Spouting Shite

Why do Spammers Spam?

I have spent almost 10 years writing software to protect my clients from spam and viruses. I am continually asked why do spammers send out their filth. Is there a reason, or is it just spotty teenagers having a laugh?

The first thing that people must understand is that there wouldn’t be spam if there wasn’t money in spam. There are three business models of a spammer:

1. Sales
2. Advance Fee Fraud
3. Identity Theft

Sales:
It might seem odd to most people, but, people actually buy stuff that they read about in spam emails. Spammers have a lucrative trade in diet pills, Viagra and porn. This trade is worth millions and is growing.
Advance Fee Fraud…. fools and their money are easily parted:
The ‘Advance Fee’ fraud has been around for generations and it will continue to be one of the biggest forms of email threat…because it works. Two oft-posed questions are “how could they be so stupid?”, and “surely everyone is aware of these scams by now?”

This involves sending emails or faxes to potential victims around the world, offering a highly attractive but false financial deal. Commonly the criminal says they need help in getting money out of the country with promises to share the rewards with the victim.

In 2006, a report by a research group concluded that Internet scams in which criminals use information they trick from gullible victims and commonly strip their bank accounts cost the United Kingdom economy £150 million per year, with the average victim losing £31,000.
Identity Theft:
Once a spammer has successfully hooked a victim into one of their ‘Advance Fee Fraud’ scams they must now find a way to collect the money. Identity theft and phishing is the easiest way to get this done, especially due to the complexity and risk of opening false bank accounts.

The scan usually takes the form of an email that supposedly comes from your bank and asks you to verify your personal details. Once a victim is hooked the fraudster firstly clears out the bank account and then uses the account to accept the payments from ‘Advance Fee Fraud’ victims. Using the compromised bank account as a staging post relies upon the fact that banks will probably not notice a few large suspicious transactions upon a normal bank account…especially if the account has been open for a few years.

It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totalling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims. In 2007 phishing attacks escalated. 3.6 million adults lost US $ 3.2 billion in the 12 months ending in August 2007. In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to £23.2m in 2005, from £12.2m in 2004, while 1 in 20 computer users claimed to have lost out to phishing in 2005.