Recent Experiment Reveals the Growing Psychological Nature of Spam

Spam is not only a nuisance but it also poses a very real threat and is showing no sign of slowing down.

by / July 7, 2008

In McAfee's recent S.P.A.M. (Spammed Persistently All Month) experiment, 50 people from around the world surfed the Web unprotected for 30 days. By taking part in the experiment, participants were given permission to go where most Internet users would not dare, in order to discover how much spam they would attract and what the effects would be. Having studied the daily blogs and analyzed the spam itself, the researchers confirm that spammers are as active as ever; they are increasingly using psychological tricks to lure Internet users to part with their contact details, identity information and cash. The experiment clearly shows that spam continues to evolve, utilizing more local languages and cultural nuances, as well as becoming much more targeted in a bid to avoid detection.

In the first experiment of its kind, the participants from 10 countries received more than 104,000 spam e-mails throughout the course of the experiment. That's 2,096 messages each -- the equivalent of approximately 70 messages a day.

One of the goals was to highlight that, contrary to what people might think, spam is not only a nuisance but it also poses a very real threat and is showing no sign of slowing down. For anyone that has ever wanted to "click" and find out if an offer really is "too good to be true," the McAfee S.P.A.M. Experiment satisfies that curiosity, without any of the risks.

A Pain or Perilous?

Many of the spam messages received were phishing e-mails; e-mails which pose as a trustworthy source to criminally acquire sensitive information such as usernames, passwords and bank account details. Other e-mails carried viruses and many allowed malware to be silently installed on the computers by persuading participants to surf unsafe Web sites. A number of participants noted a decrease in their computers' processing speeds, as well as an increased number of pop-ups.

"Many of our participants noticed that their computers were slowing down, which means that while they were surfing, unbeknownst to them, Web sites were installing malware," said Jeff Green, senior vice president of McAfee Avert Labs. "In just 30 days there was quite a noticeable change in the system performance of their computers. Notably showing just how much malware was being installed without their knowledge. Spam is much more than a nuisance; it's a very real threat."

Especially For You...

The results of the experiment also reveal a shift away from mass spam e-mails towards more targeted campaigns. Foreign language and social engineering spam are two areas in which participants received a larger than anticipated number of e-mails. France and Germany were the two countries that received the most foreign language spam, with 11 percent and 14 percent respectively, something which is expected to increase substantially across the globe in the future.

"If we'd have done this experiment two years ago, I would have expected a much smaller percentage of the spam to be written in a foreign language," said Guy Roberts, director of Avert Labs. "Although this is a small percentage of the overall spam, it's something we expect to grow."

Global Spam League

With the United States being the traditional territory of spammers, participants there were unsurprisingly at the top of the "Global Spam League." Emerging economies such as Brazil and Mexico also took their place in the top five of the Global Spam League, suggesting that spammers are increasingly targeting new regions.

Congratulations ... You've Been Approved For

The most popular subject received was financial spam. For example, pre-approved loans or credit card offers were common, which may be symptomatic of spammers taking advantage of the current personal finance climate and global credit crunch.

Despite its notoriety, people are still being fooled by the 'Nigerian' spam e-mails, where someone

supposedly from Nigeria contacts a user to let them know they are a beneficiary of a long lost relatives' will, in a bid to extract money from them. Internet users in the United Kingdom are most likely to be targeted by a spam e-mail of this nature, with the United Kingdom participants receiving 23 percent of these scams.

The diversity of so-called "social engineering" e-mails (e-mails that play on people's emotions to manipulate them into divulging confidential information) received during the experiment gave McAfee researchers valuable insight into this type of spam; something that they have seen grow significantly in the last five years.

Dave DeWalt, CEO and president of McAfee said: "The Experiment proves to us that even though people think they know the dangers of spam, they don't understand the true extent. Our participants came from all walks of life, from all over the world and, given their interest to take part in the experiment, they were well aware of the problem. Despite this, they were all shocked by the sheer amount of spam they attracted in such a short timeframe and the lengths the spammers would go to in order to achieve success."

"I think we can see from the experiment that spam is undeniably linked to cybercrime, however it is an immense problem and it's simply not going away. It's no longer a question of 'solving' it, but one of 'managing' it."