Almost half of all email traffic is said to be spam. Email spam is any unsolicited message that tends to be sent in bulk. Spam is not only annoying but dangerous. They can be junk filling up an inbox, distracting users from important messages and hampering office productivity. They can also be phishing emails and malware delivery systems that can cripple computers and networks that a business relies on.
Spam filters, email protection, and security awareness training are all good methods to avoid falling prey to potentially dangerous spam. However, some spam can slip in. This is because merely opening spam can lead to dire consequences. What really happens when you open such messages?
Their image, your data
Whenever an email is opened, the images or resources such as special fonts contained therein are downloaded from the sender’s server. Though a normal process, this can be risky and can be exploited by hackers.
As a prime example, let’s talk about downloading images that are embedded in your email. Opening an email with an embedded image always does one thing besides downloading the said image from the sender’s server. Information from your computer is sent to the server that is hosting the image. This information includes your IP address, device type, operating system version, screen resolution, device language, geographical location, and more. The amount of sent data is quite telling and can be intercepted by a hacker as intelligence or information about a potential victim. Think of the process as staking out a victim or a form of reconnaissance.
Stylin’ and profilin’
With the data gathered from downloading an image, cybercriminals can then plan their next move in crafting a more enticing email that can phish for personal information or deliver malware. They will do this by making the succeeding emails more believable to the victim, tailored according to a profile built from the data gathered.
Then, they analyze past data on spam campaigns, look for the ones that were the most successful on profiles such as yours, and deploy those campaigns on a large scale in the hopes of catching a few fish in their wide nets.
If you realize that you've opened spam, do not forward it — not even to your security team. Emails such as this may have tracking pixels that can gather more information while it’s being forwarded. Forwarding this can also confuse your spam filter, thinking messages from this sender are safe, leaving your inbox open to further attack from the sender.
Tips to keep your inbox safe
Scammers may have exploited a seemingly harmless feature that is designed to make the email experience better, but you are not a helpless player in their game. You and your employees can follow these tips and be smarter than them.
- Disable “load remote content and images.” This will stop your email app from automatically downloading images and scripts when a message is opened.
- Enable spam filters. Many ISPs, email providers, and managed services providers (MSPs) offer these.
- Don’t just delete. Send any junk email to the spam folder immediately. This will train the spam filter to recognize these emails.
- Report spam. Email clients allow users to mark spam or report them. Reporting them will help keep them out of your inbox.
- Don’t just forward spam to your security provider. Turn them first into files, then send these as attachments.
Email spam can be a real threat. NetQuest is an MSP and IT consulting firm that specializes in protecting businesses with solutions that include email/spam protection. Don’t wait to be overwhelmed by spam, viruses, and other threats. Contact NetQuest today.
Like This Article?of our most popular posts