#129: How to Stop Email Spam

Office Operations

I hear this question or a variation of it all the time in Facebook groups and in forums: “I’m battling an explosion of spam – mailing lists I never signed up for, obvious scams – and I think my email address is compromised beyond repair. What can I do?”

For those of us who have a business, keeping on top of email is part of our daily tasks and it’s just not possible to ignore it (unlike my husband’s Yahoo account with 15,000 unread emails dating back to 2009; every time I have to check something in his email, my blood pressure goes up).

Email spam is an old problem that many people may have forgotten about or, at least, made peace with. Thanks to improvements in automatic filters from email providers and third-party services, the early 2000′s onslaught of sketchy Cialis offers and cheap toner ink were mostly kept out of sight. The spam waterfall became a leaky faucet, with just a few iffy emails showing up in our inboxes alongside a bunch of legitimate marketing emails that are, often, our own doing.

In this video, I give you 8 things you can do today to help minimize spam.

Welcome to a new Systems Sunday! Today’s episode is a bit longer because I’ll be talking about a tech topic: email spam. It’s starting to break through again and here’s what you can do to minimize it.​

I am Lisa Wells, Your Virtual Assistant Trainer.

I hear this question or a variation of it all the time in Facebook groups and in forums: I’m battling an explosion of spam – mailing lists I never signed up for, obvious scams – and I think my email address is compromised beyond repair. What can I do?

For those of us who have a business, keeping on top of email is part of our daily tasks and it’s just not possible to ignore it. Unlike my husband’s Yahoo account with 15,000 unread emails dating back to 2009 – every time I have to check something in his email, my blood pressure goes up.

Email spam is an old problem that many people may have forgotten about or, at least, made peace with. Thanks to improvements in automatic filters from email providers and third-party services, the early 2000′s onslaught of sketchy Cialis offers and cheap toner ink were mostly kept out of sight. The spam waterfall became a leaky faucet, with just a few iffy emails showing up in our inboxes alongside a bunch of legitimate marketing emails that are, often, our own doing.

But over the course of the pandemic — particularly in the past six months — many people using free-email services have noticed a surge of unwanted scam emails slipping through the filters and landing in their inboxes. Gmail users have been most vocal about the issue, and some are so overwhelmed with spam they’re trying to figure out what they can do about it.

Heather Kelly from the Washington Post did a great job with her article addressing this problem, so I cite her work throughout this episode.

What’s the problem?

First, more spam than usual appears to be getting through the automatic filters on some free email services, particularly Google’s Gmail. We are not talking a small increase, we are talking billions of messages more per month. One cybersecurity firm, Proofpoint, detected 10 billion additional spam messages in December 2021 alone.

Free email such as Google’s Gmail, Microsoft’s Outlook and Hotmail, and Yahoo have built-in tools for detecting junk mail and moving them to another location (usually a folder called “Spam” or “Junk”) where you can still see them or ignore them forever. You have to remember that you are competing with professional criminals and marketers who are constantly looking for new ways to outsmart email filters and reach their targets, which isn’t easy. “Google uses machine learning models to detect and filter out new threats, and that it blocks more than 99.9 percent of spam, phishing and malware from reaching Gmail users” (Bjorn Grubelich, product manager for Gmail Counter-abuses).

Second, unwanted spam emails have become more profitable than they were in the past. Attacks have become more sophisticated and personal during the pandemic, and there has been a rush of spam targeting people working from home, capitalizing on their fears by pushing fake Covid treatments, masks, and tests. I’ve seen them all.

The vast majority of spam comes from Russia and neighboring countries, say cyber security experts. It’s not just a guy sitting in his mother’s basement either. These groups specialize in different parts of the process so one might just sell email lists, while another will send out an entire blast for a client, figures out ways around spam filters, or handles the money laundering. I get hit every month from card testers – they buy a low-end product from my website and use hundreds of credit card numbers to test and then sell that information, these groups are sophisticated.

What does spam want from you?

Spam is an all-encompassing term that can mean annoying emails, which is meant to access your money or your information.

There are marketing emails that you may or may not have unwittingly opted into after buying something like clothing online or signing up for a newsletter. Believe it or not, companies can also get your information from lists that they buy, signing you up for mailings without your consent.

The next tier down is filled with less legitimate operations that are still trying to sell things like unapproved medications or fake testing kits.

Phishing emails are attempts to trick the recipient into handing over sensitive information, like a password or credit card number. They do this by sending what looks like an email from a reputable company, asking you to verify your information or alert you to something that went wrong and asking you to change your password.

