Nearly 70% of Spam Comes from Russia, Ukraine, Germany and the U.S., New Study Finds

We’ve all been exposed to spam. In some cases, it can reach us via text messages we receive on our mobile devices. In other cases, the schemers behind the misleading messages can operate via social networking platforms using fake or hijacked profiles, direct messaging, or even chat-rooms. Of course, most frequently, spam is sent via email. That is the most convenient form of spamming because all that the attackers need to do is send one misleading message to a bunch of email addresses. The chances of roping people in are slim, which is why the attackers need to send out spam emails to multiple addresses at once. Although we all face spam at one point or another, few of us stop to think where exactly it comes from. According to a report by CSIRO's Data61 researchers, nearly 70% of all spam comes from Russia, Ukraine, Germany, and the United States.

Who are the actors behind spam emails?

A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists is the title of the report that was published by CSIRO's Data61 along with the partners at the Macquarie University, the University of Sydney, and Nokia Bell Labs. According to ZDNet, this report is the largest publicly available dataset of its kind. The experts who conducted a 10-year-long (from 2007 to 2017) research have concluded that spammers, unlike malware distributors, are located in a few specific countries. 35% are located in the United States, 22% in Russia, 9% in the British Virgin Islands, 5% in Ukraine, and 5% in Germany. That comes up to 76% in total. According to the report, it makes sense for such high numbers to be associated with such countries as the United States of America or Germany because of their “rich IT infrastructure.” The only surprise in this list, to be fair, is the British Virgin Islands.

CSIRO's Data61 research team and partners were able to analyze 51.6 million “mal-activity reports” and 2,691 “samples of spammers” to figure out where exactly the spam emails were flooding from. Of course, we still do not know the names of the attackers, and we might never get to learn that. In reality, only 0.01% of all malicious activities are associated with spamming. In comparison, malware is responsible for 90.9% of all malicious activity. That being said, spam emails are often used to help cybercriminals gain knowledge and information that aids in malware distribution, and so it would be a terrible mistake to ignore spammers.

The dangers of spam emails

If you are not familiar with spam emails from a cyber security standpoint, you might not know that they can be used to expose unsuspecting users to highly deceptive virtual scams. One of the most common types of spam emails is the verification request email. Such an email is, allegedly, sent from a bank, a social networking platform, and any other online service that requires passwords or other login credentials to sign in. The fake verification request spam email is sent in the hopes of tricking people into disclosing login credentials. Unfortunately, spammers can set up fake login pages and convincing messages to push gullible users into disclosing sensitive information without raising suspicion. Nowadays, even two-factor authentication can be bypassed to obtain private login information. For example, we recently reported a Gmail phishing scam that involved schemers resetting victims’ passwords and then sending misleading spam emails to trick them into providing additional verification codes, which, unfortunately, made it possible to hijack accounts.

It is not uncommon to encounter a spam email set up to record private data, and it is up to us to recognize misleading messages to protect ourselves. So, what exactly are you supposed to look at to determine if or not the message you received is authentic and harmless? First, you want to look at the sender. Do you recognize it? If you do, does the message make sense? For example, if a co-worker you’ve never talked to before sends you a link to a supposedly funny video, you need to ask yourself if it is possible that their email account was hijacked. Anything out of the ordinary should raise questions. If you do not recognize the sender, does the message make sense? For example, if you have not booked any flights, but you receive a spam email claiming that you need to confirm a flight, you should figure out right away that someone is trying to scam you.

If the message makes sense, is it written in a professional manner? The language of the email can tell a lot. While you do not need to expect a message written by your aunt or a college roommate to be written in an official or professional manner, if you receive messages from banks, delivery companies, or a company trying to sell you something, you need to make sure that they do not contain obvious mistakes. Of course, spammers can be smart too, and so if a message does not make sense, it does not mean that it is legitimate just because the language is correct and the tone of the message is professional. That being said, spammers often leave out grammatical errors and misspellings, and so you need to look out for that.

Finally, you have to beware of enticing deals. Who wouldn’t want to win a lottery? Who wouldn’t want to be the first one to test a new Apple product? Who wouldn’t want to get a pair of RayBan sunglasses for free? Attractive deals are often used by scammers to trick people into clicking misleading links. Once clicked, they can lead people to fictitious phishing websites. In this scenario, spammers can use a legitimate/professional-looking website to trick people into disclosing their full names, telephone numbers, home addresses, and other sensitive data. Using this data, schemers could create more personalized spam emails, and that could help them perform more sophisticated and successful attacks. Spammers could also try to sell you things that you do not need or that, in fact, are free. For example, if you ever receive an email suggesting that you can purchase Cyclonis Password Manager with a huge discount, you should report this spam email immediately because Cyclonis Password Manager is free.

In conclusion…

Schemers set up spam emails to record private data, trick people into visiting malicious websites, or expose them to fake deals. We now know that over a third of all spam emails come from the United States, but, unfortunately, that does not mean that we will start seeing a decrease in numbers of such emails just because we now know where they are coming from. That being said, if you keep yourself informed about the different kinds of methods that spammers can use to trick gullible targets, your chances of being fooled will decrease. The ball is in your hands.

November 7, 2019

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 8 + 7 ?