What is spam? Spam definition

Spam can obtain different forms, but it always brings undesirable things into your life. See how to recognize it and protect yourself from any unwanted spam messages.

You may be interested in taking a look at our other antivirus tools:
Trojan Killer, Trojan Scanner for Android.

Spam - Why do I receive these annoying messages?

What is spam made of?

GRIDINSOFT TEAM
How annoying these messages are! My mailbox is flooded with these nasty offers, and I sometimes struggle to understand if the message is normal or spam!. Can I solve that?

Spam became a common word in modern life. And not only because of the tasty spiced ham brand - hackers who try to earn money illegally also contributed to this. Why is that so popular and profitable? Let’s figure it out together.

What is spam?

The exact meaning of this word refers to the period after WWII. Working for Uncle Sam, the American food industry was producing the goods which could be kept for a long time without the risk of spoiling. One of such goods was spiced ham cans, branded as SPAM. Factories produced so much of it that they tried to sell it after the war - the best before date was not infinite. Huge inventories of these cans pushed the massive advertising campaign - Americans were spectating the SPAM ads literally wherever. Therefore, this name just became a common noun for any obtrusive advertising - just as a virus for any malware.

Spiced ham can - SPAM
The original SPAM - spiced ham can. It was advertised so massively that people start calling any obtrusive promotioning the spam.

Spam in the modern variant appeared long before the Internet era. People always suffered from advertisements, but in the 60-80s, these ads were in their physical mailboxes. Tons of promotions of fraudulent auctions, Ponzi schemes, some extremely attractive offers - they always were there. However, the development of the Internet gave a big punch not only to globalization but also to malicious spam.

How does modern spam work?

Spamming campaigns rarely stop on emails nowadays. Fraudsters try to reach the maximal audience they can, so you may see their messages on your Viber, WhatsApp, Facebook, et cetera. Last year, they also tried to do the same thing in Discord - but it required more ingenuity. For these cases, they usually do an individual campaign - one crook, or their affiliate, tries to win users' trust in the channel. Then, when people are at least sure he is not just a spam bot, this agent sends a spam link under the guise of something useful.

Email spam is much easier. Hackers create numerous email accounts or hijack them and then send the messages to all users in their databases. The exact email is more complicated than just a link (as it was in Discord) but easier to introduce. Usually, all spam messages try to mimic some legitimate messages. Let’s have a look at the most widespread forms of email spam.

Event-relates spam

Reached the peak of spreading after the beginning of the COVID-19 pandemic but initially appeared sometime before. Eurovision, World Football Cups, concerts of famous groups - all these stuff was a fuel for spamming campaigns. The contents look like a text stating the most recent results of the event and a link at the button. The exact link was leading you to a fraudulent website, or even to a phishing page.

Event-related spam
The email spam variant which was widespread during Olympic Games in Tokyo

Tech support spam

More new things appeared during the pandemic. Microsoft Pornographic Virus alert is an odious example, that had a massive spreading in 2020-2021. It looks like a banner on the web that claims that you have a problem on your PC, and to solve it, you must call tech support. The specified number - usually the one that belongs to the U.S. code zone - is, in fact, a redirection number. The endpoint of the call is somewhere in India - based on the speakers' accents and data from some calls.

Microsoft support scam
Microsoft Support scam - one of the classic examples of a pseudo tech support.

In this “support”, you would receive a recommendation to download and install the third-party application to fix the issue. In some cases, crooks ask you to grant them remote access to your computer. This or another way, you will receive some unwanted programs, or even full-fledged malware, on your PC.

“Nigerian Prince's letters”

One of the firstlings of the email spamming, Nigerian letters still appear sometimes. In those messages, you see the request to help the Nigerian (or from any other African country) prince to transfer the money of his royal family. You will receive a generous commission because there is no way to get this money saved from rebellions. All you have to do is send a small sum to the prince (to commit the further fund transfer). Is it worth thinking of $2000-$3000 when you would receive several million dollars instead? Naive guys think the same and don’t even think there is no money on the other side and even no Nigerian prince. Hence, it is just a sophisticated money-laundering scheme.

Nigerian Prince's letter
The classic example of what is called Nigerian Prince's letter. This one is Libyan, exactly.

Email spoofing

We have a deal with tens of different bills each day. PayPal payments, invoices from online retailers, subscription renewals - all these things drop on our emails twice per hour. Fraudsters know that and try to exploit your decreased attention. That's why such spam type is also called bait emails. You will likely pay less to no attention to another invoice from the delivery service and pay the bill. However, there is no problem with faking the message and embedding the link to the payment page the fraudsters want. You think you made the payment you must - but you just been caught on this bait. In some cases, crooks attach a link to the fake payment system page. That leads you to lose your banking card credentials.

