New security statistics reveal that spam is one of the most common methods used to distribute malware to potential victims. Because of the high click rate, malicious email messages continue to be a preferred technique among cybercriminals.
F-Secure researchers recently revealed that spam remains the most common method of spreading malicious URLs, scams and malware more than 40 years after the first email spam was sent. As explained by says Päivi Tynninen, Threat Intelligence Researcher at F-Secure:
“Email spam is once again the most popular choice for sending out malware. Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.”
“During the past few years, it’s gained more popularity against other vectors, as systems are getting more secure against software exploits and vulnerabilities,” the researcher added.
What Do the New Spam Statistics Reveal?
The new statistics indicates that spam email click rates have increased from 13.4% in the second half of 2017, to 14.2% in the first half of 2018. Why does spam continue to be such a successful method deployed for malware distribution? Browser and OS security has definitely improved and as a result, it is more difficult for threat actors to use exploit kits and security flaws. This has led to spam being the most preferred infection method for many malware operators.
A Kaspersky Lab report for 2017 revealed what were the most common scam topics included in spam campaigns. As usual, and as is the case with the most common online scams in the wild, spam emails rely on hot topics to successfully trick potential victims, and this was indeed the case last year.
Some of the most common topics in spam messages in 2017 were natural disasters such as hurricanes Irma and Harvey and the earthquake in Mexico. Scammers pretending to be from Nigeria continued to spread messages asking for assistance in obtaining inheritance of deceased relatives. However, one topic stood out in 2017, and it is the topic of cryptocurrency. There were plenty of spam campaigns built on the hottest topic of Bitcoin and altcoins.
Types of Scams Used in Spam Messages
As for 2018, F-Secure statistics show that a prevailing number of spam messages were based on dating scams. Of the spam samples the research team has seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.
The researchers also discovered that just five file types make up 85% of malicious attachments. These files are ZIP, .DOC, .XLS, .PDF, and .7Z.
It is interesting to note that spammers haven’t come up with a new and more efficient method to make it more successful. Apparently, in contrast with the high click rate, spam is not as efficient as its creators would like it to be. As explained by F-Secure, “the technique still relies on spewing out massive numbers of emails in order to snare a tiny number of users.“
To make their campaigns more luring to potential victims, spam operators rely on several clever psychological tricks, such as:
– The probability of recipient opening an email increases 12% if the email claims to come from a known individual
– Having a subject line free from errors improves spam’s success rate by 4.5%
– A phishing email states that its call to action that is very urgent gets less traction than when the urgency is implied.
URLs Instead of Malicious Attachments
A notable discovery for the first half of 2018 is that rather than just using malicious attachments, spam often features a URL that directs the user to a harmless site, which then redirects them to a site hosting malicious content.
The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible, explained Päivi.
“And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”