It's not just you: spam is back

3d image of an email icon in space
(Image credit: Getty Images)

Hello. Are you looking for a part-time job to supplement your income? Or perhaps you're sick to the back teeth of spam messages formatted exactly like this one? After living through an era of relative peace and quiet—at least as far as our inboxes were concerned—filth has begun to bubble up from the sewers and run openly through our communication channels again. Emails, texts, social media DMs, Discord fraudsters, even outright phone calls: malicious and maddening messages are on the rise, soaking up valuable brain space with their nonsense. 

Brian Honan, who provides advice on cybersecurity as CEO of the Dublin firm BH Consulting, has a few theories as to why spam is making an unwanted comeback. "I think it's been numerous drivers," he tells me. "The first one is the natural evolution of technology. We have become more and more reliant and engaged in the online world. That was happening anyway, but it was accelerated by the pandemic." 

Plague of spam

Parents and grandparents, many of whom would never have created online accounts were they not suddenly the only means to see family or buy groceries, spent 2020 thinking up temptingly unsecure passwords and handing over bank details to internet retailers. And then came the remote workers.

"Access to corporate email and messaging systems was cumbersome, particularly at the start of the pandemic," Honan points out. "So they might have set up alternatives like Slack, or used WhatsApp for communicating with friends and colleagues. You had a lot of businesses suddenly engaged with those platforms inadvertently. And it's very hard to move somebody back from a platform that intuitively is much more user friendly than a corporate system is. So yes, the pandemic did bring more and more people online, and the criminals could see that."

It's important not to mistake the crude language and laughable hail marys of spam emails for the work of bedroom chancers. Companies like Honan's are up against organised criminal gangs, who get involved in cybercrime because of the low risk of prosecution when targeting foreign nationals.

(Image credit: Jeremy Peel)

"Many of them actually have office buildings where people come in," Honan says. "They're sitting at desks, working away. We monitor activity, and you can see patterns—there's a 9-to-5 in the region they're in, and they stop working at the weekends. This is highly, highly professional." These teams share knowledge, and engage in concerted research to work around the protections of messaging platforms—whether by rewording emails so as not to trip automatic filters, or using accounts that haven't been flagged as suspicious.

Lately, they've been changing tactics. While criminals still find success through spam email, they're also going after less protected platforms. Since telecom providers now make very little money from SMS messages, they're no longer investing in securing those services—and gangs are taking advantage. "That's why people have been getting these text messages," Honan says. "Pretending to be from your bank, delivery companies or the health service, saying you've been in close contact with a COVID-19 [positive] person, click here to register for a test. They ask you for your credit card details, and they're gone with that information." 

In late 2022, Europol took down iSpoof, a website through which fraudsters impersonated trusted mobile contacts and are estimated to have stolen more than £100 million. The operation resulted in 142 arrests—an indication of the scale of the threat.

Birdsong 

(Image credit: Theo Wargo (Getty Images))

You can blame Elon Musk for some of the noise, too. The tech baron's very loud takeover of Twitter has resulted in a well publicised reduction of its staff (opens in new tab), which in turn is likely to have attracted criminals hoping to exploit new vulnerabilities. "Staff have been laid off, and that has maybe taken the human element out of checking on the stuff, and the automated systems may not be as effective [if they] aren't being kept up to date because the staff aren't there to look after it," Honan says. My own DM inbox certainly suggests something is amiss—gradually filling up with requests from strangers asking for help in managing their tens of millions of dollars.

Gaining access to a social media account is a particular win for criminals, since they can then "psychologically build on peoples' trust networks" by masquerading as the real account owner. "You get messages from friends saying, 'I'm in Paris, I've just been mugged, I've lost my passport and my wallet, and this person has lent me their phone. Can you transfer me £400 so I can get a train ticket home?' They will use that familiarity." 

Close friendships made through gaming, where contact is often rooted in text chat and rarely face-to-face, are particularly ripe for exploitation. And gaming accounts, with their many convertible free-to-play currencies and level 70 MMO characters, are juicy targets.

"If your password is phished, or that gaming platform is compromised, the password you use for that site will be used by the criminals to try and get into all your other gaming platforms as well," Honan warns. "My message would be, just because you're on a gaming platform, don't assume there's nothing of value in it. Firstly, there's your personal information and all your contacts. And potentially, what you've built up over the years can become valuable.

"I've known of accounts to be hijacked and held to ransom. If you've been in World of Warcraft for 10 years, and somebody says they're gonna delete your account, would you pay $100 for it?"

What can you do about it? 

(Image credit: Bethesda)

Some of Honan's advice might be familiar, but it bears repeating. Passphrases are better than passwords—no matter how many letters you've cleverly replaced with numbers—since they're harder to guess. It's worth using a password manager, so that you can have a unique phrase for every platform you use without the hassle of trying to remember them all. And definitely enable multi-factor authentication wherever it's available, to thwart any crooks that do slip through.

As for silencing the constant babble of spam: that's trickier. "There are third-party tools you can get to filter spam messages, but unfortunately, it's kind of like Whac-A-Mole," Honan says. "For example, I have an iPhone. I got a spam message this morning, so I manually blocked the number. I won't get another message from that number, but they'll just move on and use another one.

"Your best bet is to use whatever spam filtering features are on your device or your platforms, make your online profiles private, and only accept messages from people who are in your trusted circle." That might not feel like a realistic option for many. But if you want to give yourself a tiny dose of hope and agency, you can make an effort to report obvious spam to messaging platforms so that their filters learn to hoover it up in future. And perhaps take solace in the knowledge that we're all doing the same—fighting in a shared spamphitheatre to push back a familiar, daily annoyance. I guess we got that part-time job after all.