Email spam continues to rear its ugly head at every turn for businesses and users. The lure of flooding millions of inboxes with junk remains a major lure for spammers, who only need a tiny percentage of people to respond to turn a profit.
When online dating goes sour
The hacking of The Guardian’s Soulmates online dating service provided rich pickings for scammers recently, leaking millions of email addresses. Scammers threatened to expose those who had signed up for the lonely heart site or simply signed them up to many “racier” services to flood their inbox.
How many workers use their business email account for these, gambling or other sites, so those emails steer clear of home PCs and devices? Either way, many users were frantically cleaning out their inbox of spam email to avoid embarrassment, and while the threat of exposure remains very small for any individual, it highlights the risk of people using their main email account to sign up for the many non-curricular activities that they may subscribe to.
Many social or media services that users have signed up to have been hacked over the years. Those email lists are put up online for spammers to buy and use. Which is why a site like Have I Been Pwned is useful to find out if an email address has been compromised.
WannaCrypt’s next generation will use spam
More seriously for IT departments and small businesses, there are signs that the next batch of hacks similar to the WannaCrypt malware that brought down the NHS are ready to fly. Rather than infecting business networks, the amateur hackers known as script kiddies will use email in their millions to try and lure people to click on an attachment that will then lock away business documents and data in return for a Bitcoin ransom.
Spam security is essential for keeping these files away from users who may not be alert all the time when it comes to a tempting email attachment or script. Rather than target specific businesses, as the original WannaCrypt ransom artist did, the next batch will be spread far and wide and could pose an even greater risk. Examples of new WannaCrypt-like malware are already being traded across the darker backwaters of the Internet. All it takes is one of them landing in the wrong email inbox and your company could be at risk.
That risk will only grow now that many of the techniques used by spy agencies are out in the wild for scammers and spam merchants to use. Their aim was broadly similar to the scammers, to get files onto a target’s PC unnoticed, but while the CIA, MI5 or NSA went after specific terrorist targets, the scammers can use spam to rapid fire their malware across millions of PCs and mobile devices. The only way to defend against these upcoming threats is to block them at the entry point to your business IT.