Do we really know the threats conveyed by email?
Email is known to be the vector of serious threats like phishing, which target credentials; spear-phishing, which usurps the identity of a colleague with the sole aim of inducing a fraudulent wire transfer or sharing of sensitive data; or malwares, which compromise the security of your information system.
However, other threats exist. They are most often associated with scams (such as your unknown uncle in India thanks to whom you will inherit a hundred million dollars and so on) but can also take the form of a legitimate marketing email.
What is deceptive spam?
Deceptive spam is an email which passes itself off as a marketing email, using the graphic codes and vocabulary of marketing email.
Deceptive spam doesn’t contain any attachments or fraudulent links and has the sole goal of monetizing your visit to a remote site.
What then is the interest of deceptive spam? And how do hackers make money with this attack?
As the adage goes, “If it’s free, YOU are the product.” In the case of deceptive spam, the goal is to make you visit a website in return for remuneration.
In current marketing language, this technique is called “affiliate marketing”. An internet site will place a link containing an affiliate identifier and will thus promote a service or object.
For each person who clicks this link and buys a product on the remote site, “the affiliate” (it is their name) is awarded a commission.
Whereas the use of affiliate marketing is current – Amazon uses it a lot – the use of spam to drive traffic to an affiliate site is illegal.
An example of a deceptive spam campaign strategy.
You have certainly already received emails inviting you to connect to a dating site.
This is the case with our example: the victim has received an email inviting them to connect to an online dating site.