print   email   Share

Why Some Malware Attacks Scam Us Better Than Others

A study on malware attacks recently released by cybersecurity firm F-Secure found that spam is the most effective method for delivering malware.

According to F-Secure, hackers rely on phishing emails because systems are more protected against other forms of malware attacks. The click rate for email spam increased this year, up to 14.2 percent in 2018.

Among the spam emails that F-Secure examined in spring 2018, 46 percent were dating scams; 31 percent contained links to malicious websites; and 23 percent contained malicious attachments.

Many spam emails first direct users to a safe site before redirecting them to a site containing malware. This helps malware avoid detection. Another way hackers avoid automatic analysis is by asking users to enter a password contained in the body of the email in order to open an attached file.

According to the study, users are 12 percent more likely to open a phishing email if it claims to be from someone they know, and 4.5 percent more likely to open it if the subject line is free of errors. Scammers are also more successful if the email "implies urgency," rather than including "an urgent call to action." Ray Schultz "Dating Scams Are Widely Used In Malware Attacks, Study Finds" (Jul. 31, 2018).


The F-Secure study confirms that most malware is spread through infected email attachments and links to infected websites. Workplace participants must never click on a link or open an attachment, unless the participant is expecting the email and is certain of what is contained in the attachment.

Even then, however, participants should keep up their guards. If a cyber thief has spyware on your computer, they can emulate email that is routine and expected. This is a highly effective form of social engineering.

If an employee suspects an email is spam, participants should never reply to the email because a reply simply confirms to the spammer that the email address is a good one and will simply increase attempts, including targeted phishing, known as spear phishing.

As discussed above, infected spam often originates from dating sites.  Organizations should prohibit access to such sites from their networks.

Finally, your opinion is important to us. Please complete the opinion survey:

Keep me signed in

Forgot password?