If you’ve ever used the Internet, you’ve dealt with spam. From fraudulent Nigerian Princes to socially-engineered phishing attempts to word-salad comments on blog posts, spam’s as much a part of the Internet as pictures of cats. As a result, most of us have kind of just accepted that it exists and moved on.
Those of us who do deal with it too often consider it more of an annoyance than anything. For webmasters, spammy comments can link their domain with bad neighborhoods, hurting their ranking. For everyone else, spam messages simply clog our inboxes, distracting us from stuff that’s actually, y’know…important.
What a lot of people don’t realize is that spam is more than just an annoyance; it’s a threat. Unmanaged, spam actually represents one of the biggest security risks on the web. For this reason, spam protection isn’t just about SEO or quality of life – it’s about security.
I should explain.
Data breaches, large-scale malware infections, and the rash of DDoS attacks are dangerous, sure. They’re all issues that security experts need to address for their organizations. At the same time, they also aren’t something you’re likely to encounter on a daily basis.
Spam, on the other hand, is. It’s next to impossible to use the web without encountering at least one fraudulent email, one comment made by a bot, or one malicious contact request. What makes spam so difficult to categorize under the security umbrella is, I think, primarily related to the fact that the risk it represents is very often an indirect one.
That is, it’s not the generally the messages itself that put users at risk – it’s what they contain.
“Grand terms like cyberwar or cyberterror may grab headlines, but just like in real life, it’s the bad neighborhoods that pose the biggest danger to everyday Internet users,” writes Josh Smith of The National Journal, citing a number of web experts. What he means is that spam messages very frequently contain links to sites that are laden with viruses, malware, and adware. Users who click through could end up infected; worse still, they could carry that infection over to other websites.
It’s not just links, either. Emails, for example, can very easily contain malicious code that executes when it’s opened, or a socially-engineered phishing attack that makes off with vital credentials.
“Spam continues to be a security problem for enterprises and large organizations, given that it can be a malware carrier or infection vector for targeted attacks,” reads a Trend Micro advisory.
Spam is often considered a lesser security threat by many – if it’s even considered at all. This is a mistake. By neglecting such attacks to focus on bigger, scarier security threats, webmasters and decision makers toe a dangerous line.
They could well find themselves brought down by the little guys while they’re focused on the heavy hitters.