By Mark Pardee, courtesy of SBAM Approved Partner NuWave Technology Partners
Spam, as a percentage of all email, had been dropping for several years from a high of over 90 percent in 2009. In 2014, according to statista.com, seven out of 10 emails were still spam and it continued to drop until it hit a twenty year low in late 2015 of just under 50 percent. In early 2016 however, the percentage started climbing again and is now over 60 percent. Why is spam on the increase?
While spam has always been used to make money, in the last couple of years it has been increasingly weaponized. Traditionally spam was used to send advertising directly or through links to other sites to sell products or services. Today, spam is used to entice the recipient to click on a link or an attached file that will install malware on to their computer.
The malware may encrypt (or scramble) the files on the computer or on network file servers. The sender then demands a ransom to unencrypt the files, thus the name ransomware. This scheme has proven to be very successful and the ransomware industry is expected to exceed $1 billion dollars in global revenue this year. Other types of malware delivered through spam may upload personal information or user names and passwords back to the sender who will then sell them to other criminals.
Spam is also used in phishing campaigns where an email is sent pretending to be from a reputable company to induce individuals to reveal personal information such as passwords and credit card information. Spear phishing, or Whaling as it is sometimes called, is a phishing campaign directed at targeted individuals. Usually sent to specific key people at a company, the email will look like it is from someone with authority like a corporate executive or the owner. It requests sensitive information like a copy of all employee W-2 forms or to have money urgently transferred to an account. These campaigns have also been effective in generating millions of dollars of income.
There are some simple and inexpensive ways to protect yourself and your business from these malicious attacks:
- Use a spam filtering service—all company email is directed to the service provider, filtered for spam and viruses and then sent to your company email server. This eliminates fifty percent or more of the email traffic from even getting to your server, freeing up bandwidth and storage space. The top service providers will catch 99 percent of spam and viruses.
- Use good anti-virus and anti-malware software and keep it up to date—this helps protect against the one percent that gets through and from sources of viruses and malware other than email.
- Train your staff—it is pretty easy to spot spam email if one knows what to look for. There are several good programs for recurring staff training. They are usually presented in short two-to-three minute videos and are designed for non-technical people.
Spam email can be much more than a nuisance, it can be very costly. All of the recommended solutions combined typically cost only a few dollars per person each month. A small investment now may save your company money, loss of business reputation, lost productivity and more.
Mark Pardee is Technology Consultant for NuWave Technology Partners.
Originally published in Focus Magazine