Article - Rise of Malicious Spam (1)

The rise of malicious spam

Gayther Articles - Community

Malicious Spam


Unsolicited Spam or Scam mail has been around for a long time, however over the past five years the messages are getting darker and more frightening, but what do you do if you receive a malicious spam message?



AVERAGE READING TIME:  10 minutes

Unsolicited Spam or Scam messages, as they are known, are any messages you receive that will have two or more of the following characteristics: -

  • Unsolicited – this means that you never asked for or gave your permission for your email address to be used. You didn’t sign-up for a newsletter or gave a company or individual permission to store and use your data
  • Used to Deceive – unlike unsolicited, where there can be legitimate ways in some countries to message without consent, spam messages are different as they are typically used to deceive or trick you. This is probably the most important characteristic, as the message might look like a genuine offer, an email from a trusted brand such as your bank or a company that you have shopped with before; however, all of the links and messaging is designed around obtaining your login or related financial information, The straightforward rule to follow is that if it is too good to be true, it if often is fake
  • No personalisation or generic – when you receive emails from companies that you know, the email usually contains information about you, typically your name, email address and even sometimes account information. The email will be around and contain content customised to your preferences and some form of personalisation. Whereas spam is the complete opposite, often generic and non-personalised
  • Looks like, but isn’t compliant – the message will likely have no unsubscribe option, an unsubscribe link that doesn’t work or when you submit a request to unsubscribe, it goes ignored. Real companies legally have to provide both a link and respect your request, often within ten working days from receiving the request
  • No contact or company information – spam is usually used to deceive, so emails will likely have no or false contact information. If you search the email or physical address, you will often find that they do not exist or they are not registered to the company mentioned in the email
  • Misleading email subjects – Spam is all about getting your attention and getting you to open and act on the content, so often the email subject will not relate to the body or main part of the email. Titles such as you have won, or your account is locked are all designed to grab attention

Historically spam messages were easy to spot, email and subject titles like you are a beneficiary, meet local men and woman and a trusted friend were a common sight. The messages always involved clicking on a link or emailing back with your bank details, though some may have been fooled, the majority were not. Spam emails have been evolving and are getting much more sophisticated. Often, I receive messages from well-known banks or order confirmations from companies that I have used before, at first glance they look genuine; however, you quickly remember that you hadn’t placed an order or your bank has never sent an email like that before. Though a lot more deceptive, there are little clues in the message, often poorly written text, as many seem to be written by non-native English speakers, poor quality images and missing footer information within the email. The emails will contain certain personal information about you, but it is never quite right, maybe an old password (which no company would normally send) or just your first name. These more sophisticated messages fooled many, not because of the quality of the email, more that it was playing on the fears of the receiver.

When you thought it couldn’t get worse. People over the past few years have begun receiving emails that look genuine and are extremely scary. The message would start with that the fact that your pc or laptop had been hacked months ago and that they have been watching your every move for months. Fear immediately sets in, as this is possible, most have heard of large companies being held to ransom by hackers in the past, so they believe that this has happened to them now. The email may even look like it was sent from your email address and contain a password that you use or have used before. The email goes on to say that they have recordings of you in a compromised situation, calling you a pervert, even providing the title of the file they have on you. You are then given a cryptocurrency address and told that if you don’t pay thousands of US dollars to that account within 24 hours, the video would be sent to all your friends and family – then you suddenly remember that your computer has your contacts list, making the threat even more real to you. Receiving these sorts of messages are scary, extremely convincing, and the fear can make you less rational, especially when they are sharing a password that you use or have used.

The extortion spam messages have been extremely lucrative to these criminals, and they have made millions worldwide by tricking people, however before parting with your money – THINK

How was your information obtained?

Frequently featuring in the news are stories of well-known companies that have been hacked and which their user’s information has been compromised in some way. The companies warn customers to change passwords; however, once the site has been hacked, your information is now out there, sold on the dark web and used in these types of deceptive campaigns. Your compromised data will likely have your name, email address and even your password, which explains how it was shown within the email.

So that will often explain the most likely method of how they got hold of your information. If you are unsure how your data may have been compromised, you can check your address on free services such as Have I Been Pwned (https://haveibeenpwned.com/), which searches all of the data sources made available on the dark web and other sources where your data was compromised. If your email address is found, you will not only establish how your data was compromised but also how it was made available to the scammers.

