What is spam?
While electronic spam can take many forms, the primary understanding is that spam is the unsolicited, usually commercial, e-mail sent to a large number of addresses.
Why does spam exist?
Emails are extremely cheap to send in mass amounts and spammers often use stolen bank accounts and credit cards to cover the cost of their operations. Equipped with a list of email addresses and a capable network, a spammer can send millions of emails every minute. While it may sound like a complex operation, if one person falls victim to the message, it’s already paid itself off.
For example, it may cost $100 dollars to send 100 million emails to business employees, which is paid for with a stolen credit card. The payload of the message is ransomware, referred to as a “cryptolocker” (read more here), and 8 businesses unknowingly execute the attachment, 4 of which do not have a backup and 2 of which comply with the ransom agreement of $1400. The spammer gains $2800 for an hour of work, and hasn’t paid any cost associated with the task.
Spamming becomes economically beneficial for the sender, and often goes unpunished due to the difficulty of tracing unsolicited messages back to their origin. The result of this is, while illegal in most countries, is a business that can be largely automated and very lucrative.
The cost of spam.
In 2007, the United States estimated the social cost of spam to be as high as $13 billion per year, back in 2007, and in 2011, about 7,000,000,000,000 (seven trillion) unsolicited emails made it into peoples’ inboxes.
The direct effects of spam include consumption of network resources (such as Internet bandwidth, computer processors and storage) and the cost of time humans spend on dismissing the unwanted messages. The Internet has to deal with this malicious traffic, with up to 90.2% of all email transactions being categorised as spam according to a November 2014 report by the Messaging, Malware and Mobile Anti-Abuse Working Group – according to statistics gathered from over 400 million mailboxes. This means that a good portion of your Internet Service Provider’s monthly bill is accounting for useless traffic that consumes their network and yours.
That’s just assuming the recipient ignores the message. If the spam manages to convince a recipient to act, the effects get worse. Compliance with spam can create victims of financial, identity or intellectual property theft, malware infection and fraud for both the recipient and the business. Increasingly, we are seeing emails with malicious attachments being sent to company employees with the intention of being executed on their network, unleashing malware that encrypts company files and holds them for ransom, requiring recovery from backup should one exist, or payment should it not.
Spammers can also use compromised networks to send e-mail, costing your business in entirely new ways. Should you become infected with a spam bot, you can expect your network to be consumed with outgoing messages that are sent around the world. When certain technology companies receive your spam messages, they will add your network to their blacklist and notify other providers. The result of this is that all of your emails, legitimate or not, become blocked by the rest of the world until you are able to isolate the infection and change your company’s Internet address.
What is the solution?
There is no perfect solution to spam, but there are ways to reduce the cost of this noise on your business. Employing spam filtration technology to prevent spam from reaching your employees’ inboxes, as well as malware protection to stop any infections from being able to take hold, can reduce both the time lost to dismissing these messages and the cost of downtime, lost data or ransom demands.
We’re in the business of making technology work for you. With services like Microsoft Office 365, as well as ESET Endpoint Security, as well as regular backups of your critical company data, all bases are covered.
Office 365 – Prevention
It is important that, should your business be a target, any spam messages be detected before they even reach your network. With Office 365, most spam is deleted via connection filtering, which is based on the IP address of the sender. The service then inspects the contents of the message. By default, content-filtered spam is sent to the recipient’s Junk Email folder. This allows your business to receive all messages addressed to your domain name, while giving staff an easy way to delete junk without trying to sift through legitimate messages.
Office 365 reduces the cost on your business by blocking the noise before it demands attention, and helps protect employees from identity theft and fraud by clearly marking suspicious messages.
ESET Endpoint Security – Protection
If a spam message does manage to reach an employees’ inbox, which is the case with a well-crafted message and unknown origin, your business should be able to identity and neutralise the threat. ESET’s Endpoint Security is a complete solution to protecting individual systems and business networks from malware infection. Attachments can look legitimate, many are disguised as invoices or shipping notifications. In the event a malicious attachment is executed, ESET Endpoint Security will compare the program against their constantly-updated threat database. If it matches, it is immediately quarantined and the user is notified of the block.
Synology & Dropbox – Recovery
In a worst-case scenario, your business must have a contingency plan. Sometimes a malicious payload can make it all the way through to an employees’ workstation despite all detection and prevention mechanisms. Having a complete backup solution means that irreplaceable data is always available. Think Concepts recommends using Synology network storage devices to maintain reliable, easy-to-manage access to your company documents, in conjunction with Dropbox, a real-time file synchronisation service that keeps a copy of your data off-site, along with version history, should infection, hardware failure or a natural disaster take your local copy offline. In addition to protection, Dropbox also makes it possible to securely access your files from anywhere on the Internet, so you can work from home or share specific documents with your contacts.
With a sufficient prevention, protection and recovery solution in place, your business should never have to comply with the demands of a malicious actor.