Are You in the 14 Percent Club?

Category: Spam

Forty years after the first spam email was sent, it is still the favorite tool of crooks and criminals online. A new report from the Finnish security group, F-Secure, reports that spam is the most common method used to distribute malware, malicious URLs, scams, and other bad news. Read on to see if you're in the '14 percent club' and some of the tell-tale indicators of malicious emails...

Spam: Still Number One With Crooks

You've got software to protect your computer from viruses, spyware, ransomware, and rogue websites. You're careful to keep all your software up to date. Your identity theft spider sense tingles with every suspicious phone call. But then that innocent-looking email pops into your inbox. It appears to be from your friend, your bank, or your favorite online store.

You click, and you've been had. Spam is still the most effective attack vector for hackers and online criminals, according to new research from F-Secure and MWR InfoSecurity finds.

“Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites,” says Päivi Tynninen, Threat Intelligence Researcher at F-Secure. As usual, cybercriminals are taking their cue from water -- traveling along the path of least resistance.

Spam: The Most  Common Attack Vector for Cyber-Criminals

As software vulnerabilities are closed and anti-malware suites grow more capable, spam becomes relatively more effective compared to hacking and exploitation of software vulnerabilities. Spam still is infinitely scalable, too; it costs nearly nothing to blast out millions of spam emails from a compromised machine, and spambot networks of thousands of slave machines are commonplace.

While success still depends on spewing out millions of spam emails to get a handful of “bites,” spammers are constantly refining their techniques and improving their batting averages.

Need to batten down your security hatches? See my roundup of Free Antivirus Programs, learn how to Run a Deep Scan for Malware, and check out my series on Router Security.

Spam Click Rates are Increasing

“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,” says Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity. His firm, which was acquired by F-secure in June, 2018, develops a site called phishd that helps businesses audit and improve their anti-phishing efforts.

Among the insights that MWR provides are clues to what makes phishing spam successful:

  • The probability of a recipient opening an email increases 12% if the email claims to come from a known individual
  • Having a subject line free from errors improves spam’s success rate by 4.5%
  • A phishing email that explicitly states in its call to action that it is very urgent gets less traction than when the urgency is implied

Most users have finally learned not to click on email attachments sent by strangers, or any attachment that comes unexpectedly. So more phishing emails include URLs instead; people are still conditioned to click on links to see where they go, especially if the link says “click on this link...”

The link often does not lead directly to a malicious site, but to an innocuous site that redirects traffic to a malicious site. That way, the bad guy avoids detection by automated analysis software that previews links and compares them to known malicious URLs.

F-secure includes these and other tips for security-conscious people in its latest podcast entitled, “Ransomware Out, Cryptojacking In?” Other trends the company notes include:

Ransomware is down substantially as an attack vector. The demise of Adobe Flash is echoed in declines of malicious drive-by downloads. And exploit kits, bundles of malicious programs that work together to test and penetrate a company or home network, are also on a decline.

The good news is that with education and software, we have eliminated or limited many malware attack options to spam. The bad news is that spam still works. My best advice: Think twice before you click.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Aug 2018

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 29 July 2018

The Top Twenty
Next Article:
When 2FA Goes Bad

Most recent comments on "Are You in the 14 Percent Club?"

Posted by:

02 Aug 2018

I try where it's possible to preview emails in plain text. There are some annoying senders who don't provide plain text versions so I just get a brief click here message but often it lets me see the link not just a button. That way I can see that the link goes to not ( for me).

And the old adage - if it seems too good to be true...

Posted by:

02 Aug 2018

I use "Peek" to look at suspicious emails
Don't look right ...delete

Posted by:

02 Aug 2018

My sister is a culprit. No not a spammer. She will send links and say "found this interesting." or similar text but doesn't summarise or tell me (or her other bcc'd recipients - at least she's doing that!) what it's about. I called her on it and said that without content info I'm not clicking because phishers will disguise emails to be from someone the individual knows (and folks won't normally click to reveal the actual email account address). I told her the best would be to copy and paste the text into the email and summarise why she thought it was important, at the top. But she won't take the time to do that and I'm betting her recipients aren't clicking through!

Posted by:

02 Aug 2018

What is the 14 percent club? You never explained the headline reference.

Posted by:

Stephe Ellis
02 Aug 2018

I have one account that I reserve for sign-ups, etc., and this does get a bit of spam with promises of prizes, discounts, etc., purporting to be from well-known retailers. They are usually brief and invite me to click on links to learn the details of the offers.
Recently the group responsible for this trash has helpfully taken to marking them as being "high priority", a flag that nobody else seems to use, thus thoughtfully enabling me to filter them into a spam folder that I just check occasionally.
Ah, the naïve kindness of spammers!

Posted by:

02 Aug 2018

I use mailwasher free and have for several years, I can see what it is before loading it into my mail program. will never be with out it. If you haven't heard of it,check it out.Thanks for good article.

Posted by:

Bernard Gray
02 Aug 2018

To Kearney's comment here is the reference to the 14 percent you must have read over it.

“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,” says Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity. His firm, which was acquired by F-secure in June, 2018, develops a site called phishd that helps businesses audit and improve their anti-phishing efforts.

Posted by:

Ken Heikkila
02 Aug 2018

“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,”

Posted by:

Walter Davis
02 Aug 2018

Don't recognize it? Right click and send to junk mail, even if it is from a friend.

Posted by:

02 Aug 2018

I've been emailing long enough to have developed a well honed spider sense regarding phishing emails, which I get many more than I'd like to mention.

My Norton Security and Thunderbird email programs do a poor job of identifying them. It would be nice if someone developed a piece of security software dedicated to phishing.

If there is one, please advise.

Posted by:

03 Aug 2018

I must have done something daft recently because I have been flooded by messages promising that I have won something That just awaits my action ............yeh/right.
It's hard to resist the urge to use the link just to find out what is the "next step".
And now the latest a dating site that included an unsubscribe button. That was easy I never use dating sites & I recognise too good to be true msgs.

Posted by:

J Burrows
03 Aug 2018

I recently encountered a type of scam that I had never seen before. It got my attention because the subject line was a password that I used to use for sites where security was not a concern for me. The body of the email stated that the sender knew my password and had been monitoring my activity on porn sites and had hijacked my web cam and created a "dual video" showing the site and my activity side-by-side. He threatened to send this video to all of my contacts unless I paid $2200 in bitcoin. I have since received another similar email demanding $2900. Needless to say I ignored both of them. I believe that the sender obtained my password and email address from one of the various security breaches that reveal this type of information. You can see if your data has been exposed by checking here:

Posted by:

03 Aug 2018

I still use Adobe Flash. I still have Windows 7 as my OS; maybe that's why it's necessary? Comments, please.

Posted by:

03 Aug 2018

Usually there is a tip off that an email is edgy--most often it is bad spelling or wrong punctuation. I hover my mouse over the sender and it will show the person's email, which is usually the "open me" deal breaker. Some spammers try to be smart--one that purported to be from a major online retailer that I do a lot of business with had an "e" at the beginning of the sender's address right after "@". The rest of the email was correct. Sometimes it's obvious, sometimes they try to be sneaky, but I've found this simple method a quick and easy way to weed out spam that might not be too obvious. YMMV according to your email provider.

Posted by:

04 Aug 2018

I still have 5 aol email accounts and since aol has been taken over by Oath one of these accounts - not the master account - has been flooded with supposed emails from Oath threatening to shut it down. I had been checking and most of these emails had come from people with comcast or aol addresses - not oath - so easy to ignore- indeed on some days have had the same threatening email from multiple senders. This suggests that these accounts have all been hacked and being used to send out broadcast emails

Posted by:

05 Aug 2018

AVG does a helluva job with potential harmful spam. If you don't mind the petitions for upgrades.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Are You in the 14 Percent Club? (Posted: 2 Aug 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved