Email and IM Safety

Go back to Topic Center

Cyber Criminals & Spam


More than 121 billion spam emails traverse the Internet each day, according to The Radicati Group, Inc., a Palo Alto, CA, marketing research firm. Spam has grown from a mere annoyance into something that can be quite dangerous. Cyber criminals are getting more sophisticated in their scams and phishing schemes, which are designed to steal personal data and financial information. They also exploit innumerable security flaws in web applications, PC operating systems, and software.

Spammers and virus creators are motivated by money and backed by organized crime on a global scale. They are also launching massive attacks on anti-spam organizations in an attempt to bring them down. Below are some frequently asked questions about spam and spammers with answers from experts.

How do spammers get my email address?

Spammers buy lists from brokers that continuously harvest email addresses from newsgroups, chat rooms, web sites, Internet directories, and more. Spammers also run dictionary attacks, throwing billions of combinations of words and numbers at an email database to find valid address combinations.

Am I safe if I just ignore all the obvious spam I get offering cheap prescriptions, free adult sites, and cure-alls?

Spamming has grown from innocuous fun to serious—often criminal—money-making business or damaging, disruptive threats. Since its origin, spam has been used to spread viruses; but lately, the emails are getting trickier and the malicious programs they sneak onto users’ systems are getting nastier and harder to detect. Identity theft is also on the rise—gangs of cyber criminals use Trojans* spread by email that transmit back stolen data from infected computers.

Even scanning these suspicious emails in “preview” mode can be dangerous. Delete them immediately, but most importantly, be sure you have automatically updated anti-spam, anti-virus, anti-spyware, and other critical security software in place to ward off attacks and safeguard your digital assets.

* A Trojan horse program is a malicious program that pretends to be a benign application.

What are some common phishing scams?

People are being tricked by email phishing scams that masquerade as legitimate business communications from their bank, mortgage provider, credit card company, PayPal, or eBay. Spammers hijack these companies’ domain names and set up fake web sites. Cheap Internet phone service has put a new twist on these scams. They’re directing people to call a fake customer service phone number to give up their user ID and pin.

Other popular spam-based Internet scams include foreign lotteries, investment schemes, chain letters, credit repair offers, advance-fee loan deals, check overpayment cons, and work-at-home ploys. Complaints can be filed through the site.

Anti-spam coalitions stress the importance of using up-to-date anti-virus, anti-spam, anti-spyware, and firewall software. The McAfee® Product Comparison Guide is a great resource to help users choose trusted solutions to filter out spam, block viruses and spyware, and protect against new threats as they emerge.

What are spam zombies/proxy hijackers?

Spammers are constantly devising ways to get around Internet service provider (ISP) countermeasures. Cyber criminals have long used spamware to infect PCs with Trojans that turn them into proxy “spam zombies,” controlled remotely to send out floods of email without the owner’s knowledge. Newer, even more dangerous spamware can instruct the hijacked proxy to generate spam via the user’s ISP mail-relay system. Advanced bots also automatically scan their environment and propagate themselves.

Cyber gangs control botnets—groups of tens of thousands of these zombie PCs—and rent them out to hackers and spammers by the hour for cheap mass-mailing campaigns, Denial of Service (DoS) attacks, and data theft. They also use them to send untraceable spam offering child pornography and illegal drugs. The trend is towards smaller, more nimble groups of bots used for targeted financial attacks. These are quick and nasty, and are designed to get around server security tools that detect larger botnets.

For up-to-the-minute information including a list of prominent spammers, the Spamhaus organization tracks the current top-10 worst international spammers, top-10 worst spam-service ISPs, and top-10 worst spam-hosting countries.

What about mobile devices?

A significant number of text messages sent to mobile phones are spam. Virus writers are also targeting smart phones and PDAs with Trojans that exploit Bluetooth and Multimedia Message Service (MMS) to crash systems, install malicious software, steal number lists, or transmit personal data to other devices. McAfee is leading the industry in the development of cell phone security to deter threats from email, instant messaging, and Internet downloads.

What is “splog”?

Weblogs, commonly called blogs, are seeing a huge rise in spam. This “splog” is an onslaught of junk postings that look like real user comments but instead contain advertising links to web sites. Sploggers are also using software to create thousands of fake blogs that contain ad links. This is done to trick Internet search engines. Search engines rank a web site in part by how many other sites link to it: More links boost a site's visibility, resulting in more traffic.

What’s being done about spam?

Unfortunately, spammers typically move faster than the laws passed to control them. Some cases make it to court, but law enforcement doesn’t yet have the focus or the resources to effectively combat spam. ISPs are countering by using sophisticated tools specifically designed to recognize advanced coordinated attacks and remove stealth rootkit programs. But hackers quickly respond by designing bots that make viruses increasingly invisible. There is smart technology on both sides of the fence, and it’s a head-to-head battle. Email filters are an indispensable tool but they’re not enough—spam must be neutralized at the source.

The web industry is debating several measures designed to cut down on spam. One is to require all mass marketers to pay postage to send email. Another is to have bulk e-mailers post a bond and let recipients decide which emails are junk. A fee for each rejected email would come out of the marketer’s bond. Models that hit mass e-mailers in the wallet are projected to significantly decrease spam by forcing them to target much smaller groups.

What about email authentication systems?

Email authentication systems are being re-pitched by the industry. These reduce spam by further improving email filters and by making it harder for spammers to fake their addresses. An example is the Microsoft® Sender ID, which is a specification that verifies an e-mail’s authenticity by ensuring the validity of the sender’s server. Email authentication combined with accreditation and reputation services will give a very good indication of whether a message should be junked or whether it is actually from the company it says it is. Success of the initiatives will depend on whether the industry can come together to set and adopt implementation standards.

How can I reduce spam?

To reduce spam, don’t display your email address in public—newsgroups, chat rooms, web sites, or online service directories. You should understand privacy policies and forms, and use opt-out options. Try setting up two email addresses, one for real use and one for newsgroups and chats. Use an ISP that fights spam (see for a list). An email filter and PC spam blocking software are absolutely critical. The McAfee® Internet Security significantly reduces your chances of becoming a victim, and gives you a worry-free Internet experience. For true peace of mind, consider the McAfee Total Protection™ Suite.

Back to top


The Ultimate Security:

McAfee® Mobile Security 

McAfee® Mobile Security

Connect with confidence and protect your most personal device


PC Infected? Get Expert Help Now!

McAfee Virus Removal Service 

Connect to one of our security experts by phone. Have your PC fixed remotely – while you watch!


Available daily, 24x7.