Introduction

Since its invention in 1971, email has become an indispensable part of our lives; it’s where we organise work-related tasks, the weekend barbecue, but also where we share photos and videos of important events. One, if not the only, positive aspect of the COVID pandemic is the rise of remote working, which has boosted digital collaboration, with tasks and meetings now organised by email.

In 2023, 347.3 billion emails will be sent out globally every day (4 million emails per second), of which around 40-45% will be spam. Google alone identifies and blocks 15 billion emails a day as spam. And this number is growing every year.

Spam is unsolicited, usually commercial, which is sent to a large number of recipients or published to them. So spam, or unsolicited messages, is not just email, it can be SMS or other messages sent via other platforms, either marketing or phishing. 36% of spam emails are marketing emails, while 31.7% are adult content, 26.5% are financial inquiries and only 2.5% are fraudulent. So, a good proportion of messages are marketing enquiries, but phishing may also be behind the spam.

It’s good to know that 96% of phishing attacks are spread via email. By 2021, according to US surveys, 83% of businesses have faced successful email-based phishing attacks, while 39% of individuals said they had received at least one suspicious email attachment.

Threats

Unsolicited mail is not a serious threat in itself, as long as we do not click on it.

There is a good chance we won’t even encounter them, as the most popular email providers use spam filters based on artificial intelligence (AI) and machine learning (ML) to filter out spam. Such services are offered by the most popular mobile phone companies, as well as by these popular apps.

However, if spams do get through the filters and we click on them, we could be in real trouble. For one thing, there is usually fraudulent intent behind marketing enquiries and good-sounding offers. Phishing emails target four things:

• our organisational data (login credentials, e-mail address, password)
• personal data (name, date of birth, address, etc.)
• our financial data, banking information (credit card number, exp. date, CVC)
• other user account information (username, e-mail address, password for services)

By using this information, fraudsters can carry out transactions and account operations on our behalf that can cause serious financial damage even at home, but by bypassing organisational information, the damage can be multiplied. The attackers can give away our email account login details, Netflix account details or credit card details for a few dollars. But our organisational login credentials can be worth much more than that.

In addition, spam mail can also contain attachments with malicious code. These can be compressed files, executable files or even document files. Opening an attachment can contain malicious code can cause very serious damage to us or our organisation with a risk of several days of downtime.

Advices

To avoid falling victim to phishing attack or offers that sound too good to be true, always follow these guidelines:

• do not open messages (e-mail, SMS, other) from unknown senders, and do not click on the links in them,
• do not open or download attachments to messages (e-mail, SMS, other) from unknown senders,
• always ask yourself whether you were expecting such a request/offer or message,
• be sceptical of offers that sound too good to be true, because what is too good to be true is usually not,
• always check links and clickable references by moving the cursor over them to see the full URL, or check the URL on Virustotal,
• do not open links that contain shortened links (e.g. t.ly/MsbY) or QR codes,
• if the email has been sent to your organisational email account, report it to the person(s) responsible for IT security before deleting it, as it could be a precursor to a sophisticated attack later on.

Source: 23 Email Spam Statistics to Know in 2023 (mailmodo.com)