Despite growing awareness that most of today's unsolicited e-mail constitutes some form of attack, many people continue to open and interact with the spam they receive and expose themselves to the related risks for endpoint infection or personal data theft, researchers contend.
According to the latest numbers published by the Messaging Anti-Abuse Working Group (MAAWG), which aggregates and monitors data provided by some of the world's largest network operators - accounting for over 1 billion in-boxes, people continue to imperil themselves at the hands of spam in spite of knowing the potential dangers.
For instance, even though over 80 percent of today's e-mail users are aware of the existence of botnet programs and the fact that they are propagated via e-mail, tens of millions of end users continue to respond to spam "in ways that could leave them vulnerable to a malware infection," MAAWG said.
MAAWG's conclusions are based on a recent survey of over 1,000 e-mail users in the U.S. and over 500 e-mail users in Canada, France, Germany, Spain, and the U.K.
Over 50 percent of those surveyed admitted that they open spam, click on links in the messages, open attachments to the e-mails, and reply to or forward the unsolicited messages. And while a majority of respondents said that they are aware of the botnet phenomenon and how such infections are typically spread, only one third indicated that they believe their behavior leaves them vulnerable to compromise.
Only 36 percent of respondents to the MAAWG survey said that they acknowledge that opening spam messages increases the likelihood of having their machines infected.
For whatever reason, be it that they think their AV programs provide sufficient protection or they feel that they can discern attacks from more benign marketing ploys, most end users simply do not relate interacting with spam with the potential to be successfully attacked, said Michael O'Reirdan, MAAWG chairman, in a summary of the research.
Only 48 percent of respondents to the survey consider themselves as most responsible for protecting themselves from spam-based threats, while 67 percent believe that anti-virus vendors do a good enough job of stopping the attacks. Some 56 percent of respondents indicated that they trust their own ability to discern malware campaigns from less damaging spam.
Clearly, many people simply aren't seeing the big picture, the experts said.
"When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks," said O'Reirdan.
Part of the problem is that consumers assume that someone else is watching out for them and addressing the spam-malware issue, according to the report.
Overall, some 46 percent of respondents said that they open spam intentionally, though almost half of those do so to complain about or attempt to unsubscribe from the messages. Another 18 percent said that they open the messages just to see what will happen, or because they're interested in the products being advertised.
On top of that, over 11 percent of respondents admitted to clicking on links in spam e-mails, with 8 percent having opened attachments, 4 percent forwarding the notes and another 4 percent replying to the messages.
However, at the same time, some 44 percent of respondents replied that they consider themselves "somewhat experienced" with e-mail security practices.
Perhaps highlighting the fact that people's actions often move counter to their perceptions of themselves, men and e-mail users under 35 years, the demographic groups who consider themselves most experienced with e-mail security by comparison, are more likely to open or click on links or forward spam, according to the MAAWG survey.
For e-mail users under 35 years, over 50 percent admit to opening spam, compared to 38 percent of those over 35. Younger users are also more likely to click on links in spam (13 percent) compared to less than 10 percent of older consumers.
Spam. It's been on our plates for years and we seem to know how sick consuming it makes us, yet we still can't stop ourselves from diving in.
Is anyone else ready to draw a corollary between e-mail consumption and the worldwide obesity epidemic?
Follow eWeek Security Watch on Twitter at: eWeekSecWatch.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.