The Many Flavors of Spam That Can Attack Your Network Users

By Doug Lowe

As a network administrator, your job is to keep your users free of spam. Spam is unsolicited and/or unwanted email. That’s a pretty broad definition, but there are several distinct categories of spam:

  • Advertisements: Most spam is advertising from companies you’ve never heard of, trying to sell you products you aren’t interested in. The most common type of product pitched by spam emails are pharmaceuticals, but spam also commonly promotes food supplements, knock-offs of expensive products such as watches or purses, weight-loss products, and so on.

  • Phishing emails: Among the most annoying and dangerous types of spam are phishing emails, which try to get you to divulge private information such as credit card account numbers or passwords. Phishing email masquerades as legitimate email from a bank or other well-known institution and often includes a link to a phony website that resembles the institution’s actual website.

    For example, you might get an email informing you that there was a suspicious charge on your credit card, with a link you can click to log in to verify that the charge is legitimate. When you click the link, you’re taken to a page that looks exactly like your credit card company’s actual page. However, the phony page exists solely to harvest your username and password.

    Another type of phishing email includes an attachment that claims to be an unpaid invoice or a failed parcel delivery notice. The attachment contains a Trojan that attempts to infect your computer with malware.

  • Scams: The most common type of email scam is called an advance-fee scam, in which you’re promised a large reward or prize in the future for advancing a relatively small amount of money now in the form of a wire transfer or money order.

    You may have heard of or actually received the classic scam known as the Nigerian prince scam, in which a Nigerian needs your help to transfer a huge amount of money (for example, $40 million) but can’t use an African bank account. The prince needs to use your personal bank account, and will pay you a percentage — perhaps $1 million — for your help. But you must first open a Nigerian account with a minimum balance — of perhaps $10,000 — to facilitate the transfer. All you have to do is wire the money, and they’ll take care of the rest.

    There are many variations of this story, but they all have one thing in common: They’re too good to be true. They offer you a huge amount of money later, in exchange for a relatively small amount of money now.

  • Ads for pornographic websites: Such websites are notorious for being top sources of viruses and other malware.

  • Get-rich-quick schemes: Pyramid schemes, multilevel marketing schemes, phony real-estate schemes, you name it — they’re all in a category of spam that promises to make you rich.

  • Backscatter: Backscatter is a particularly annoying phenomenon in which your inbox becomes flooded with dozens or perhaps hundreds of nondelivery reports (NDRs), indicating that an email that you allegedly sent didn’t arrive. When you examine the NDRs, you can easily determine that you never sent an email to the intended recipient. What’s actually going on here is that your email address has been used as the From address in a spam campaign, and you’re receiving the NDRs from the mail servers of those spam emails that were not deliverable.

Though technically not spam, many uses consider advertisements and newsletters from companies they have dealt with in the past to be a form of spam. An important element of the definition of spam is the word unsolicited. When you register at a company’s website, you’re effectively inviting that company to send you email.