Spam 101: Spam Origin and Ways to Report it
What is email spam? English Oxford Dictionary defines spam as “Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.”.
The research reported by Statista shows that in September 2017 the global spam volume accounted for 59.56% of the total email traffic. Thus, for marketers to be successful understanding spam is critical.
The Origin of Term Spam
The Internet term spam comes from a ‘Monty Python’ comedy group. They aired an episode set in a café where every item on the menu included spam. When the waitress would mention the word “spam”, a group of Vikings would then start to sing: spam, spam, spam, lovely spam! Wonderful spam!.
Even though unwanted, it kept popping up on the menu. Doesn’t that remind you of something?
The First Spam
There are several myths about the first spam incidents. One of the better-documented cases considered the first instance of spamming involves Richard Depew.
In 1993, he accidentally posted around 200 duplicated messages in the newsgroup (using Usenet at the time). That is a good way to make history, huh? Shortly after, Joel Furr was the first person to officially coin the term spam.
Why do People Still Spam?
Unfortunately, spamming is still very popular, making life much harder for genuine marketers. Many are looking for a quick buck, falling for various systems promising big earnings. Thus, they might not even understand what they are doing. Unfortunately, some are aware that they are sending unsolicited emails, but they are still taking the risk for any gains they may get from anyone responding to those emails.
Others will mass mail with malicious intent, for example, trying to spread a virus. Again, many of these present opportunities to senders to get money, such as using ransomware malware to lock the infected devices asking for money or a purchase of some system to rescue the equipment and its data.
Some businesses use spammy email techniques to try to gain audience or web traffic, and of course, get profits out of it. Fortunately, countries have created laws trying to stop or at least reduce unsolicited emails, make spammers accountable and protect your data and privacy.
Laws are Here to Help
There are many laws and regulations around the world that concern about such unwanted mail. For example, in the US there is a well known CAN-SPAM legislation to protect our rights and punish offenders. In Canada, Canada’s Anti-Spam Law (CASL) regulates commercial electronic messages, the consent and protection of personal information. GDPR, or General Data Protection Act, will look after citizens of the European Union.
Penalties are big – CASL ones can reach as high as $10 million, each violation of CAN-SPAM can cost you $40,654, and GDPR can fine up to 4% of annual global turnover or €20 Million.
You can find the official websites for more detailed information here:
- America’s CAN-SPAM Act: A Compliance Guide for Business
- Canada’s Anti-Spam Law: Law on Spam and other Electronic Threats
- GDPR: The EU General Data Protection Regulation
Many companies ask to report such emails and provide their guidelines on how to do it. There are several ways to report junk mail:
- You can report them to your email provider. Either send them an email and make sure you state that you are complaining about being spammed.
- Always mark these email as junk or spam, this is also called as making an abuse complaint.
- If you can identify the sender’s email provider, try reporting the spammer to them too.
- Federal Trade Commission asks to report unwanted commercial email messages to this email address email@example.com – read more about the FTC views about spam here
- In the UK you can report cybercrime and fraud, online scams and viruses in the Action Fraud website
- You can also report spam to Google
It is also useful to regularly visit the FTC Scam Alerts page.
Show and Tell
I will dedicate this section to trying to raise awareness about these fraudulent emails. I will find the recent spammy emails and will review them here.
So today I want to show one of the many scammy emails reaching my junk mail. It is very popular these days for scammers offer big amounts of money, for example, a big winning or unexpected inheritance from a long-lost relative.
This time I got an ‘official letter from federal bureau of investigation FBI’. Naturally, all CAP is a must, the louder you shout, the more people might pay attention, right? The senders are also using familiar, well-known terms, such as FBI, putting urgency adding the adjective official. Their strategy is to try to construct a sentence with these key terms to grab attention.
Pay attention to the subject line? Does it make sense? Is it what you would expect in that unlikely scenario where you are actually contacted by law enforcement (though I do not think they send such emails!).
Pay attention to the subject line? Does it make sense? Is it what you would expect in that unlikely scenario where you are contacted by law enforcement (though I do not think they send such emails!). This subject line informs me that a special agent from the FBI sent me this message from his desktop (it does not make sense – but the senders are trying to make it sound like this email came right from a desk in the FBI).
The agent introduces as Andrew Castor, so let’s google him – and well well, the first result indeed shows that there is a person called Andrew James Castor in the FBI – currently serving as Deputy Associate Deputy Director. So the senders did at least some research when creating this scammy email.
When you read the email, find things that don’t make sense. For example, mismatch of titles. He wants you to contact a bank a person from the Bank of America. Bank of America employees do not use weird Gmail accounts for their work.
Now, we all know that is junk mail – trying to pull me into a scam and get my personal information. To sum up, look for these in such scammy communications:
- The purpose of the email. Who are the senders and what do they want from you? For example, to get your personal details, a click, a download, a reply, a payment or even eventually a copy of your passport?
- Watch for typos and ALL CAPS. The latter aims to pose urgency and to try and convince you of the importance of the matter.
- Would a company mentioned in the email use that email address for their work?
- Is the email encrypted? This particular example clearly isn’t – see the red alert:
- Check the sender domain, from and reply to details. In this case, I would expect the FBI work email to have a domain of fbi.gov (or at least something similar!). Definitely not water.ocn.ne.jp or gmx.us.