Home > IT Blogs > Security Corner > “Of Course, I Never Reply to Spam – Except Sometimes”
>>VIEW ALL POSTS  

Security Corner

«
»
Jul 27 2009   8:50PM GMT

“Of Course, I Never Reply to Spam – Except Sometimes”



Posted by: Ken Harthun
Botnet, E-mail scam, Email security, Phishing, Secure Computing, Security, security awareness, spam

Sounds funny, doesn’t it?  But that’s part of the title of a consumer survey recently completed by the Messaging Anti-Abuse Working Group (MAAWG): “A Look at Consumers’ Awareness of Email Security and Practices or ‘Of Course, I Never Reply to Spam – Except Sometimes.‘” The report is issued in two parts: Part 1 is a summary of the results; Part 2 is the actual survey data complete with charts. Here’s an excerpt from the report’s abstract:

This survey was commissioned by the Messaging Anti-Abuse Working Group (MAAWG) to gain a better understanding of consumers’ awareness of the risks associated with viruses and “bots” spread through email and to determine how the industry can best work with consumers in dealing with important messaging threats.  The research covers bot awareness and also asks the frequently voiced question: “Why did you click on that spam link?”  It identifies the specific actions consumers take to protect themselves against viruses and junk mail, looks at consumers’ attitudes toward virus mitigation, and seeks to quantify and understand consumers’ email habits.

One of the most striking results from this research is that while 82% of consumers are aware of “bots” and malware threats, only 20% believe there is a very good chance their computers could get infected.

What surprises me is the high percentage of consumers who are aware of bots; what doesn’t surprise me is that most of those have a “won’t happen to me” attitude.

The real eye opener in this study is the responses to survey question 12: “If you have ever clicked on a link or replied to an email that you suspected was spam, why did you take this action?” The majority of respondents (52%) said they had clicked or replied. 17% said they “made a mistake.” It happens, especially if you have a twitchy clicker finger. There’s no excuse for the 12% who said they were “interested in the product/service” being offered nor the completely clueless 6% who “wanted to see what would happen.” Unbelievable! It’s these people who are the reason spam won’t go away. They’re also the folks whose PCs I have to clean up on a regular basis.

Fellow security professionals, we have our work cut out for us.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

MichaelSeese  |   Aug 14, 2009  5:07 AM (GMT)

A few years ago, I wrote an op-ed piece comparing surfing the Internet with driving a car. In the earliest days of the automobile, one did not need an operator’s license to drive a car. But once they became bigger, faster, and more prevalent, people began dying in accidents. Driving an automobile went from being a right to being a privilege, and users had to prove they were sufficiently competent to merit that privilege.

I see the same thing with the modern computers and the Internet. If you are careless about security, you certainly will impact your system. But if you allow your PC to become compromised, it becomes a tool for the bad guys to harm others.

So perhaps we need to establish a minimum knowledge baseline that an individual must demonstrate he has acquired before being allowed to use a computer.

Draconian? Sure. But when your carelessness can impact me, I have a right to expect you to know what you’re doing,

– Michael Seese, CISSP, CIPP
author of Scrappy Information Security