(And no, I’m not talking about that bouncy, pink, pseudo-meat stuff..)
I’m talking about unsolicited, junk, probably virus & malware-laden, email. You get them, I get them, and to paraphrase Oprah, “everybody gets them!!”.
Combating SPAM, and it’s more evil cousin PHISH, emails is a major part of my job. I’ve talked about Phish emails before, so this time I want to concentrate on Spam. I’ve given you a basic definition of just what Spam is in the opening of this post. So let’s talk a bit more about what the differences are between Spam and a Phish.
Spam may be benign. It doesn’t always have a malicious intent. It usually does, but not always. Phish emails, on the other hand, will always be malicious. The main job of a Phish email is to get you to click on a link or open an attachment with the express intent of infecting your PC (doesn’t matter if you have Windows, Mac, ChromeOS, or even Linux – you can be infected).
Most Spam you see are nothing more than advertisements trying to get you buy something. Consider an email from the retail giant Amazon. Now I do buy a lot, and I do mean A LOT, of stuff from Amazon. But, unless you specifically set your preferences not to send you marketing emails, you will get email after email from them with something similar to whatever you just bought or even just browsed. While this is not considered “Spam” outright, it very well could be. Did you ask Amazon to send you recommendations? Probably not. But if you didn’t opt-out of their marketing emails when you created an account, they are legitimate emails. However, any commercial emails that you didn’t ask for are completely Spam. Unfortunately, you cannot claim emails from your Grandmother with her award-winning Tuna Casserole recipe, that you didn’t ask for as Spam. Or in my case, emails from family members asking computer questions. I’m usually the one sending them recipes. But not for Tuna Casserole. That stuff is vile, and if it’s not already outlawed by the Geneva Convention, it should be!
Now here’s a sticking point. Emails that you have not signed up for (Spam), but come from a “reputable” source, a store you frequent, or a website you visit regularly. Do you use the “unsubscribe” link or button in the email? NO! If you’ve never given this entity your email address NEVER click the unsubscribe link or button. This only tells the scammer behind the Spam that this is a valid email address. Plus, since this is a directed email (it has now become a Phish, or even a SpearPhish, email), the link to unsubscribe most likely will take you to a malicious website or even go so far as to download something to your PC without your knowledge or permission!
Here’s an example for you. Last summer my family spent a week at Disney World. Since we did all the reservations and set up stuff via their website, I was added to many, many of Disney’s email lists. I expected it (although not quite as many as I ended up with – the sheer volume of unsolicited emails was staggering!). For those emails, it was safe to unsubscribe.
Now here’s a more troubling example. For this, I will use my work email. As I mentioned before, one of my main duties is PC Security. For this task, I have several tools at my disposal. I can Phish my end users with templates that are very realistic. But for the purpose of this post, let’s talk about the Spam I receive.
Every day I receive, on average, about 5 Spam emails. These are not any mailing lists that I’ve signed up for, nor are they any company I’ve ever had any dealings with (I think my email address was sold to some advertising/marketing company, sadly). It appears that the rest of the world seems to think that I am the compliance manager for the city I work for. Or at the very least, they hope I will forward on the constant emails about software and/or websites that can make my compliance work so much easier. Add to that, the emails from “LinkedIn” that somebody wants me to join their network (Hint: my work email, nor my personal email is not on LinkedIn!) and I could spend much of my day just adding folks to my junk sender list. Thankfully Outlook takes care of most of it for me. The ones that are not already added to my list just take a simple right click and blocked!
So, how can you avoid Spam emails? The easy answer is, you can’t. But you can cut out a lot of it. Think about all the emails you get every day. How many are from stores you visit? Do you really need to know what is on sale every damn day? They all have websites you can visit when you need or want a specific item. All these emails are trying to do is entice you to buy something you probably don’t need or really want, but they have too many in stock. Mainly because nobody needs or wants it in the first place! Save your money and go buy a good book or go to the movies!
When you create an account on a website, hopefully for something important, look at each step of the creation. There will be (or at least there will be IF the site is legitimate) boxes to check to either opt-in or opt-out of various offers, email lists, etc. This also is important if you ever download and install a program from the web. One great example of this is the free Adobe Acrobat Reader. This is a very good legitimate program, considered the “standard” for reading PDF (Portable Document Format) files. But, on the install page, there is always a bonus free program. Sometimes it’s Google Chrome (my favorite web browser), and sometimes it’s an anti-virus program (McAfee seems to be the favorite). While both of those examples are basically fine to download, there are somewhat more nefarious downloads that hide malicious programs, masquerading as something else, hoping to infect your system. So, “Think Before You Click”! That’s good advice for anything internet related.
And just so you know, Spam is not a new thing. This image shows a capture of a letter-to-the-editor from the May 30th, 1864 edition of The Times of London.
Sir,—On my arrival home late yesterday evening a “telegram,” by “London District Telegraph,” addressed in full to me, was put into my hands. It was as follows:—”Messrs. Gabriel, dentists, 27, Harley-street, Cavendish-square. Until October Messrs. Gabriel’s professional attendance at 27, Harley-street, will be 10 till 5.” I have never had any dealings with Messrs. Gabriel, and beg to ask by what right do they disturb me by a telegram which is evidently simply the medium of advertisement? A word from you would, I feel sure, put a stop to this intolerable nuisance. I enclose the telegram, and am, Your faithful servant, M.P. Upper Grosvenor-street, May 30.
~ The Times Of London, 30 May 1864
Source: Stu Sjouwerman (@StuAllard) CEO KnowBe4 (@Knowbe4)
I think I’ve taken enough of your time with this post. Please ask any questions or leave a comment below (not on the various social media sites this will be linked to). I will be happy to give any resources I have to help you be safe.
Thanks, and happy (and safe) interneting!!