Technology security.

Spam, Phishing & Co. - What is it all about?

Why do I keep getting emails in my inbox from companies trying to sell me lasers or shipping containers from China? Is the email really from my bank asking me to confirm my identity from a Hotmail account? Why is my boss sending me an email from an unknown email address asking me to make a money transfer on short notice?

If you have received one of these emails, then there is a good chance that you have already been exposed to spam, phishing or Impostor. What for many is understood under the collective term “spam” is divided into different types of malicious mail. This includes spam with advertising content, but also more dangerous variants such as phishing, malware or impostors. In this article you will learn more about the following topics:

  • What are malicious mails?
  • What are the main variants?
  • How can these mails harm me?
  • What is the extent of the damage?
  • Is it possible to filter out harmful emails? How is it done?
  • What can I do myself?

Spam, Phishing & Co. briefly explained

Malicious mails are either sent en masse to an indiscriminate list of recipients or, in the case of Impostor and Phishing, often to a specifically selected list of recipients. In addition to purely promotional spam mails, in many cases there is a criminal intention on the part of the sender, who is intent on deceiving the recipient and making him pay. Here is an overview of the most important forms of unwanted and dangerous e-mails:

Spam: Spam or junk mail is electronically sent advertising that arrives unsolicited in our mailboxes. This type of unsolicited advertising is sent en masse and randomly. The senders usually pursue a commercial purpose – this is evident, for example, in the form of product advertising, offers for financial investments or invitations to competitions.

Impostor: Impostors are mails whose senders pretend to be the recipient’s superiors. These are mostly requests to hand over sensitive information (e.g., tax questions about employees) or requests to make money transfers. Frequent addressees of Impostor are CFOs and HR managers in companies. But “normal” employees can also become victims of Impostor emails.

Phishing: Unlike spam, which is primarily promotional in nature, phishing always has a “malicious” purpose. The aim of phishing is to retrieve (or “fish”) sensitive information such as access data for bank accounts, online or social media accounts from the recipient. The criminals impersonate companies, trusted individuals or institutions (often banks) to achieve their goal. The crux is that the fake mails hardly differ from the real ones and can thus quickly mislead recipients.

Malware: Malware stands for “malicious software” and infects computer systems in the form of viruses, Trojans, spyware and other variants in order to tap sensitive information. Subsequently, this information is misused for fraud, extortion and identity theft.

Ransomware: The English word “ransom” means “ransom”. Thus, ransomware is extortion software that sneaks into the user’s system, locks the computer and encrypts the files. Subsequently, a ransom is demanded for the release.

How can spam harm me?

Phishing, impostor as well as malware and ransomware can cause considerable financial damage, as they are designed to grab money from the recipient with fraudulent and sometimes even extortionate content. If the customer falls for the scam, the money is gone in most cases and the resulting damage is great. Spam e-mails, on the other hand, seem comparatively harmless (at least at first glance), but they can also have a financial impact on companies and thus cause costs. What costs? This is shown by the following classification:

  1. Storage cost – this is the cost of storing the emails. They are stored either in an active inbox or in an email archive. The cost can be quite high given the amount of spam emails that are sent each year.
  2. Bandwidth costs – every mail, whether spam or business-related, must be transported. This comes at the cost of available bandwidth.
  3. Personnel costs – this is the cost of an internal team or external consultants to deal with problems caused by receiving spam emails.
  4. Productivity costs – these are the resources that recipients typically have to spend to read the messages they receive and determine if they are relevant.

Particularly high risk from malware

Malware quickly causes particularly great damage, as it can harm the infected devices, but potentially also other systems with which the affected device communicates. Often, through the integration of Java applets, a program is automatically executed when the message is opened and read. In doing so, the program will be installed automatically and may lead to/to:

  • Disabling antivirus and antispyware tools
  • Logging of keystrokes
  • Invading your privacy by turning on the microphone and/or camera of your computer or other connected devices
  • Deception: the program pretends to be an antispyware or antivirus tool in order to trick the user into giving the application more access to sensitive files or to the computer
  • Installing a bot for remote control of the attacker
  • Installing more spam e-mails
  • Collection of sensitive documents
hacker in the dark

Malicious mails with fake senders

Senders of malicious emails often take advantage of events such as the coronavirus pandemic or the European energy crisis and pretend to represent government or charity organizations in the emails. Their goal: to deceive and harm the recipients. The mails ask recipients to click on certain links, open hidden applications or share personal/financial information. It is therefore important for ISPs and businesses to detect and eliminate these emails before they reach the inbox.

Looking for Trouble: How to Detect and Prevent Spam, Phishing & Co.

Every single email has certain properties that distinguish it from other emails. This includes the sender, the recipient and the subject, especially the content and the file attachments. These characteristics may differ from email to email, but they may also be the same in different emails. The latter is particularly the case with so-called“bulk mailings“, i.e. e-mails that are sent in large quantities to various recipients. While the recipient of a mass email is a unique feature, the content and subject of the many emails do not differ.

This is exactly where our product eXpurgate comes in. With eXpurgate.Cloud, eleven offers you an e-mail security solution that checks incoming e-mail before it enters your company’s infrastructure. With eXpurgate.Inhouse, malicious mail that has already entered the corporate infrastructure is reliably detected. The software analyzes the email in detail and checks all relevant properties described above. Thus, eXpurgate is able to summarize all the information known about spam e-mails and compare it with newly received e-mails. eXpurgate thus quickly arrives at a decision as to what type of e-mail it is and how it should be handled.

With this method, eXpurgate detects potential threats at an early stage and effectively protects your mail servers from spam and phishing e-mails. E-mail categorization also improves the efficiency of your company’s e-mail communication in the long term.

Spam: A close look is important!

Even if annoying spam e-mails seem harmless at first glance – spam can pose a threat to corporate communication systems. In addition to financial damage, spam emails can intercept sensitive information for criminals.
Successfully combating spam requires resources and years of expertise. At eleven, we are committed to improving the security of e-mail communication every day. Our product eXpurgate automatically detects spam e-mails and filters them out securely. The solution scans incoming emails and looks for patterns, such as where the email was sent from, when it was sent, or how many times it was sent. A spam filtering solution is highly recommended because it saves companies from losing productivity and money by reliably limiting the impact of spam emails on business communications.

Comprehensive protection against unwanted email requires expertise, resources and a comprehensive view of email traffic. For all who

  • have a higher expectation of data protection,
  • or want to maintain the flexibility of their own infrastructure (solution: eXpurgate.Inhouse),
  • or do not have the resources to manage their own spam filter (solution: eXpurgate.Cloud),

eleven offers a long-term e-mail security solution with its eXpurgate product.

©2023. eleven cyber security GmbH. All Rights Reserved.