Who really falls for spam, anyway?

• Tweet

July 16th, 2009 - Posted by Kent

Any conversation about spam usually comes down to this assertion: that spam is so obviously fraudulent that no one could ever fall for it, right? I worked for five years hunting spam for one of the web's big three search engines, and here's the truth: spam is so cheap, that spammers only need a few people to fall for their methods for them to make a living. That's common knowledge among spammers and those who hunt them. Even though I mostly worked with search engine spam, the principal is the same for email. Every day at my job, we stared in disbelief at clearly fraudulent websites wondering just who would ever click on them.

Remember that PT Barnum quote, "there's a sucker born every minute"? Well, he didn't actually say it. But that doesn't make the sentiment any less true.

According to a recent survey covered in PC World: "about one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day." Yup, one out of every six of us has been a sucker at some time. But it's important to look at what they mean by "acted on." It just means they opened a piece of spam email; it doesn't necessarily mean that they actually bought the Viagara.

So, how many bought? PC World points to another study, this one conducted by the University of California, showing that, "the number people who actually made a purchase following a spam pitch was just a fraction of a percent." With a customer base that low, how do they make money?

We're back to the idea of margins. Spam is cheap; it's not a quality business. But also, not all spam is designed to drive a transaction. Some of it is just designed to infect your computer with malware. Access to infected computers is often sold on the black market to other hackers. This can happen with email or search engine spam.

We're told that in the first study, "nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security." Anecdotally, I can tell you that even experienced Internet users will admit to being phished or tricked into clicking on spam, whether through email, a social networking site, or a search engine result.

As the article suggests, you should keep your machine patched with regular software updates. Also, be careful what you click on. Finally, consider using some type of Internet security software that can alert you to malicious links and protect your system from viruses and unauthorized access. You can see our comparisons and read our reviews here.