Nearly everyone has run across unsolicited bulk email, or spam, which includes everything from sharing a Nigerian prince’s riches to dire warnings that you need to change your banking password immediately. Due to the inherently insecure technology at the heart of email, the different techniques spam employs, and the reality that it is essentially free to send emails to millions of recipients, spam is the most prevalent vector for malware infection today.
When software or computers are not configured properly, just opening a spam message can trigger an infection. The more common path, though, is encouraging the recipient to click on a link in a message, which then either installs malware or takes the user to a site which infects or seeks to harvest personal information. The link may promise something, like free software, or alert the recipient that they need to protect themselves by following the link. For instance, a common form of spam is in the guise of a financial institution warning the recipient that their login credentials have been compromised and they need to change their password. The link from the “bank” is, of course, fake, and when the user types in their login credentials, the information entered is quickly used to drain any accounts at the real institution.
There are so many types of spam that it is impossible to list them all here, but they are usually trying to separate money and information from the owner.