Email spam is on the rise again. Here's what you can do to minimize it. (2023)

Email spam is an age-old problem that many people may have forgotten or at least made peace with. Thanks to improvements in email providers' automatic filters and third-party services, the early 2000s onslaught of sketchy Viagra offers and promises of contest wins have been kept out of sight. The spam cascade has become a leaky faucet, with only a few dodgy emails showing up in our inboxes alongside a bunch of legitimate marketing emails that are often our authorship.

But over the course of the pandemic — particularly the last six months — many people using free email services have noticed a wave of unwanted scams. emails slipping through the filters and landing in their inboxes. Gmail users have been talking a lot about the problem, and some are so overwhelmed by spam that they're trying to figure out what they can do about it. Fortunately, the Help Desk is here to help.

More spam than usual appears to be making its way through the automatic filters of some free email services, particularly Google's 18-year-old Gmail. According to cybersecurity firm Proofpoint, there was a 30% increase in spam volume last year across all services. The company detected an additional 10 billion spam messages in December alone.

Free email like Google's Gmail, Microsoft and Yahoo's Outlook and Hotmail have built-in tools to detect junk email and move it to another location (usually a folder called "Spam" or "Trash") where you can still see it. or ignore them forever. There are paid third-party filtering options for companies that host their own email, but not many for the free email services used by billions of people around the world. On the other side of the issue are professional criminals and marketers, constantly looking for new ways to bypass email filters and reach their targets.

“Spam is dynamic, unpredictable and takes many forms,” said Bjorn Grubelich, product manager for Google's Gmail Counter-abuses. He says that Google uses machine learning models to detect and filter new threats and that it blocks more than 99.9% of spam, phishing and malware from reaching Gmail users.

The term spam covers a variety of annoying emails, mostly to access your money or information (which in turn can make spammers money).

There are marketing emails that you may or may not have unintentionally opted-in to after buying boots online or signing up for a newsletter. Companies may also obtain your information from lists they purchase by subscribing you to mailings without your consent. The next tier down is filled with less legitimate operations that are still trying to sell things like unapproved drugs. (Pharmaceutical scams mostly target the United States, where there is no nationalized healthcare, says Chester Wisniewski, principal research scientist at security firm Sophos.)

Phishing emails are attempts to trick the recipient into providing confidential information, such as a password or credit card number. Then there are malware emails that want you to download an attachment that will give the sender access to your computer. They are intended to collect sensitive financial or personal information or to release something like aransomwareattack.

In the past, malicious spam focused more on the use of techniques such as viruses. Now that computers are better at automatically updating to fix security holes, spammers are targeting people with social attacks, using techniques such as impersonating real companies or people. They are exploiting human weaknesses more than computer weaknesses.

“Since the attacks are social, I think they are worse. There's nothing I can put on your computer that will help you not get scammed,” Wisniewski said.

Unwanted spam email has become more profitable than in the past, according to Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint. Attacks have become more sophisticated and personal during the pandemic, and there has been a wave of spam targeting people working from home, capitalizing on their fears by promoting fake covid treatments, masks and tests.

The vast majority of spam comes from Russia and neighboring countries, say cybersecurity experts. Groups specialize in different parts of the process, so one might just sell email lists, while another will send a complete message to a customer, figure out ways to bypass spam filters, or deal with money laundering.

“Attackers are getting smarter,” said Jeremy Ventura, senior security strategist at cybersecurity firm Mimecast. “Their tactics and techniques are evolving.”

Proofpoint, which has a product that filters spam messages for businesses, says that over the last six months it has noticed that spammers are increasingly using Google services like Docs or Drive to host their attacks, surpassing Microsoft, which is also widely used.

In response, Google's Grubelich said: "We are deeply committed to protecting our users from phishing abuse on our services and are continually working on additional measures to block these types of attacks as methods evolve." The company says it "can" scan files like Google Docs when they're shared.

Minimizing spam isn't easy, and eliminating it completely is probably impossible. The best hope is that email providers can adjust their filters and AI to combat the latest attacks. But here are some steps you can take.

Be smart about security:Most of your spam is probably more annoying than dangerous. Yet, use astrong and unique passwordand enable two-factor authentication for your account. If you are a Google user, do theGoogle security check.

Disable automatic image loading:When spammers receive any indication that your email was received (you opened the email or clicked on a link), you are marked as an even bigger target for future spam. Make sure your email settings are set to not automatically upload any images from unknown senders, which makes it difficult to use tracking pixels. There are options for this in most email applications, such as Apple's Mail, and web-based email, such as Outlook and Gmail.

Use an alias for online accounts:Every time you sign up for something online with your email address, you risk it (and other information about you) ending up with third-party marketers or being exposed in a hack or data breach. One way to keep your email address unknown is to not use it for anything other than personal correspondence or important accounts like your bank.

You can set up a second email address just for logins and purchases and let that inbox become a marketing junk bin. Another option is to use an alias. In Gmail you can make emails with your real address with “+Facebook” or “+Sephora” at the end, to use on specific sites. At least you'll know who leaked your email if it ends up being sold on a list.

Apple recently added a feature calledhide my emailthis takes it a step further by allowing you to sign up for accounts using a unique anonymous email address generated for you. It's for any Apple user accessing a website that works with Sign In With Apple. iCloud+ subscribers can generate more addresses on any website from their iOS devices.

Do not click unsubscribe in the email:Because some malicious spam looks identical to legitimate marketing spam, avoid clicking the "unsubscribe" link in the email unless you are certain it is from this company. Instead, you can allow your email service to unsubscribe for you.

Report spam if you wish:Flag the email as spam. Doing so won't have an immediate impact on your life – that spammer has already moved on – but it does give your email provider more information to try and stay ahead of them.

Dust off your email detective skills:Do not trust email. If it looks like it's from someone you know personally but it seems a little off, text or otherwise contact them to be sure. If you get any sort of alarming email from a big company saying there's been a big charge or an update on an order you don't remember placing, be wary. On a computer, hover over the links to see where the URLs go, and read carefully for typos like "BesttBuy.com".

See how your email is compromised:Enter your email address athaveibeenpwned.comand see how many violations it has appeared in. (Security experts we spoke to trust the site.) Consider using a password manager, which can alert you when different passwords show up in hacks and breaches, or even if they're just easily guessed or overused.

The nuclear option, start from scratch:If your email address is a scammer's database and every e-commerce company's mailing list, you can start from scratch with a new address just for personal or business communication. If you use this old address for online accounts, do not delete it or you will have to update contact information for each account. If you are looking for an alternative to Gmail, considerProtonmail.com.Outlook.com,Zoho.comorHey.com.