Then there are malware emails that want you to download an attachment that will give the sender access to your computer. These are those emails that say “Hey here’s a video, is that really you?” with a link that could execute a file on your computer. They play on our natural curiosity and aim to gather sensitive financial or personal information or launch something like a ransomware attack.

In the past, malicious spam focused more on using techniques such as viruses. Now that computers are better at auto-updating to patch security holes, spammers are targeting people with social attacks, using techniques like impersonating real companies or people. They’re exploiting human weaknesses more than computer weaknesses.

What can you do about it?

Minimizing spam isn’t easy, and getting rid of it completely is likely impossible. The best hope is that the email providers are able to adjust their filters and artificial intelligence (AI) to counter the latest attacks. But here are some steps you can take.

1. Be security smart: The majority of your spam is likely more annoying than dangerous. Still, use a strong and unique password, and turn on two-factor authentication for your account. If you’re a Google user, do the Google Security Checkup.

2. Turn off auto-load for images: When spammers get any indication that their email was received (you opened the email or you clicked on a link), you are marked as even more of a target for future spam. Make sure your email settings are set to not load any images from unknown senders automatically, which makes it harder for them to use tracking pixels. There are options for this in most email apps like Apple’s Mail and web-based email like Outlook and Gmail.

3. Use an alias for online accounts: Every time you sign up for something online with your email address, you risk it (and other information about you) ending up with third-party marketers or being exposed in a hack or data breach. One way to keep your email address unknown is not to use it for anything other than personal correspondence or important accounts, like your bank.

You can set up a second email address that’s just for logins and purchases, and let that inbox become a dumpster of marketing emails. Another option is to use an alias. On Gmail you can make emails that are your real address with “+Facebook” or “+Sephora” at the end, to use for specific sites. At least you’ll know who leaked your email if it ends up being sold on a list.

Here’s what that looks like:

If your email is janedoe@gmail.com, add a “+” alias before the @ symbol.

janedoe+facebook@gmail.com
janedoe+systemssunday@gmail.com

4. Don’t click unsubscribe in the email: Because some malicious spam looks identical to legitimate marketing spam, avoid clicking the “unsubscribe” link in the email unless you’re certain it’s from that company. Instead, you can let your email service unsubscribe for you.

5. Report spam, if you want: Flag the email as spam. Doing so won’t have an immediate impact on your life — that spammer has already moved on — but it does give your email provider more information to try to stay ahead of them.

6. Dust off your email detective skills: Trust no email. If it looks like it’s from someone you know personally but seems a little off, text or contact them another way to be sure. If you get any kind of alarming email from a major company saying there’s been a large charge or an update on an order you don’t recall making, be suspicious. On a computer, hover over any links to see where URLs go, and read closely to see if there are typos like “BesttBuy.com.”

7. See how compromised your email is: Plug your email address into haveibeenpwned.com and see how many breaches it has appeared. (The site is trusted by the security experts we spoke to.) Consider using a password manager, which can alert you when different passwords appear in hacks and breaches, or even if they’re just easily guessable or overused.

8. The nuclear option, start from scratch: If your email address is a scammer’s database and every e-commerce companies’ mailing list, you could start fresh with a new address just for personal or work communication. If you use that old address for online accounts, don’t delete it, or you’ll have to go through and update contact information for every single one. If you’re looking for an alternative to Gmail, you could consider Protonmail.com. Outlook.com, Zoho.com, or Hey.com.

If you enjoyed this episode and want more tips and strategies on web security, check out my Creating Your Small Business Web Security Plan. After you read this guide and implement the easy strategies and how-tos, you will:

  • have a sound security plan
  • be able to implement secure policies for your team and/or clients
  • have peace of mind

You can find a link to the product below or visit my VA Business Builder Boutique and click on Shop.

Resources mentioned in the video:

Did you enjoy this episode and want to put it into action? Check out this training guide!

Creating Your Small Business Web Security Plan

Original price was: $20.00.Current price is: $15.00.

It doesn’t matter if you’re a Fortune 500 or a one-page site, we are ALL at risk.

That is why I wrote this ebook with YOU in mind. After you read this guide and implement the easy strategies and how-tos, you will:

  • have a sound security plan
  • be able to implement secure policies for your team and/or clients
  • have peace of mind
Sale!

0 Comments

Ready to get the most out of your viewing time?

Pick a collection below to get actionable, momentum-building advice with what you need help with right now.

WORKING WITH CLIENTS

Setting rates, client boundaries, & onboarding systems

MARKETING

Social media, email marketing, automation, & funnels

OFFICE OPERATIONS

Processes, planning tools, outsourcing, & scaling systems