Spam Email Remains the Main Attack Vector and Click Rates are Rising

August 3, 2018

 

Spam electronic mail is still the prominent way of malware delivery as per a new report by cybersecurity firm F-Secure. The reason is easy. It’s comparatively easy to bypass safety protections and deliver malevolent messages to inboxes and end users are not mostly good at identifying malevolent electronic mails. Discovering usable weaknesses is much tougher by comparison.

As per F-Secure’s figures, in the second half of 2017, click rates for spam electronic mails rose compared to the first half of the year, increasing from 13.4% in the first half of 2017 to 14.2% in the second half of the year.

The company’s analysis has demonstrated that the most popular spam messages are socializing scams, which comprise 46% of spam samples examined by the company in the spring of 2018. In second place are electronic mails having links to malevolent websites, which comprise 31% of the total, followed by 23% of electronic mails with malevolent attachments.

An analysis of the malevolent attachments demonstrates cybercriminals are typically using five file kinds. 85% of the malevolent attachments were either XLS files, DOC files, ZIP files, PDF files or 7Z files.

Although click rates are up, F-Secure notices that spam electronic mail is still a very disorganized method of attacking firms. Massive volumes of spam messages should be transmitted to make sure a sufficiently high proportion are delivered and sufficient end users infect their appliances or take the preferred action.

Cybercriminals are continuously refining their methods and tactics to raise the efficiency of the procedure. Among the key ways that click rates can be raised is through spoofing the electronic mail address of a contact or using a contact’s electronic mail account to transmit a message. When a spam message comes from a known person, the chance of a click rises by 12%.

Messages often contain spelling errors, either by chance or on purpose. F-Secure notices that success rates rise by 4.5% when there are error-free topic lines.

F-Secure notices that although urgency is frequently used to get end users to take action, informing a user they should take a specific action is less successful than when urgency is implied.

There are two strategies that are increasingly being used to raise the achievement rate of spam campaigns. Password-protected attachments are being utilized, which are frequently not tested by anti-spam solutions. A password is provided in the message body which should be entered when opening the document. When hyperlinks are utilized in electronic mails, they often direct the user to a safe site, which then redirects the user to a malevolent site. This additional step assists the attackers to keep their malevolent matter hosted for longer.

With browsers now safer and weaknesses being tackled far more swiftly, spam electronic mail is the simplest method of infecting end users with malware and thieving confidential information and that is improbable to alter.

What companies should do is to make sure that they have suitable solutions in place to obstruct the bulk of spam electronic mails and stop them from reaching inboxes, and make sure that workers are well trained and can recognize malevolent messages when they do get delivered.