What is spam?

Every Internet user knows the word ‘spam’ and sees it in their inbox quite often. But not everyone knows that years ago the word ‘spam’ had nothing to do with either the Internet or emails.

‘Spam’ is an acronym derived from the words ‘spiced’ and ‘ham’.

In 1937, the Hormel Foods Corporation (USA) started selling minced sausage made from out-of-date meat. The Americans refused to buy this unappetizing product. To avoid financial losses the owner of the company, Mr. Hormel, launched a massive advertizing campaign which resulted in a contract to provide tinned meat products to the Army and Navy.

In 1937, Hormel Foods began to supply its products to American and allied troops. After World War 2, with Britain in the grips of an economic crisis, spam was one of the few meat products that wasn’t rationed and hence was widely available. George Orwell, in his book ‘1984’, described spam as ‘pink meat pieces’, which gave a new meaning to the word ‘spam’ – something disgusting but inevitable.

In December 1970 the BBC television comedy series Monty Python’s Flying Circus showed a sketch set in a cafe where nearly every item on the menu included spam – the tinned meat product. As the waiter recited the SPAM-filled menu, a chorus of Viking patrons drowned out all other conversation with a song repeating “SPAM, SPAM, SPAM, SPAM… lovely SPAM, wonderful SPAM”, hence “SPAMming” the dialogue. Since then spam has been associated with unwanted, obtrusive, excessive information which suppresses required messages.

In 1993 the term ‘spam’ was first introduced with reference to unsolicited or undesired bulk electronic messages. Richard Dephew, administrator of the world-wide distributed Internet discussion system Usenet, wrote a program which mistakenly caused the release of dozens of recursive messages onto the news.admin.policy newsgroup. The recipients immediately found an appropriate name for these obtrusive messages – spam.

On April 12 1994, a husband-and-wife firm of lawyers, Canter & Siegel, posted the first massive spam mailing. The company’s programmer employed Usenet to advertise the services offered by Canter & Siegel, thus giving a start to commercial spam.

Today the word ‘spam’ is widely used in email terminology, though Hormel tinned meat products are still on sale in the USA.

UCE and UBE

Before we define exactly what spam is, a few words should be said about spam in general and how it is understood in other countries.

Depending on the goals of the sender (spammer), spam (unsolicited bulk email) may contain commercial information, or have nothing to do with it at all. In other words, according to the content of the message, spam is divided into unsolicited commercial email (UCE) and unsolicited bulk email (UBE).

An email may contain information about its content in the SUBJECT field, whilst in the body of the message a sender may explain why they have addresses a recipient without asking their permission and what the recipient must do in order not to get emails from the sender in the future. In other words, if a user wants to unsubscribe from unsolicited emails (opt-out) they must follow the instructions of the spammer, which as a rule, will require information about the user’s email address or the need to call a telephone number (usually a toll-free phone number).

Spammers know that they are sending out unsolicited information and try to make it seem as though they do not want to inconvenience the user through clever use of the SUBJECT field text and the inclusion of an unsubscribe mechanism. In fact, spammers do not care about reducing the inconvenience caused by spam, and what is more, they dodge responsibility for their actions by using spoofed sender addresses, third-party addresses or fake message headings. Their only goal is to impede the identification of the sender and thus to prevent any possible retribution.

The definition of spam

According to Kaspersky Lab, the definition of spam is anonymous, unsolicited bulk email.

Let’s take a closer look at each component of the definition:

Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.

Mass mailing: real spam is sent in enormous quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.

Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam, but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.

It should be highlighted that the words ‘advertising’ and ‘commercial’ are not used to define spam. Many spam messages are neither advertising nor any type of commercial proposition. In addition to offering goods and services, spam mailings can fall into the following categories:

  • Political messages
  • Quasi-charity appeals
  • Financial scams
  • Chain letters
  • Fake spam being used to spread malware

Because some unsolicited correspondence may be of interest to the recipient, a quality anti-spam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence.

True spam should be reviewed or deleted at the recipient’s convenience. Unsolicited correspondence may also be filtered, but this should be carried out carefully because a legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam. Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends who have not previously corresponded with the recipient by email. Unsolicited – yes. Unwanted – not necessarily.

cryptoransom-spam

Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail. Read Full Article

it-threat-evolution-q3-2017

IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article

spam-and-phishing-in-q3-2017

Spam and phishing in Q3 2017

In terms of the average share of spam in global email traffic (58.02%), the third quarter of 2017 was almost identical to the previous reporting period: once again growth was slightly more than one percentage point – 1.05 (and 1.07 p.p. in Q2 2017). As in previous quarters, spammers were quick to react to high-profile events and adapted their fraudulent emails to the news agenda. Read Full Article

spam-and-phishing-in-q2-2017

Spam and phishing in Q2 2017

In Q2 2017, the average share of spam in global email traffic amounted to 56.97%, which was only 1.07 p.p. more than in the previous quarter. One of the most notable events of this quarter – the WannaCry epidemic – did not go unnoticed by spammers: numerous mass mailings contained offers of assistance in combating the ransomware. Read Full Article

nigerian-phishing-industrial-companies-under-attack

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon. Read Full Article

two-tickets-as-bait

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies. Read Full Article