Even people who consider themselves sophisticated about Internet security are at risk of downloading malware or viruses, an expert says. We're not as careful as we think we are.
Do some of us actually believe there are hot singles in our towns eagerly awaiting our response?
Yep.
More than half of e-mail users surveyed by the Messaging Anti-Abuse Working Group, an anti-spam trade organization, had clicked on a mail they suspected to be spam. A full third had sent a response of some kind to the spammer; one in eight was actually interested in buying the product or service being shilled.
The question posed to 800 computer users in the U.S. and Canada: What made you click on that spam?
David Ferris, a principal at analytics firm Ferris Research, said in comments accompanying the report, "The volume of people who still respond to spam is regrettable, because it's an economic incentive to spammers."
The group, which released its findings last week, estimates that 85% to 90% of all e-mail is "abusive," with even a minuscule response rate driving "a booming spam-driven underground economy."
University of California researchers last year infiltrated the world of spam, offering a peek of the scale of the problem. Diverting 350 million of the spam e-mails generated by the Storm botnet, researchers racked up just 28 "sales" in 26 days for their own fictitious product, a penile-enlargement product offered at just under $100. But those 350 million e-mails represented just 1.5% of the spam generated by that bit of malicious code. Using their own response rate and extrapolating it to the entire botnet, researchers concluded its spammers could make as much as $3.5 million a year.
It happens . . . to someone else
Yet users were far too cavalier about the threat from e-mail-spawned viruses, the Messaging Anti-Abuse Working Group warned. Only 10% of computer users believed themselves at risk of downloading malware, the survey found, while 43% said it was, for them, impossible or extremely unlikely.
When it came to identifying spam, two-thirds used the sender's name as a gauge, followed by 45% who looked at subject lines and 22% who spotted other "visual indicators." About 3% relied on the time a message was sent to identify its legitimacy.
"You might assume that the more technically savvy you are, the less likely you are to be hit by a virus, but that is not true," Ferris Research said in its comments. "Our previous research indicates that the more you use computers, the more likely you are to get hit by a virus."