So, it is not your fault, going forward make sure you do not use the same password for all of your accounts and if you suspect your account has been hacked, change the password immediately. If the email service you use offers two-factor authentication, switch it on, as it is an additional way of securing your account, which helps to stop it from being compromised in the future.

What do they have on me?

If your pc or laptop has one of the newer or latest operating systems, antivirus software, some form of firewall enabled (Windows Defender comes free with Windows 10) and you are connecting through a private network, it is unlikely you were hacked. If your camera had been activated, you would have typically seen the light come on, so if you do not remember seeing the light, then it is likely it was never accessed. To protect yourself in the future, you should place some tape over the camera when it is not in use.

So, in all probability, you were not physically hacked, and they are hoping you will be tricked into believing you were and that you will part with your money.

But the email was sent from my account, so I must have been hacked right?

Was it though…the short answer is likely no. Just because the name in the address field and email address shown is your email address, it does not mean it was sent from your account. Most email clients allow you to configure the from name and even the email address, however with a little investigation will quickly show that it was probably sent by a completely different email address altogether. The easiest way to know for sure is to look at the message header. The process for viewing the message header is different for the various types of email software and systems that you use; however, Media Temple (https://mediatemple.net/community/products/dv/204644060/how-do-i-view-email-headers-for-a-message) have created simple to follow guide for each of the popular email software types.

When you are looking at the message header, try to locate the “received from” field and check the email address located within that field, is it the same address as per the email? If not, then your account was not hacked. When sending an email, you can easily trick the email client into displaying a defined name and email address, and if they had entered your email address without going through your service, then the message would have been rejected. It is easier for them to use a throw-away email address and pretend to have sent it from you.

That does not mean that your email can never be hacked, especially if you use the same password for all your accounts. If you believe you have been hacked, the best thing to do is to immediately change all of your passwords and get in touch with your service provider (if possible) as they might be able to assist.

The bottom line is that spammers rely on bulk messaging, sending out thousands even millions of messages each day, in the hope that just 1% of people fall for the scam. With bulk messaging they want to put in the minimal amount of effort, so hacking your account would have taken too much time and effort.

I can’t risk it, and should I pay?

If this is genuine, ask yourself a few simple questions:

  • Have I seen even a sample of the recording? If it is genuine, they would likely send you a screenshot to prove that it is real
  • If I pay, would they probably come back to me again and again? The answer is yes, and they will keep coming back until you can’t pay any more or refuse
  • What would happen if a message was sent? Likely nothing, you could explain it away, tell friends and family it is fake, doctored, even sent to someone you met who is now trying to extort you etc.

So, breath calmly and think carefully…. let the deadline pass and see what happens, likely nothing. When it comes to extortion, I think the best example was that of the Amazon founder, Jeff Bezos. Naked pictures of him ended up in the hands of people trying to blackmail and extort him, so he went to the media and told the world that the photos were his and he didn’t pay the criminals a single cent, he gained a lot of international respect for his approach.

Can I go to the police?

Yes – the email will likely tell you not to, that they will not be caught, but this is not true. Every email is traceable; it just takes work to find the source from where the email was sent, but it certainly is not impossible. In terms of nothing happening to them, citing they live far away from you etc., however, that is also not true. Criminal activities, even spam is a global issue, and many countries work together to fight these types of malicious activities. If the individual or company is part of a major criminal network, then they could be in a country that has an extradition arrangement with your country, which means they could be handed over to the police in your country or if someone from another country reports them, then their country might have an extradition order when your country does not. Harmful, deceitful and extortion related emails and activities are all illegal in many countries, so they are banking on your silence

I know you might be scared, but you are not alone. The adult entertainment industry makes millions each year because you are not the only person to have watched a video online. Before you are fooled, take a moment to think, follow and refollow the steps outlined in this article.

You are not alone, others have been fooled, ensure that you mark this down as a convincing spam email and not an ongoing extortion issue. I hope it all goes well for you.

Learn more about the author
Atilla is passionate about writing and has spent his career writing technical documentation within large corporations. It was a career break in 2016, that gave him the opportunity to create his first fictional book, Cypriana. A well-travelled individual, visiting over 50 countries, has provided him with opportunities to not only have a wealth of experiences, but to also observe a broad range of characters, and personalities

|

Important: The published articles have been written by members of the general public, and many will likely not be journalists nor be affiliated with any professional bodies associated with members of the media. The articles will likely be based on the authors own opinions, views and experiences and Gayther does not endorse nor accept any responsibility or liability with regards to any of the materials within the news and media pages.