Revealed: the most dangerous words in spam email
Spam has been a constant irritation of mine since lawyer couple Laurence Canter and Martha Siegal dropped the first commercial use of junk mail on Usenet in 1994. In the decades that have followed, spam has gone from being an annoyance to a real danger, a primary source of social engineering campaigns spreading malware and other scams.
Some things have improved. People don’t buy dedicated anti-spam software to weed the stuff out of their inboxes anymore, as just about every mail platform worth its salt comes with a decent spam filter built-in. The downside is that the spammers and scammers are expert evading filter defences.
How do you fight it? By knowing what to look for. That’s a great starting point for corporate awareness training exercises in particular. And as luck would have it, a new report has just landed in my inbox, which might help in this regard.
The analysts over at secure email validation specialists ZeroBounce have taken a close look at email datasets for spam detection in search of the words that recur the most, as well as pose the most danger, in scam mails.
Frankly, the results aren’t altogether surprising – but the numbers attached are educational to say the least. These represent frequency, click-through rates and potential infection or damage rating.
Most dangerous words in spam email
The least surprising finding was that ‘money’ tops the list of dangerous words. It has an astonishingly high infection and danger rate of 83.56%. Frequency and click-through rates are also high enough to give it a combined and weighted score of 81.68, raising it above ‘investment’ in second place. Although investment has a lower weighted score, it has the highest infection rate of 89.64%.
The remainder of the top ten words to watch is, in order:
- credit
- billion
- free
- loan
- debt
- cash
- cost
- income
The sharp-eyed among you will have probably noticed that the theme here is financial. Again, not surprising as most scams, and plenty of social engineering campaigns for that matter, rely upon knee-jerk reactions to something a victim thinks will make them money or provide a service for free.
It’s human nature to at least be interested in such offerings, and resisting the urge to respond as directed is key to avoiding the security incident trap.
“Every day, scammers are becoming more sophisticated in the increasingly digital world,” said ZeroBounce CEO, Liviu Tanase.
“They often use words like ‘money’ or ‘important’ to grab your attention and create a false sense of urgency or opportunity, making it easier for people to let their guard down.”
Identifying red flags is vital if users are to start resisting the temptation to take things at face value and stumble into scams and schemes that could open the doors for a breach of your systems. Words have never mattered more.
In other news…
NEXT UP
The European Union’s Best Cities for Tech Workers
We crunched hundreds of data points and ranked the 45 best cities for tech workers in the European Union – here’s the list.
Why hospitals should prioritise EDMS over EPR
Jon Pickering explains why he thinks healthcare organisations should implement an electronic document management system before an electronic patient record system
Sean Evers, VP of Sales at Pipedrive: “When you truly understand and stand behind your product, it shows – and that’s what builds trust”
We interview Sean Evers, VP of Sales at Pipedrive, to discover how he’s using his two decades of sales experience – and why it’s so important to stand behind your product.