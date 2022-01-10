Email spam is breaking through again. Here's what you can do to minimize it

Jaden Geller is giving up on his Gmail inbox. The 26-year-old security engineer in San Francisco has been battling an explosion of spam to his free email account for months, like mailing lists he never signed up for and obvious scams. He thinks the address has been comprised beyond saving.

"I was better about actually deleting spam messages at first, but then it became unmanageable," Geller said. "I used to archive every single message. Now that's too much of a hassle. I'm checking my inbox less frequently, not looking at everything, and leaving it in a messy state."

Email spam is an old problem that many people may have forgotten about or, at least, made peace with. Thanks to improvements in automatic filters from email providers and third-party services, the early 2000′s onslaught of sketchy Viagra offers and promised contest winnings were mostly kept out of sight. The spam waterfall became a leaky faucet, with just a few iffy emails showing up in our inboxes alongside a bunch of legitimate marketing emails that are, often, our own doing.

But over the course of the pandemic — particularly in the past six months — many people using free-email services have noticed a surge of unwanted scam emails slipping through the filters and landing in their inboxes. Gmail users have been most vocal about the issue, and some are so overwhelmed with spam they're trying to figure out what they can do about it. Fortunately, the Help Desk is here to help.

What's the problem?

More spam than usual appears to be getting through the automatic filters on some free email services, particularly Google's 18-year-old Gmail. According to cybersecurity firm Proofpoint, there has been a 30 percent increase in the volume of spam this past year across services. The company detected 10 billion additional spam messages in December alone.

Free email such as Google's Gmail, Microsoft's Outlook and Hotmail, and Yahoo have built-in tools for detecting junk mail and moving them to another location (usually a folder called "Spam" or "Junk") where you can still see them or ignore them forever. There are paid third-party filtering options for companies that host their own email but not many for the free email services that are used by billions of people around the world. On the other side of the issue is professional criminals and marketers, constantly looking for new ways to outsmart email filters and reach their targets.

"Spam is dynamic, unpredictable, and takes many forms," said Google's Bjorn Grubelich, product manager for Gmail Counter-abuses. He says Google uses machine learning models to detect and filter out new threats, and that it blocks more than 99.9 percent of spam, phishing and malware from reaching Gmail users.

What does spam want from me?

The term spam encompasses a variety of annoying emails, mostly out to access your money or information (which in turn can make spammers money).

There are marketing emails that you may or may not have unwittingly opted into after buying boots online or signing up for a newsletter. Companies can also get your information from lists that they buy, signing you up for mailings without your consent. The next tier down is filled with less legitimate operations that are still trying to sell things like unapproved medications. (The pharmaceutical scams largely target the United States, where there is no nationalized health care, says Chester Wisniewski, principal research scientist at security company Sophos.)

Phishing emails are attempts to trick the recipient into handing over sensitive information, like a password or credit card number. Then there are malware emails that want you to download an attachment that will give the sender access to your computer. They aim to gather sensitive financial or personal information, or launch something like a ransomware attack.

In the past, malicious spam focused more on using techniques such as viruses. Now that computers are better at auto-updating to patch security holes, spammers are targeting people with social attacks, using techniques like impersonating real companies or people. They're exploiting human weaknesses more than computer weaknesses.

"Because the attacks are social, I think they're worse. There's nothing I can put on your computer that's going to help you not be tricked," Wisniewski said.

What's behind the spam surge?

Unwanted spam emails have become more profitable than they were in the past, according to Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint. Attacks have become more sophisticated and personal during the pandemic, and there has been a rush of spam targeting people working from home, capitalizing on their fears by pushing fake covid treatments, masks and tests.