What Is Spam?

In the vast realm of digital communication, few things are as universally recognised and dismissed as spam. Often considered the junk mail of the cyber world, spam has evolved into a persistent issue for internet users, businesses, and online platforms alike.

The meaning of spam, in the context of cybersecurity, refers to any unsolicited and often irrelevant or inappropriate messages sent over the internet, typically to a large number of users, primarily for advertising, phishing, spreading malware, or other similar purposes. The term is most commonly associated with unsolicited email messages, but it also applies to messages sent via other electronic means, such as instant messaging, social media platforms, or mobile apps.

The fundamental characteristic of spam is that it’s unwanted, meaning the recipient did not grant permission to receive the content. As technology and communication channels have evolved, so has the nature of spam, making it an evolving challenge in the digital age.

Spam’s historical timeline runs parallel with the evolution of digital communication. As technology advanced and provided more communication channels, spam consistently found its way into those channels. Here’s a brief look at its history:

The term “spam” originates from an iconic Monty Python skit from the 1970s where a group of Vikings in a restaurant sings about SPAM, a canned meat product. The relentless and unavoidable repetition of the word “SPAM” served as a metaphor for the pervasive nature of unwanted electronic messages. This comparison took root in the early days of the Internet and soon became the go-to term for describing unsolicited electronic messages.

It wasn’t until 1978 that one of the earliest and most pronounced instances of spam was released. A marketer named Gary Thuerk emailed 393 recipients on the ARPANET (Advanced Research Projects Agency Network, the precursor to the modern internet) advertising a presentation for a new line of computers. This move was met with significant backlash, as it violated ARPANET’s acceptable use policy.

In the 1980s, as Usenet newsgroups became popular, they also became a target for spam. One infamous instance from 1994 involved lawyers Canter and Siegel, who mass-posted a message advertising their immigration law services. The action was widely criticised and is often cited as one of the major incidents that brought spam to the forefront of internet issues.

With the popularisation of email in the 1990s, spam found its most notorious outlet. By the late 1990s and early 2000s, spam emails became a significant problem, prompting the creation of software and filters specifically designed to combat them.

Due to the growing menace of spam email, several countries introduced legislation to curb it. In the U.S., the CAN-SPAM Act of 2003 established national standards for sending commercial emails. Despite these regulations, spam emails remained a challenge, but it also led to the evolution of sophisticated spam filters and other countermeasures.

While email remains a common medium for spam, the phenomenon has spread to other platforms, including instant messaging, social media, blogs, and mobile apps. Today, spam takes various forms, from unwanted SMS messages to unsolicited social media posts.

Over the years, as the internet landscape has expanded and diversified, so has spam. From a simple unsolicited email on ARPANET to sophisticated phishing campaigns on social media, spam remains a persistent challenge, reflecting both the opportunism and adaptability of its perpetrators.

As digital communication platforms have evolved and multiplied, the nature and variety of spam have expanded. While all spam is unsolicited and unwanted, the intent behind these messages can vary widely. Here’s a closer look at some of the most common types:

Spam Email

Perhaps the most widely recognised form of spam, spam emails involve unsolicited messages sent en masse to numerous recipients. These emails range from benign but unsolicited advertisements to malicious email scams containing malware or phishing schemes.

Instant Messaging Spam (SpIM)

Short for “Spam over Instant Messaging”, SpIM is the equivalent of spam email but on instant messaging platforms. Users receive unwanted and unsolicited messages, often from bots or compromised accounts. These can include promotions, advertisements, or links to malicious websites.

Social Media Spam

With the rise of platforms like Facebook, Twitter, and Instagram, spammers have found new avenues to distribute their content. This type of spam can be fake accounts, unsolicited direct messages, or spammy post comments.

Search Engine Spam

Spammers manipulate search engines to display particular content, usually of a promotional or deceptive nature. They use techniques like keyword stuffing, cloaking, or doorway pages to game the search algorithms and achieve higher rankings for spammy content.

Blog Comment Spam

Spammers often flood blogs with irrelevant or promotional comments to generate backlinks or lure unsuspecting users to malicious sites. These comments typically have little to do with the actual content of the blog and may contain links to unrelated sites.

SMS (Text Message) Spam

Like spam email but sent via text message, SMS spam often promotes dubious products, fake contests, or phishing attempts. With the prevalence of smartphones, this type of spam has seen a significant increase in recent years.

Call Spam

Often referred to as robocalls, these are unsolicited pre-recorded calls. They might be advertising a product, making false claims about prizes or lottery winnings, or even trying to scam the recipient.

Trackback/Pingback Spam

Spammers use trackbacks and pingbacks in blogging platforms to notify when one blog links to another. They abuse this feature to generate links to their sites, even if their content is unrelated.