Paypal scam
Fake PayPal invoice

Phishing and malicious spam

This tactic is similar to email spoofing but with other attack vectors. Crooks who aim at phishing are not interested in your single-time payment. Their target is your credentials. Under the guise of notifications about changed service terms, or some internal messages on your account, they try to lure you into clicking on the link. On this link, you will likely see a poorly-made copy of the login page of a supposed sender. Usually, these fraudsters mimic the banks, social networks, or online services with paid subscriptions.

Email spam example
Typical example of the phishing messages on the email.

Phone call and SMS spam

Have you ever received an SMS that contains just a link and several words like “Giveaway” or “Free iPhone”? Or a phone call where you are talking with a robot? That’s it. Phone spam appeared even before cellular phones spread - you were receiving such calls on your landline phone. Such spam has pretty low efficiency until you receive such messages from someone in your contact list.

Technical base for spam

There is no way to perform massive spamming using a single account. Mailing services these days are pretty clever and will surely send spam all messages from the suspicious sender. And 1000+ messages from a single mailbox look suspicious. Hence, fraudsters decided to diversify the risks - and thus use botnets for that purpose. It is safer for ban prevention but also more effective - when people see an email address that looks legit, they will more likely eat the lure and do what you say.

Spam scheme

If the hijacked accounts are on Facebook, Twitter, or any other extensive social network, crooks do a very sly trick. They started spamming the people who were in contact with the account owner. And the chance that such messaging will bring success to the crooks is very high. People trust their close friends and relatives and will follow a particular link without even a thought that something can be wrong.

The exact instruments to control the network of infected accounts may vary depending on the attack's wideness and depth. When crooks want to use only hijacked emails, they can use simple remote-access tools and numerous virtual machines. But when they need something more massive, they apply backdoors or other complicated malware. For sure, backdoors are usually used in other sorts of cyberattacks - DDoS - but they are also good.

Victim databases

How do spammers know who to text? It is pretty ineffective to perform spamming campaigns “blindly”. Fortunately for them, there are plenty of databases of certain categories of users for sale on the Darknet. With a price of ~$100 for 10k contacts, it is quite cheap to start massive spamming. And when this spam is targeted - for example, bank account phishing is stylized for a certain bank and sent to the customers of this bank - the possible rewards grow significantly.

Databases in the Darknet

If your contact has once got into one of these databases, my condolences. The only chance to stop tons of spam (i.e., remove your email from the databases) is to stop using this mailbox. When the spam is going to your cell phone number, the only way to stop it is to change the phone number. Unpleasant, but you have likely no choice when it has happened. All you can do to make the situation easier is to prevent it.

Recent news on spam

How to stop spam?

You can see a lot of advice on it on the Web, but many of them are truisms or just useless. Advising to report the accounts used in spam has no reason - crooks will find new ones for tomorrow. But keeping the pessimism on is a bad habit. So let’s figure out what is needed to prevent such a nasty thing from appearing in your email.

First of all, think twice before typing your personal information anywhere. Strange sites you visit for the first, and probably the last time, torrent trackers, some online or offline squeezes - all these things are the main data sources for the databases above. Keeping away from them, or using a different email/phone number for such events, is vital. Even if it looks legit and you are interested in keeping in touch with it, that does not guarantee that your contacts will not be sold then.

To avoid being used in spamming other people, keep your privacy well. Apply the 2FA on all accounts that are important for you. Keep an eye on what you click online, and scan your devices with anti-malware programs. That will help you prevent account hijacking - email and all your accounts on social networks. Password management utilities can offer you not only keeping the credentials in a single place but also suggest strong passwords.

When it is happened

Sometimes spammers send their disgusting stuff to random people. Therefore, you must not panic when seeing single messages on your email. However, it is still important to know how to react to this email. As I have already said, that's no reason to report the sender’s mailbox. Your main reaction is just adding the message to spam. But it is also important to understand that you see the spam, not the legit message.

Spammers sometimes do a great job mimicking the actual companies. Counterfeiting the invoices from payment systems, delivery notices, or bank emails is not an easy task, and when done correctly, you will not distinguish them by the message body. However, the sender’s address is a thing they cannot hide. All official notifications are done through the official email addresses. Hence, seeing some weird stuff like amazoon391@gmail.com or fedxdelivery3108@aol.com clearly says that someone is trying to scam you.

If you missed that or just struggled to remember what is the original email address and thus clicked the message - pay attention to the URL of the page you’ve opened. Phishing pages are getting banned quickly, so crooks usually use free hostings with ugly domain names. Moreover, the website design may look like a cheap parody done by a schoolboy. Banks or payment systems have something well-designed HTTPS certificates. You can check the latter by clicking the lock icon on the left side of the URL bar.