Home > General > Millions of users open spam emails, click on links

Millions of users open spam emails, click on links

How many users access spam emails, click on the links found within, and open attachments intentionally? Why are they doing it, and who are they holding responsible for the spread of malware and spam in general, in between conveniently excluding themselves?

A newly released survey from the Messaging Anti-Abuse Working Group (MAAWG), summarizing the results of the group’s second year survey of email security practices, offers an interesting insight into the various interactions end users tend to have with spam emails.

Key findings of the survey:

  • Nearly half of those who have accessed spam (46%) have done so intentionally – to unsubscribe, out of curiosity, or out of interest in the products or services being offered
  • Four in ten (43%) say that they have opened an email that they suspected was spam
  • Among those who have opened a suspicious email, over half (57%) say  they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident
  • Canadian users are those most likely to avoid posting their email address online (46%).  Those in the U.S., Canada and Germany are most likely to set up separate email addresses in order to avoid receiving spam
  • Many users do not typically flag or report spam or fraudulent email
  • When it comes to stopping the spread of viruses, fraudulent email, spyware and spam, email users are most likely to hold ISPs and ESPs (65%) and anti-virus software companies (54%) responsible
  • Less than half of users (48%) hold themselves personally responsible for stopping these threats

It’s interesting to see the paradox of end users blaming ISPs and antivirus vendors, whereas 43% of the surveyed users said that they have accessed spam emails, and that they do not typically flag or report these emails.

What the majority of the survey participants appear to be unaware of, is that, despite the fact that since early days of spam, spammers have been attempting to verify the validity of the emails using DIY tools, on their way to unsubscribe themselves, the users are actually confirming that their email is valid.

In short, it means even more spam.

Moreover, the survey indicates that a common misunderstanding among end users, is still dominating their perspective of spam in general. Nowadays, spam is no longer a mass marketing channel for counterfeit goods/pharmaceuticals only.

Spam is both, an infection and propagation vector for malware campaigns in general, with an interesting twist – the most aggressive Zeus crimeware serving campaigns for Q1, 2010, were optimizing the traffic they were getting through the spam campaigns, by embedding client-side exploits on the pages, next to actual malware left for the end user to manually download and execute.

The most extensive study of end user’s interaction with spam emails, was conducted in 2008 (Spamalytics: An Empirical Analysis of Spam Marketing Conversion), showing that users not only click on spam links, but that they’re actually buying dangerous counterfeit pharmaceuticals:

  • After 26 days, and almost 350 million email messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of  $2.731.88 — a bit over $100 a day for the measurement period or $140 per day periods when the campaign is active. Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year.
Categories: General
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: