Spam and Malware: Why Do They Exist?

Category: Security

Email spam, viruses, ransomware attacks, identity theft, phishing, malicious links and other cybercrimes have become commonplace. A medium meant for information sharing has become a minefield of privacy and security risks. Who does this stuff, and what the heck is wrong with them? Let's take a look at what motivates the miscreants who menace millions on the Internet…

Hackers, Spammers and Cybercriminals

A few days ago I got a letter in the mail advising me of a “data security incident” at a website where I made an online purchase. I was advised that the person(s) responsible for this data breach likely gained access to my name, address, phone number, email address, credit card number, CVV code, and expiration date. The company recommended that I “remain vigilant to protect against potential fraud” by carefully reviewing my account statements and credit reports.

I sighed and tossed the letter in the trash. I knew already that all of that information, along with my social security number, shoe size, and my dog’s name was for sale on the dark web. And yours is too.

Today, ArsTechnica published a list of the top ten hack and breaches of 2020. Among them are the Solarwinds hack, which exposed thousands of corporate and government networks. Also in the top ten was the Twitter hack (perpetrated by teenagers) which compromised accounts belonging to politicians and celebrities. (No, Bill Gates and Elon Musk, and Barack Obama are not giving away free bitcoins.)

Have you ever wondered why there's so much spam, so many computer viruses, rampant identity theft, and other perils of using the Internet? Perhaps it boils down to the ancient philosophical question, “Why is there evil in the world?”

Why Does Cybercrime Exist?

Greed is the most common motivation for cybercrimes, as it is in the real world. There are big bucks to be made in malware that steals credit card, bank account, and identity details, corporate secrets, and other valuable data. The gullible will readily give money in exchange for counterfeit goods or just the false promise of goods. Some people will pay good money to damage the reputation of business competitors. Ransomware affects the entire spectrum of the online world, from large companies to home users. Most of the online damage is done for money.

Hatred is another ugly motivator. Often, it is disguised as heroism, a noble fight against a perceived evil enemy, which may be an individual, organization, corporation or government. But it’s hatred, none the less. Examples of this include those who spread disinformation or maliciously deface the websites of organizations with whom they disagree. Or it could be a "hacktivist" group that perpetrates denial of service attacks against their philosophical enemies.

Egotism is a third motivation. The desire to show the world how good your skills are, to do what others have failed to do, to make yourself look smart by making others look stupid, are all very satisfying to insecure egos. Some hacking groups have done this by breaking into websites, stealing embarrassing or confidential information, and publishing it online.

Grab That Cash With Both Hands and Make a Stash...

How do cybercrooks make money? The answer has changed over time. But mostly, it’s All About the Money. (Hat tips to Pink Floyd and Travis Tritt.)

Sanford Wallace was the original self-styled “Spam King.” In the 1990's, he had an ostensibly legitimate advertising business, sending out millions of unsolicited emails that advertise products or services for sale. He got paid a pittance for each email he sent, and a commission for each sale consummated in response to an email. According to “Spamford,” he made millions of dollars providing a perfectly legal service to merchants and consumers.

But eventually, spam stopped paying so well. Spam filters improved, and consumers became more wary of unsolicited offers. Spammers increasingly switched from selling things in annoying but legitimate ways to deliberately trying to defraud people. (More on the fate of Spamford below.)

That accounts for the rapid rise of ransomware and high-profile data breaches. By exploiting human error and security vulnerabilities, even low-skilled hackers can lock up the files of a single user or an entire company, and demand that a ransom be paid to restore access. Massive data breaches make the news regularly, compromising millions of usernames, passwords, credit cards, social security numbers, and other private information. These valuable troves of data are sold in the dark corners of the Internet, and the information is used to perpetrate fraud and identity theft.

If you heed the advice in my article Ten Ways to Protect Yourself From Identity Theft, it will go a long way toward protecting you from malware, spammers, hackers, and other cyber-crooks.

Then there are the low-volume, high-value cybercrooks. They include so-called Nigerian "419 scammers" who find affluent and gullible victims to milk for thousands of dollars. I wrote about the 419 Scam back in 2006, and it's still going strong today. Similarly, so-called spear phishing attacks target wealthy or influential people via social engineering.

Cybercrime and (occasionally) Punishment

Relatively few online crooks are caught and punished. It’s very difficult to investigate and prove such crimes because the criminal activity is hard to trace and often spans international borders. The double-edged sword of encryption protects both the innocent and the guilty. The few successful prosecutions we read about tend to be very large cases that are worth the trouble and expense to prosecutors.

"Spamford" Wallace continued with a string of fraudulent enterprises for a dozen years, was eventually fined several hundred thousand dollars, and sentenced to 20 months in prison. He was released in May 2018. Oleg Nikolaenko was a Russian “spam king” in the who allegedly ran a botnet that churned out over 10 billion spam emails every day, an estimated one-third of all spam in the late 2000s. He served three years in prison on charges of violating the U.S. CAN-SPAM Act. The FBI is still busy putting online crooks in custody. See the FBI Cyber Crime news and press releases.

There is no end in sight to the war on cybercrime. It’s an arms race in which the players on both sides are necessarily becoming more and more sophisticated. The anonymous nature of digital currencies like Bitcoin makes it difficult to "follow the money". The best that YOU can do is try to avoid becoming a victim. Keep your malware and anti-spam defenses up. Be wary of email phishing attempts. And Monitor your credit reports and bank accounts for unauthorized transactions.

Your thoughts on this topic are welcome! Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Dec 2020

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 17 December 2020

The Top Twenty
Next Article:
HOWTO: Searching the Deep Web and the Dark Web

Most recent comments on "Spam and Malware: Why Do They Exist?"

Posted by:

Renaud Olgiati
28 Dec 2020

Working as a trnslator thirty years ago, I was once brought by a customer a letter in English I immediately identified as an iteration of the so-called Nigerian "419 scam".
So I told the customer I would feel guilty taking his money, given it was a well-known scam.
Furious, he accused me of lying, so that I could profit myself of what the scammer was offering in the letter....

Mit der Dummheit kämpfen Götter selbst vergebens.
-- Friedrich von Schiller

Posted by:

David Baker
28 Dec 2020

Very good article Bob.
It's sad people do to other's. Wasted talent, I say.
Happy New Year Bob!

Posted by:

Don Clarkson
28 Dec 2020

Checking your credit card statements can be a pain in the neck - but it's essential.
Many years ago one of my statments had a small amount, only 2 or 3 dollars if I remember correctly, that I didn't recognise and that was paid to someone in Indonesia. Although I was buying online on a reasonably regular basis at that time I couldn't think of anything I'd bought or paid for that was that amount or that might have been paid to Indonesia.
I contacted my bank who were happy to check the transaction for me but explained that if it turned out it was something I'd bought there would be a $20 fee!
The idea of risking $20 for the sake of a 2 or dollar charge was not particularly appealing but I was fairly confident it wasn't my charge and told them to go ahead.
I never heard back from the bank but a couple of months later the amount was credited back to my card. Obviously they had found it wasn't my charge.
I've always wondered what the story was though. I suppose it could have been a bank error but I suspect it was more likely a scam of some kind. Two or 3 dollars is not much and I suspect that most people would just not worry about it, especially when it could cost $20 to track it. For the scammers though many transactions of even such small amounts could add up to a good income.

Posted by:

29 Dec 2020

From what I have read, small unauthorized charges to someone's credit card are made by criminals as a way to test that the account is still viable before making larger charges to it later on. The smallness of the amount helps it avoid being flagged as not following your normal pattern of usage and therefore blocked by the card issuer until you are contacted to verify it. The fact that the "other shoe" never dropped in your case may be due to your bank being told early enough about it, before the scammers got around to doing larger charges.

It's a little like the silent phone calls you get from unknown callers. Those are just automated test calls to see if your line is a working number and that you pick up unknown calls. This then adds you number to their list of which ones to call again in the near future (and maybe around the same time of day) to be pitched whatever their product, service, or scam may be. They either use that list themselves or sell it to others.

Posted by:

Ralph Isaacs
29 Dec 2020

What would you recommend to combat malware?

Posted by:

Emily Booth
29 Dec 2020

I recently received a denial notice from our state's unemployment agency. I never filed for UI. I've been retired for 9 years. There's been so many fraudulent UI claims, our police dept. won't even take a police report. I was affected by the Equifax hack in 2017. I've had a credit freeze since then. I followed all the recommended steps. What else can I do? My name, address and SSN is available for sale on the dark web.

Posted by:

29 Dec 2020

Most bank accounts and credit cards can be set to send out an alert to email or phone every time any transaction happens.

Much better than waiting for a statement IMHO as long as you read all the alerts.

Posted by:

Sarah L
29 Dec 2020

The newest scam is fraudulent claims for unemployment funds. New to me at least. Several people in my family have been targeted. Are the thieves taking advantage of the new programs to get people through the pandemic until their own jobs come back?

Posted by:

Marc de Piolenc
30 Dec 2020

You've covered the motivation of the malefactors, but my question is more fundamental:

After nearly forty years of the public Internet, why is it that software and data networks are still vulnerable to these crimes?

I am forced to conclude that this vulnerability is deliberately maintained. For reasons best known to themselves, software publishers and on-line service suppliers are leaving gaps, presumably so that they can exploit them to obtain information or control that we would not be willing to concede them.

Posted by:

31 Dec 2020

My neighbor was the victim of a phishing scam a few years ago. The phisher milked her for $200. I loaned her $200 to get her through the month and she repaid me within 2 months. She is on a fixed income (Social Security) and couldn't pay me back in one lump sum. She has learned from her mistake and is more vigilant than ever before. My 79yo Mother is a different story and I won't go into that rabbit hole in these comments.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Spam and Malware: Why Do They Exist? (Posted: 28 Dec 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved