What is spam? How to identify and defend against junk emails

What is spam? How to identify and defend against junk emails

Spam, originally named after a canned meat product made by Hormel Foods Corporation, became widely recognized through a Monty Python sketch that humorously over­loaded a café menu with SPAM dishes. While its origin is comedic, the issue of spam — unwanted digital messages — has grown far from a joke.

The first known email spam was sent in 1978 by a Digital Computer Corp employee to users on ARPANET, the precursor to the internet developed by the US Department of Defense. By the 1990s, with the rise of the internet and as email use grew, spammers began using automated tools to flood inboxes, prompting regulatory action in the 2000s.

Despite all legal efforts, spam remains an issue, with billions of unwanted emails sent daily. As spammers continue to adapt their tactics, the battle against spam is ongoing, and users must remain vigilant against ever-evolving threats.

Definition of spam email

The definition of spam, also known as junk mail, refers to unsolicited bulk messages sent to a large number of recipients. Much like the popular “Spam Classic” product, known for its convenience and wide­spread availability, spam emails have become equally ubiquitous in the digital world. While spam emails are the most common form, similar messages on social media and instant messaging platforms are also considered spamming.

Spam emails have become so wide­spread that almost every internet user has encountered them. Reporting spam in plat­forms like Gmail helps them identify and filter similar unwanted emails more effectively, preventing the spread of more spam.

Even though many users can recognize spam, cyber criminals continue to refine their tactics, sending messages in bulk and adapting to new defenses. As people become better at spotting spam, criminals evolve their methods, making some messages harder to identify. Not all spam is as obviously fake as the classic “Nigerian prince” scams, and even savvy users can fall victim to more sophisticated approaches.

How spam works

Spam can appear in various forms, such as emails, text messages, phone calls, and social media messages. While some spam is simply annoying, others can be dangerous, spreading malware, phishing scams, and other cyber threats.

Spammers use different techniques to flood your inbox. One common method is through botnets, which are networks of compromised computers that send out massive volumes of spam without the owners’ know­ledge. Another tactic is email spoofing, where the sender’s email address is disguised to make it appear as though the email is coming from a legitimate source. This makes it more difficult for recipients to recognize spam and increases their chances of being deceived by scams.

Different types of spam messages and junk mail

Spam emails are the most common form of junk mail, so let's focus on the various ways criminals use email communication to target their victims. Knowing the different methods of spam allows you to better recognize junk mail and avoid falling for scams.

Phishing

The goal of phishing emails is to get you to down­load an attachment file, click a link that takes you to a harmful web­site, or reveal sensitive information to the sender. Phishing messages can be disguised as some­thing that the victim might find interesting, and in many cases, the email looks like it’s coming from a reliable sender. Smishing messages have much of the same goal but use SMS and instant messages instead of email.

Malware spam or malspam

Malware spam is used to infect the recipient’s device with malware, such as trojans, spyware, or ransomware. The viruses hidden in malware spam can be disguised as attachments, including PDFs, text documents, and presentations.

Email spoofing

To deceive recipients, spammers often use spoofing to make a message appear as if it’s coming from a trusted and legitimate source. By masking the real sender’s identity, cyber criminals can make spam emails look less suspicious. Even if an email appears to be from a well-known authority, social media service, the post office, or a bank, it’s important to always verify its authenticity to ensure it’s not fake.

IT support scams

A common tactic used by spammers is to disguise their emails as if they are from IT support. These types of junk emails often appear to be sent by large companies, such as Apple or Microsoft, claiming a technical issue or that your account has been compromised. The message may urge you to click a link to avoid account lockout or further issues. By combining a legitimate source with a sense of urgency, cyber criminals aim to deceive you. Be especially cautious if the message asks for sensitive information, such as pass­words or online banking credentials — this is a major red flag.

Advertisements

Spam emails can also appear as advertisements. Many of us subscribe to news­letters and receive legitimate ads via email daily. However, if an ad’s offer seems too good to be true, it’s likely a scam.

Subscription traps

Subscription traps are tactics used to mislead consumers into unknowingly signing up for long-term subscriptions. Victims may not realize they’ve subscribed until they receive a bill for an unexpected charge. The terms of these subscriptions are often vague or non­existent, and canceling the subscription is deliberately made difficult.

Why are spam emails an issue?

Spam is a wide­spread issue affecting both large and small targets, including organizations and individuals. Cyber criminals use bulk emails to reach many victims with minimal effort, and because it’s inexpensive, the potential returns make it a lucrative tactic. As a result, any­one can become a target. Here are some reasons why you should take spam seriously:

• Spam can spread malware. Not only are your own devices, files, personal information, and privacy at risk, but devices infected with malware can also be used to spread harm to others. Even if you believe you have nothing worth stealing, cyber criminals can still find ways to exploit you.

• Spam fills your inbox. Urgent emails and important information may be buried under spam. Even if you can locate your important files, it will be more difficult if you first have to filter through numerous junk email messages.

• Spam is a burden for the whole infra­­structure. When messages are sent to thousands of recipients simultaneously, this may lead to unnecessary stress for email servers and systems. Additionally, if your work email is targeted by spam, it can reduce both your productivity and that of the entire organization.

Identifying spam emails

There are several ways to determine if an email is legitimate. Here are some tips to help you identify spam emails.

Verifying the sender’s email address

One of the most effective ways to identify spam emails is by verifying the sender’s email address. Legitimate emails typically come from a valid domain associated with a company or organization, while spam emails often use fake or spoofed addresses. To verify the sender, check the email domain to see if it matches the company it claims to represent and look for spelling errors. Be wary of email addresses containing unusual characters, numbers, or letters that deviate from the company’s standard format.

Red flags

Several red flags can indicate that an email is spam, including:

• Urgent or threatening language: spammers often use scare tactics to prompt immediate action.

• Requests for personal or financial information: legitimate companies rarely ask for sensitive information via email.

• Suspicious links or attachments: be cautious of unexpected links or attachments, as they may contain malware.

• Poor grammar or spelling: spam emails are often poorly written and contain noticeable errors.

• Unusual or unfamiliar sender email addresses: if the sender’s address seems odd or unfamiliar, it’s likely spam.

If you notice any of these red flags, it’s best to delete the email or report it as spam.

Laws and regulations

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Porno­graphy and Marketing Act) is a US federal law enacted in 2003 to regulate commercial emails, including spam. The law establishes rules to ensure that senders maintain trans­parency and protect recipients from unwanted and deceptive messages.

Key provisions of the CAN-SPAM Act include:

• Clearly labeling emails as advertisements

• Providing a valid physical address of the sender

• Allowing recipients to opt-out of future emails

• Honoring opt-out requests within 10 business days

• Not using deceptive subject lines or headers

• Unauthorized collection of email addresses from websites

EU regulations against spam

In the EU, multiple laws and regulations have been enacted to combat spam. These include Directive 2002/58/EC on Privacy and Electronic Communications, which bans unsolicited commercial emails and other electronic messages unless the recipient has given explicit consent. Additionally, the ePrivacy Directive safe­guards individuals’ privacy and personal data while using communication services.

By adhering to these laws and regulations, businesses can stay compliant with email marketing regulations and respect user preferences. For consumers, under­standing these rules can help identify legitimate emails and improve their ability to report spam.

How to protect yourself against spam emails

Many internet service providers (ISPs) and email services offer spam filters, but additional measures are needed to fully protect your­self. Fortunately, there are steps you can take to redirect junk mail to your spam folder and recognize spam that slips through.

• Analyze suspicious messages. Look for signs that may indicate spam. Is the email asking you to click on a link or down­­load an attachment file? Are there spelling errors? Is the message making out­­rageous claims? Is the sender asking for your personal or financial information? Spam emails often lack the professionalism and polish of legitimate ones, making them easier to spot. If you’re still unsure, visit the sender’s web­site directly through your browser instead of clicking any links.

• When you encounter spam, mark it as such. This way you can teach your email service to better recognize messages as spam in the future. If you find some­thing that isn't junk mail in your spam folder, mark it as “not junk” instead.

• Use a reliable anti­virus program. This not only safe­guards you against spam but also enhances your over­all online security. F‑Secure Total offers complete online protection to keep you safe.

• Use a VPN. Although a VPN service does not stop spam, it can prevent cyber criminals from getting your email address in the first place. F‑Secure Total also provides a reliable VPN for browsing securely and in private, wherever you are.

Reporting spam

Reporting spam is an important step in combating the issue. It helps your email provider block future spam and reduces its spread. Most email clients offer a “report spam” or “mark as spam” option to flag unwanted emails. You can also forward spam emails to the Federal Trade Commission (FTC) at spam@uce.gov in the US, to report@phishing.gov.uk in the UK, or to the national cyber security organization in your country. By taking these actions, you help reduce spam and protect your­self and others from cyber threats.