Spam may be in the eye of the beholder.
While spam is on the rise, Canadians are choosing to click on spam out of curiosity, according to a study released by Ipsos-Reid.
After a steady decline since 2003 in the amount of spam received by Canadians, that number is up again, according to “E-mail Marketing 2007: Spam or Marketing – Do Canadians Know the Difference?”
From 2003 to 2005 spam levels remained flat, due to the efficiency of ISPs, anti-spam software, anti-spam legislation and more consumer awareness, said Steve Mossop, president of Ipsos Market Research in Western Canada.
“All of a sudden this year it increased 51 per cent,” he said. “We double-checked and triple-checked – we were astounded by that. But somehow the spammers managed to get through.”
However, 26 per cent of Canadians click through spam messages – on average eight to 12 pieces per week. And that number has been consistently increasing for the past five years. “We like to say how much we hate spam,” said Mossop, “but if they’re doing it, they must like it.”
The average number of unsolicited e-mails received has jumped from 86 per week in 2005 to 130. But Canadians are opening these e-mails, mainly because of curiosity (61 per cent) or wanting to know more about a product or service (25 per cent). It’s not until later down in the list that people say they were duped or tricked into opening spam.
“People are clicking through because they want to find out what’s there, and that perpetuates the industry,” said Mossop. The same holds true for permission-based marketing – it only becomes spam, in the eye of the beholder, if it’s too frequent or it becomes irrelevant.
But there are different types of spam, and new forms of spam can be much more harmful to an organization than traditional spam.
Traditional spam tries to sell you something – like Viagra – and is based on a mathematical model of sending out a large number of spam in the hope that a few people will respond.
“The emerging type of spam today is arising from the fact that spammers are teaming up with organized crime,” said Claudiu Popa, president and CSO of security consultant Informatica Corp. “They want to infect your computer – they want to steal your information by sending out phishing and social engineering requests.”
These spammers are also using novel ways of bypassing spam filters, such as using digital certificates to send spam to employees of a company.
Organizations should use a spam filter that “learns” to recognize spam, since spam shares characteristics with all other spam – so there’s no way for a spammer to consistently bypass that spam filter.
“If you have an intelligent anti-spam filter and a way to recover legitimate messages that have been filtered as spam, then you’re on the right track,” he said.
Canadian firms are reporting more security attacks this year than in 2006, yet they’re more confident in their ability to defend against those attacks, said David Senf, director of Canadian security and software research with IDC Canada.
Spam is the No. 1 security issue which Canadian firms worry about, he added. But, while spam is rated as highly likely to occur, its impact on the organization is not rated as high as other threats, such as viruses and worms.
Anti-virus, anti-spam and anti-spyware software are widely deployed in Canada, whereas other security measures such as vulnerability assessments and identity management have been overlooked by many organizations.
“Many firms are overwhelmed by the breadth of threats they need to worry about and the rapid change in the threat environment,” said Senf. “One of the other issues they’re dealing with is training employees to do the right thing.”
As a result, we’re seeing more managed security services occurring in Canada (two-fifths of Canadian organizations are using managed security services to some degree, according to IDC).
But, if curiosity is driving users to click on spam, then an anti-spam filter will at least cut down on the amount of spam they’re receiving in the first place. “If they have a good filter,” said Popa, “they won’t see it, so they won’t click on it.”