Internet threats associated with spam

August 2011

Fishing rod coming out of a computer monitorWhen you think of electronic spam, among the first things you might think of are those pesky unsolicited e-mails from commercial vendors trying to sell you something you don’t need.

Spam, however, can be much more than a nuisance. When it tricks you into opening an infected attachment or clicking on a nasty link, you can wind up with serious damage to your computer or risk to your personal information. Indeed, fraud artists who are able to take advantage of spam to steal your particulars may raid your bank account, ring up charges on your credit card, or even put a mortgage on your house.

At the Office of the Privacy Commissioner of Canada, we want to help you protect yourself and your computer by understanding the online threats most commonly associated with spam.

  • Address harvesting: A technique used by spammers to automatically compile lists of e-mail addresses for their bulk electronic mail-outs. The process uses a computer program to troll the Internet for addresses found, for example, on people’s websites.
  • Botnet: Widely considered one of the biggest online threats today, a “botnet” is a network of computers infected by malicious software robots, or “bots”. The originator of the botnet, who is usually a spammer or criminal, controls the botnet remotely and automatically. Your computer can become compromised without your knowledge when, for example, you open an infected attachment in a spam e-mail, click on certain pop-up windows, or visit a booby-trapped website. Because of their ability to grow rapidly and without attracting attention, botnets threaten the stability of the Internet and online services.
  • Hand coming out of a computer monitorDenial-of-service (DoS) attack: An attacker attempts to make a computer system, typically owned by a government or corporate target, unavailable to its users. This can be done by flooding an organization’s e-mail account or bombarding its website. When, for example, a bank is targeted, customers may be prevented from accessing their online bank or credit-card accounts.
  • Dictionary attack: Another technique used by spammers to compile address lists. In this technique, a computer program guesses live e-mail addresses by methodically trying multiple name variations within a particular group of e-mail domains, such as Hotmail or Gmail.
  • Malware (malicious software): Malware, often sent through spam, is software that is installed for harmful purposes. It has many forms, such as viruses, worms, spyware, and keyloggers. Worms and viruses have many evil aims, including slowing down or otherwise interfering with the functioning of your computer or network. Spyware secretly spies on your computer, usually to collect personal information without your knowledge. Through keylogging, a person unknown to you can covertly record and monitor your keystrokes, thus picking up important information such as your online banking password.
  • Phishing:  This is a type of fraud in which a scammer attempts to impersonate a reputable person or organization, such as a bank or another enterprise with which you may have done business. The swindler sends a phony e-mail that may ask you to confirm details about your account or to supply other personal information by clicking on a bogus link.

One popular phishing scam “alerts” you that there has been a security breach involving your account, and that you need to supply certain information to make things right. The message will typically also warn you that failure to provide the requested information will lead to the termination of your account or other penalties.  There has, of course, been no such breach; the fraudster is only trying to trick you into divulging your username and password, in order to log into your account.

Hand with a credit card coming out of a computer monitorAn increasingly common phishing swindle involves e-mails that appear to come from disaster-relief charities. They direct you to a phony website, which in turn seeks a credit card donation. By supplying your credit card number, however, you won’t be helping the needy; you’ll only give a fraud artist the means to line his own pocket.

Phishing can also be done by text and voicemail messages. For example, a con artist sends an e-mail asking you to phone a number, where you hear a voice message that sounds like it could come from a legitimate and reputable organization. Here, too, the motive is to trick you into supplying personal information for somebody else’s financial gain.

Spam can carry serious online threats to your personal and financial information, and the proper functioning of your computer. Once you recognize suspicious and potentially harmful electronic messages, however, you can resist the temptation to open them, click on the links they suggest, or open or forward attachments. You are always best to delete these messages immediately and unopened.

For further information, please see our fact sheet on spam and a list of tips to help you safeguard your personal information online.  For information on Canada’s new anti-spam law, please visit www.fightspam.gc.ca.

Date modified: