorly constructed sentences more often than you’d expect - the picture below shows a recent example.
Unusual senders - While an email may claim to be from Amazon, it may actually be sent from practically any address, trying (more or less successfully) to mask itself as a legitimate email. The picture below shows an obvious example, but spam is often better disguised - you might see an email from an address including Amazon, for example (something like firstname.lastname@example.org).
Suspicious domains - Connected to the last point, you’ll often see spam emails claiming to link to some legitimate site - a portal for claiming tax refunds, for instance. When you look at these links, they’re often to domains that aren’t connected to the organisations they represent - though it can occasionally be difficult to tell. It’s worth remembering that, if an organisation is actually trying to get in touch, you’ll almost always be able to get in touch through their actual website.
Questionable attachments - Practically every attachment on a spam email contains malware of some kind - don’t open files attached to emails you aren’t sure of.
However, a lot of spam isn’t quite as obvious - we’ve seen some examples that are practically indistinguishable from the real thing. The best way to avoid damage from spam emails is to be cautious at all times.
There’s quite a few parts to this caution - we’ve focused on 3 major points:
Think twice - By taking the time to think about what’s in an email, you might notice something unusual, which can indicate that it’s a spam email rather than what it claims to be. Don’t immediately click on links or download attachments - stop and take a look first.
Use unique passwords - If you’re using a single password across all of your online accounts, there’s only a single point of failure for all of them. If you fall for a phishing email, spammers will get practically unlimited access to your accounts. By using unique passwords, you can minimise the potential effect that phishing can have.
Keep secure backups - A lot of the malware attached to spam is ransomware - it encrypts everything it can, charging a fee to restore it. By using a secure backup system, it becomes far easier to restore your system, ensuring that important data isn’t lost.