Internet users are still opening their spam e-mail with abandon and clicking the links and/or opening the attachments within.Internet users are still opening their spam e-mail with abandon and clicking the links and/or opening the attachments within. These are the latest findings from the Ipsos Messaging Anti-Abuse Working Group (MAAWG), which found once again that people continue to practice poor e-mail habits despite awareness of the consequences. A healthy dose of denial and ignorance about who should protect them is apparently enough to keep users clicking away.
According to the MAAWG report, a full half of all North American and Western European users admitted to having opened spam, with nearly half of those people (46 percent) doing so intentionally. Sure, a quarter of those users claimed they did so in order to unsubscribe or complain to the sender—bad idea, people!—but a full 15 percent said they opened spam because they were interested in the products or services being offered. Another 18 percent simply wanted to "see what would happen," and four percent actually forwarded an e-mail they identified as spam to someone else.
All this is despite the fact that many Internet users (44 percent) consider themselves "somewhat experienced" in the ways of security online while another 20 percent think of themselves as an "expert." Nearly all were aware of the existence of bots and botnets, but two-thirds said they felt they weren't likely to get infected. Fewer than half of those surveyed said they were responsible for protecting themselves from viruses and spam.
Strangely, the demographic most guilty of doing all this is not the older, less-Internet-experienced group of parents and grandparents. According to Ipsos, men and those under the age of 35 are the most likely to engage in risky e-mail behavior, "the same demographic groups who are more likely to consider themselves experienced when it comes to Internet security threats." Younger users open spam more often, click links in spam more often, and respond more often than those over 35. (As an aside, my younger brother has had to completely reinstall his operating system due to malware more times in a year than I change my underwear.)
These findings are similar to those from the same group published last year (although last year, it seems only six percent opened spam just to see what would happen—are we a bored society, or what?). At that time, the MAAWG said that this behavior coming from even a tiny percentage of users can drive a "booming spam-driven underground economy." Ultimately, this makes the spam problem worse for all of us, because that's enough of a return on investment to keep encouraging spammers. With botnets supposedly sending more than 80 percent of that spam, there are now relatively few worker-hours involved in making money from a spam-based business, making it even more appealing.
Given this, combined with users' social networking and pop-up clicking behaviors, is it really any surprise that IT admins see us as the biggest threat to corporate security?
Source: ars technica