Jaden Geller is giving up his Gmail inbox. The 26-year-old San Francisco security engineer has been battling an explosion of spam in his free email account for months, including email lists he never signed up for and obvious scams. He thinks the address has been compromised beyond saving.
“I was better at deleting spam messages at first, but then it became unmanageable,” said Geller. “I used to archive all messages. Now this is very uncomfortable. I'm checking my inbox less often, not seeing everything and making it all messy."
Email spam is an age-old problem that many people may have forgotten or at least made peace with. Thanks to improvements in email providers' automatic filters and third-party services, the early 2000s onslaught of sketchy Viagra offers and promises of contest wins have been kept out of sight. The spam cascade has become a leaky faucet, with only a few dodgy emails showing up in our inboxes alongside a bunch of legitimate marketing emails that are often our authorship.
Quit or Pay: What to Do When You Run Out of Free Google Storage
But over the course of the pandemic — particularly the last six months — many people using free email services have noticed a wave of unwanted scams. emails slipping through the filters and landing in their inboxes. Gmail users have been talking a lot about the problem, and some are so overwhelmed by spam that they're trying to figure out what they can do about it. Fortunately, the Help Desk is here to help.
What is the problem?
More spam than usual appears to be making its way through the automatic filters of some free email services, particularly Google's 18-year-old Gmail. According to cybersecurity firm Proofpoint, there was a 30% increase in spam volume last year across all services. The company detected an additional 10 billion spam messages in December alone.
Free email like Google's Gmail, Microsoft and Yahoo's Outlook and Hotmail have built-in tools to detect junk email and move it to another location (usually a folder called "Spam" or "Trash") where you can still see it. or ignore them forever. There are paid third-party filtering options for companies that host their own email, but not many for the free email services used by billions of people around the world. On the other side of the issue are professional criminals and marketers, constantly looking for new ways to bypass email filters and reach their targets.
“Spam is dynamic, unpredictable and takes many forms,” said Bjorn Grubelich, product manager for Google's Gmail Counter-abuses. He says that Google uses machine learning models to detect and filter new threats and that it blocks more than 99.9% of spam, phishing and malware from reaching Gmail users.
What does spam want from me?
The term spam covers a variety of annoying emails, mostly to access your money or information (which in turn can make spammers money).
There are marketing emails that you may or may not have unintentionally opted-in to after buying boots online or signing up for a newsletter. Companies may also obtain your information from lists they purchase by subscribing you to mailings without your consent. The next tier down is filled with less legitimate operations that are still trying to sell things like unapproved drugs. (Pharmaceutical scams mostly target the United States, where there is no nationalized healthcare, says Chester Wisniewski, principal research scientist at security firm Sophos.)
The anatomy of a ransomware attack
Phishing emails are attempts to trick the recipient into providing confidential information, such as a password or credit card number. Then there are malware emails that want you to download an attachment that will give the sender access to your computer. They are intended to collect sensitive financial or personal information or to release something like aransomwareattack.
In the past, malicious spam focused more on the use of techniques such as viruses. Now that computers are better at automatically updating to fix security holes, spammers are targeting people with social attacks, using techniques such as impersonating real companies or people. They are exploiting human weaknesses more than computer weaknesses.
“Since the attacks are social, I think they are worse. There's nothing I can put on your computer that will help you not get scammed,” Wisniewski said.
What's behind the spam boom?
Unwanted spam email has become more profitable than in the past, according to Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint. Attacks have become more sophisticated and personal during the pandemic, and there has been a wave of spam targeting people working from home, capitalizing on their fears by promoting fake covid treatments, masks and tests.
The vast majority of spam comes from Russia and neighboring countries, say cybersecurity experts. Groups specialize in different parts of the process, so one might just sell email lists, while another will send a complete message to a customer, figure out ways to bypass spam filters, or deal with money laundering.
“Attackers are getting smarter,” said Jeremy Ventura, senior security strategist at cybersecurity firm Mimecast. “Their tactics and techniques are evolving.”
How Ransomware is Affecting Ordinary People
Proofpoint, which has a product that filters spam messages for businesses, says that over the last six months it has noticed that spammers are increasingly using Google services like Docs or Drive to host their attacks, surpassing Microsoft, which is also widely used.
