Email is one of the main factors of computer attacks. Despite the daily attacks now with this vector, the uninitiated unfortunately don’t really know the extent of email-borne threats…
A universal communication tool, email is mainly used by hackers to carry out phishing and phishing attacks. These two attacks use different methods but both have in common that they seek to deceive users’ vigilance. While phishing specifically seeks to steal personal identifiers, or infect a company’s information system with malware, phishing is an attack that targets an employee, usurping the identity of a trusted third party within the company, with the goal of retrieving information or with the victim’s consent. Other threats exist and are often associated with scams (unknown great-uncle, residing in India, thanks to whom the victim is supposed to inherit a hundred million dollars …) but can also take the form of legitimate email marketing.
What is phishing spam?
Phishing spam, which can be translated as “misleading email”, is an email that pretends to be email marketing, using graphic icons and vocabulary of email marketing. Phishing spam does not contain fraudulent attachments or links and is only intended to monetize a person’s visit to a remote site.
So what is the point of phishing spam and how do hackers make money from it? abusive?
As the saying goes “if it’s free, you are the product” and in the case of phishing spam, the goal is to get people to visit a website for a fee. In popular marketing parlance, this technique is called “affiliate marketing”. The website will place a link containing an affiliate ID and thus will promote a service or an object. For each person who used this link and bought a product on a remote site, a commission will be paid to the “affiliate” (that’s his name). While the use of affiliate marketing is common – Amazon uses it a lot – the use of spam to direct traffic to an affiliate site is illegal.
Example of a misleading spam campaign strategy
The victim received an email inviting him to connect to an online dating site. However, after clicking, it turns out that the remote site is not an online dating site, but an article promoting the best dating sites of 2018. On this page, each link leading to a dating site is decorated with an affiliate icon. For every account creation on one of these remote sites, the author of this scam spam campaign will be rewarded with a percentage of the subscription price.
What is the cost of phishing SPAM?
The volume of emails using this type of strategy is counted in the millions each month. In addition to the fact that this type of spam campaign violates the rules of the General Data Protection Regulation (GDPR), the problem with this type of email is its storage and handling.
With the increase in storage sizes for email accounts, the vast majority of users do not take the time to delete unrelated emails and store this type of message indefinitely until the space is full. This large volume of emails is thus saved by businesses, which increases storage and bandwidth costs and slows down processing processes such as indexing.
Therefore, phishing spam is an illegal way for hackers to make money. Much like illegal cryptocurrency mining, phishing SPAM does not directly result in a user losing money, even if there is a long-term financial loss. The fact remains that the process is illegal, and organizations fraudulently use it to make a lot of money thanks to the people they deceive, by not caring at all to respect GDPR.
Upon receiving this type of email, it is necessary for the user to identify it as “spam” by selecting it and clicking on the “spam” button. This report will allow the information to be sent to the filter allowing it to be blocked permanently. Waiting for the censorship authorities to really look into the matter and be able to curb the perpetrators of these attacks.