/, Email Security, Spam - non-priority emails/Deceptive spam: the painless attack which uses email marketing codes

Deceptive spam: the painless attack which uses email marketing codes

Do we really know the threats conveyed by email?

Email is known to be the vector of serious threats like phishing, which target credentials; spear-phishing, which usurps the identity of a colleague with the sole aim of inducing a fraudulent wire transfer or sharing of sensitive data; or malwares, which compromise the security of your information system.

However, other threats exist. They are most often associated with scams (such as your unknown uncle in India thanks to whom you will inherit a hundred million dollars and so on) but can also take the form of a legitimate marketing email.

What is deceptive spam?

Deceptive spam is an email which passes itself off as a marketing email, using the graphic codes and vocabulary of marketing email.

Deceptive spam doesn’t contain any attachments or fraudulent links and has the sole goal of monetizing your visit to a remote site.

What then is the interest of deceptive spam? And how do hackers make money with this attack?

As the adage goes, “If it’s free, YOU are the product.” In the case of deceptive spam, the goal is to make you visit a website in return for remuneration.

In current marketing language, this technique is called “affiliate marketing”. An internet site will place a link containing an affiliate identifier and will thus promote a service or object.

For each person who clicks this link and buys a product on the remote site, “the affiliate” (it is their name) is awarded a commission.

Whereas the use of affiliate marketing is current – Amazon uses it a lot – the use of spam to drive traffic to an affiliate site is illegal.

An example of a deceptive spam campaign strategy.

You have certainly already received emails inviting you to connect to a dating site.

This is the case with our example: the victim has received an email inviting them to connect to an online dating site.

 

Deceptive Spam Exemple

However, after clicking, the remote site is not actually an online dating site, but rather an article promoting the best dating sites of 2018.

On this page, each link leading to a dating contains an affiliate code.

 

For each creation of accounts on one of these remote sites, the author of this deceptive spam campaign will be rewarded with a percentage of the subscription price.

Deceptive spam

 

What is the cost of deceptive spam?

The volume of emails adopting this type of strategy is counted in millions each month. Beyond the fact that this type of unsolicited campaign violates the rules of the GDPR, the problem with this type of email resides in its storage and its processing.

With the increase in sizes of email storage accounts, the majority of users do not take the time to suppress emails of no interest and store this type of message indefinitely until the saturation of e-space.

This significant volume of emails is then backed up by enterprises, increasing the costs of storage and bandwidth and slowing down procedures of processing such as indexation.

What is to be done to combat deceptive spam?

If you receive this type of email, it is imperative to define it as “Spam” by selecting it and by clicking on the “SPAM” button. Your report will allow the uploading of the information to the filter allowing the spam to be blocked.

 

Are you the best in fighting phishing emails ?

 

2018-12-04T16:19:38+00:00

About the Author: Sébastien Gest

With experience in the telecoms and startup worlds, Sébastien Gest is a co-board member of MAAWG, and is a Technical Evangelist at Vade Secure.