In response, Google's Grubelich said: "We are deeply committed to protecting our users from phishing abuse on our services and are continually working on additional measures to block these types of attacks as methods evolve." The company says it "can" scan files like Google Docs when they're shared.
What can you do about it?
Minimizing spam isn't easy, and eliminating it completely is probably impossible. The best hope is that email providers can adjust their filters and AI to combat the latest attacks. But here are some steps you can take.
Be smart about security:Most of your spam is probably more annoying than dangerous. Yet, use astrong and unique passwordand enable two-factor authentication for your account. If you are a Google user, do theGoogle security check.
Disable automatic image loading:When spammers receive any indication that your email was received (you opened the email or clicked on a link), you are marked as an even bigger target for future spam. Make sure your email settings are set to not automatically upload any images from unknown senders, which makes it difficult to use tracking pixels. There are options for this in most email applications, such as Apple's Mail, and web-based email, such as Outlook and Gmail.
Use an alias for online accounts:Every time you sign up for something online with your email address, you risk it (and other information about you) ending up with third-party marketers or being exposed in a hack or data breach. One way to keep your email address unknown is to not use it for anything other than personal correspondence or important accounts like your bank.
You can set up a second email address just for logins and purchases and let that inbox become a marketing junk bin. Another option is to use an alias. In Gmail you can make emails with your real address with “+Facebook” or “+Sephora” at the end, to use on specific sites. At least you'll know who leaked your email if it ends up being sold on a list.
Apple recently added a feature calledhide my emailthis takes it a step further by allowing you to sign up for accounts using a unique anonymous email address generated for you. It's for any Apple user accessing a website that works with Sign In With Apple. iCloud+ subscribers can generate more addresses on any website from their iOS devices.
The Three Worst Things About Email and How to Fix Them
Do not click unsubscribe in the email:Because some malicious spam looks identical to legitimate marketing spam, avoid clicking the "unsubscribe" link in the email unless you are certain it is from this company. Instead, you can allow your email service to unsubscribe for you.
Report spam if you wish:Flag the email as spam. Doing so won't have an immediate impact on your life – that spammer has already moved on – but it does give your email provider more information to try and stay ahead of them.
Dust off your email detective skills:Do not trust email. If it looks like it's from someone you know personally but it seems a little off, text or otherwise contact them to be sure. If you get any sort of alarming email from a big company saying there's been a big charge or an update on an order you don't remember placing, be wary. On a computer, hover over the links to see where the URLs go, and read carefully for typos like "BesttBuy.com".
See how your email is compromised:Enter your email address athaveibeenpwned.comand see how many violations it has appeared in. (Security experts we spoke to trust the site.) Consider using a password manager, which can alert you when different passwords show up in hacks and breaches, or even if they're just easily guessed or overused.
The nuclear option, start from scratch:If your email address is a scammer's database and every e-commerce company's mailing list, you can start from scratch with a new address just for personal or business communication. If you use this old address for online accounts, do not delete it or you will have to update contact information for each account. If you are looking for an alternative to Gmail, considerProtonmail.com.Outlook.com,Zoho.comorHey.com.
Help Desk: Making Technology Work for You
Ajuda Centralis a destination built for readers looking to better understand and take control of technology used in everyday life.
Take over control:Sign up for The Tech Friend newsletterfor direct conversations and advice on how to make your technology a force for good.
Technology tips to make your life easier:10 tips and tricks forcustomize iOS 16| 5 tips for making your gadgetbatteries last longer| How to regain control of ahacked social networksaccount | How to avoid falling andspreading misinformationon-line
Data and Privacy: A Guide to All the Privacy Settings You Should Change Right Now. We went through settings for the most popular (and problematic) services to give you recommendations.Google|Amazonas|Facebook|Venmo|Litter|Android
Ask a question:Send the Help Desk your personal technology questions.
- Workout content is taking social media by storm. Here's how to banish it. March 15, 2023Workout content is taking social media by storm. Here's how to banish it. March 15, 2023
- Want to drink less in 2023? These habit tracking apps can help. December 21, 2022Want to drink less in 2023? These habit tracking apps can help. December 21, 2022
- The Long and Lonely Wait to Recover a Hacked Facebook AccountNovember 21, 2022The Long and Lonely Wait to Recover a Hacked Facebook AccountNovember 21, 2022