Image Spam

To bypass text-based spam filters, spammers embed text (often advertisements or malicious links) into images. When a user receives an email, they might see an image that, when clicked on or viewed, conveys the spammer’s message or redirects to a malicious site.

In the face of this multitude of spam types, internet users must be vigilant, and businesses must deploy robust measures to guard against these threats. Each type of spam not only represents a potential annoyance but, in many cases, a cybersecurity risk as well.

Spam email, or Unsolicited Commercial Email (UCE), is unwanted and questionable mass-emailed advertisements. At its peak, spam email accounted for 92% of all email traffic, although most of the spam was non-malicious.

Spammers may purchase legitimate mailing lists, but more likely, they use web scraping to collect publicly posted email addresses across the web. Alternatively, they generate contact lists through permutations of names and domains, like firstnamea@gmail.com or firstnamea@gmail.com.

Since spam success relies on volume, spammers system-generate and email the same message to their entire contact list, expecting someone to click. Spammers sometimes add randomly generated phrases or words to the message to make each look different and fool automated email protection filters.

Spam email content usually promotes a product or service and provides contact details for recipients to place an order.

Spam and phishing emails both clutter our inboxes, but they differ fundamentally in purpose and risk. Spam is primarily promotional, often harmless, in showcasing products or services to a broad audience. Typically sent in bulk, spam’s main annoyance lies in its sheer volume, and the worst-case scenario might involve malware infections or minor financial losses.

On the other hand, phishing is a more conniving visitor. Phishing emails are crafted to trick recipients into revealing sensitive information. They may be finely tailored to mimic trusted entities, leveraging urgent calls to action to lure the unsuspecting. While spam is primarily a nuisance, the consequences of falling for a phishing scam are more severe, ranging from identity theft to significant financial repercussions or even large-scale data breaches.

While spam and phishing are unsolicited emails that can pose threats, phishing is more targeted and often poses a greater threat, requiring heightened awareness and caution.

Staying alert to these tell-tale signs can help you navigate your digital communications more safely and confidently.

Combating spam requires a multi-faceted approach tailored to the specific messaging channels. Here’s how you can fortify your defences against various types of spam:

How to Stop Spam Texts

• Enable Built-in Filters: Many smartphones now have built-in spam filters for messages. Ensure they are activated.
• Report Spam Messages: If you receive a suspicious message from an unknown number, report it to your service provider. Forwarding the message to the number “7726” (which spells SPAM) typically works in many regions.
• Be Cautious with Sharing: Avoid sharing your mobile number online when possible.

How to Stop Spam Emails

• Use Email Filters: Most email providers offer email filters that sort suspected spam into a separate folder, keeping your main inbox cleaner.
• Don’t Click on Suspicious Links: Even if an email bypasses filters, always be cautious. Avoid clicking on links from unknown senders.
• Unsubscribe: If you’ve inadvertently signed up for a newsletter or promotion, use the “unsubscribe” link at the bottom of the email.
• Use a Separate Email: Consider using a separate email address for sign-ups or online purchases. This way, your primary email stays less cluttered.

How to Stop Spam Calls

• Register on Do-Not-Call Lists: Many countries offer national do-not-call registries, which can reduce the number of unwanted sales calls.
• Screen Your Calls: If possible, set your phone to only allow calls from your contacts.
• Use Call-Blocking Apps: Several third-party apps can identify and block known spam callers.
• Report Unwanted Calls: After receiving a spam call, report the number to your local authorities or telecom provider.

How to Stop Social Media Spam

• Adjust Privacy Settings: Ensure your social media profiles are set to private and customise who can send you messages or friend requests.
• Be Selective with Accepting Requests: Only accept friend requests or messages from people you know.
• Report Spammers: Use the report feature on platforms like Facebook, Twitter, and Instagram to notify them of spam accounts.

How to Stop Search Engine Spam

• Use Reputable Search Engines: Stick to well-known search engines like Google, Bing, or DuckDuckGo, as they have better spam detection algorithms.
• Install Ad-Blockers: These can filter out many unwanted or potentially malicious links from your search results.

While no method guarantees the complete elimination of spam, combining these strategies can significantly reduce the number of unwanted messages and calls you receive, ensuring a safer and less cluttered digital experience.

Integrating these preventive measures into your daily digital routine will significantly reduce your exposure to potential spam, ensuring a cleaner and more secure online experience.

Combined with Proofpoint’s Advanced Threat Protection, Targeted Attack Protection, and Security Awareness Training, organisations are well-equipped to mitigate spam and other cyber threats. To learn more, contact Proofpoint.