Revealed: the most dangerous words in spam email

Spam has been a constant irritation of mine since lawyer couple Laurence Canter and Martha Siegal dropped the first commercial use of junk mail on Usenet in 1994. In the decades that have followed, spam has gone from being an annoyance to a real danger, a primary source of social engineering campaigns spreading malware and other scams.

Some things have improved. People don’t buy dedicated anti-spam software to weed the stuff out of their inboxes anymore, as just about every mail platform worth its salt comes with a decent spam filter built-in. The downside is that the spammers and scammers are expert evading filter defences.

How do you fight it? By knowing what to look for. That’s a great starting point for corporate awareness training exercises in particular. And as luck would have it, a new report has just landed in my inbox, which might help in this regard.

The analysts over at secure email validation specialists ZeroBounce have taken a close look at email datasets for spam detection in search of the words that recur the most, as well as pose the most danger, in scam mails.

Frankly, the results aren’t altogether surprising – but the numbers attached are educational to say the least. These represent frequency, click-through rates and potential infection or damage rating.

Most dangerous words in spam email

The least surprising finding was that ‘money’ tops the list of dangerous words. It has an astonishingly high infection and danger rate of 83.56%. Frequency and click-through rates are also high enough to give it a combined and weighted score of 81.68, raising it above ‘investment’ in second place. Although investment has a lower weighted score, it has the highest infection rate of 89.64%.

The remainder of the top ten words to watch is, in order:

  • credit
  • billion
  • free
  • loan
  • debt
  • cash
  • cost
  • income

The sharp-eyed among you will have probably noticed that the theme here is financial. Again, not surprising as most scams, and plenty of social engineering campaigns for that matter, rely upon knee-jerk reactions to something a victim thinks will make them money or provide a service for free.

It’s human nature to at least be interested in such offerings, and resisting the urge to respond as directed is key to avoiding the security incident trap.

“Every day, scammers are becoming more sophisticated in the increasingly digital world,” said ZeroBounce CEO, Liviu Tanase.

“They often use words like ‘money’ or ‘important’ to grab your attention and create a false sense of urgency or opportunity, making it easier for people to let their guard down.”

Identifying red flags is vital if users are to start resisting the temptation to take things at face value and stumble into scams and schemes that could open the doors for a breach of your systems. Words have never mattered more.

In other news…

Avatar photo
Davey Winder

With four decades of experience, Davey is one of the UK's most respected cybersecurity writers and a contributing editor to PC Pro magazine. He is also a senior contributor at Forbes. You can find him at TechFinitive covering all things cybersecurity.

NEXT UP