Sending spam email remains the most popular means for cyber-crooks to spread malware and links to maliciouis websites.
According to an analysis of spam emails by security company F-Secure, nearly half (46 percent) are pushing dating scams, just under a third (31 percent) are links to malicious websites and just under a quarter (23 percent) have malicious attachments. Just five file types -- ZIP, .DOC, .XLS, .PDF, and .7Z -- make up about 85 percent of malicious attachments.
Päivi Tynninen, a threat intelligence researcher at F-Secure, said that although spam has been one of the main ways of spreading viruses and malware for decades, it has gained more popularity during the past few years as systems have become more secure against software exploits and vulnerabilities.
Crooks have also refined their techniques to deliver better results, with click rates rising from 13.4 percent in the second half of 2017 to 14.2 percent in 2018. You are 12 percent more likely to open spam if it pretends to come from someone you know, but spelling matters: a subject line free from errors improves spam's success rate by 4.5 percent.
Rather than just using malicious attachments, spam messages will feature a URL that directs the victim to a harmless site, which then redirects them to a site hosting malicious content.
"The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible," said Päivi Tynninen. When attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file, she added.
- Unlucky dip: This malware delivers either ransomware or cryptocurrency mining software to your PC
- How to enable spam call filtering on your Android phone (TechRepublic)
- Hackers use phoney invoice email to trick you into downloading malware
- What is malware? Everything you need to know about viruses, trojans and malicious software
- Gmail spam mystery: Before you change your password, read this (CNET)