Spam Email Remains the Primary Attack Vector and Click Rates are Increasing

Spam email is still the leading method of malware delivery according to a new report by cybersecurity company F-Secure. The reason is simple. It is relatively easy to bypass security defenses and deliver malicious messages to inboxes and end users are not particularly good at identifying malicious emails. Finding exploitable vulnerabilities is much harder by comparison.

According to F-Secure’s figures, in the second half of 2017, click rates for spam emails increased compared to the first half of the year, rising from 13.4% in the first six months of 2017 to 14.2% in the second six months.

The firm’s analysis has shown that the most common spam messages are dating scams, which account for 46% of spam samples analyzed by the firm in the spring of 2018. In second place are emails containing links to malicious websites, which account for 31% of the total, followed by 23% of emails with malicious attachments.

An analysis of the malicious attachments shows cybercriminals are mostly using five file types. 85% of the malicious attachments were either ZIP files, DOC files, XLS files, PDF files or 7Z files.

While click rates are up, F-Secure notes that spam email is still a very inefficient method of attacking companies. Huge volumes of spam messages need to be sent to ensure a sufficiently high percentage are delivered and enough end users infect their devices or take the desired action.

Cybercriminals are constantly refining their techniques and tactics to increase the efficiency of the process. One of the main ways that click rates can be increased is through spoofing the email address of a contact or using a contact’s email account to send a message. When a spam message comes from a known individual, the chance of a click increases by 12%.

Messages often contain spelling mistakes, either by accident or on purpose. F-Secure notes that success rates increase by 4.5% when there are error-free subject lines.

F-Secure notes that while urgency is often used to get end users to take action, telling a user they must take a particular action is less successful than when urgency is implied.

There are two tactics that are increasingly being used to increase the success rate of spam campaigns. Password-protected attachments are being used, which are often not checked by anti-spam solutions. A password is supplied in the message body which must be entered when opening the document. When hyperlinks are used in emails, they often direct the user to a harmless site, which then redirects the user to a malicious site. This extra step helps the attackers keep their malicious content hosted for longer.

With browsers now more secure and vulnerabilities being addressed far more quickly, spam email is the easiest way of infecting end users with malware and stealing sensitive information and that is unlikely to change.

What businesses need to do is to ensure that they have appropriate solutions in place to block the majority of spam emails and prevent them from reaching inboxes, and ensure that employees are well trained and can identify malicious messages when they do get delivered.

Author: NetSec Editor