Ever wonder what the working week of a spammer looks like? Researchers find out.
Spam is one of life’s annoyances, alongside cold and robot callers.
While you may first link spam to emailed claims that you have a rich long-lost relative in Africa or you’ve won the Spanish lottery — despite never having played — spam emails often serve a more nefarious purpose.
For those that fall for emails asking for your details to send you more wealth than you can imagine, to deposit your lottery winnings, or — often successfully — to visit a link which seems like your legitimate bank to re-input your credentials, this can lead to identity theft, account hijacking, and in serious cases, funds taken out of your account without authorization.
Spam and phishing campaigns are common, but how do the cyber attackers behind them operate?
On Monday, researchers from IBM X-Force Kassel revealed a research project investigating the average work week of a spammer.
According to the security team, which operates spam honeypots and monitoring, by using data gleaned from spam campaigns, the team has been able to map trends and patterns worldwide.
IBM X-Force found that as spam campaigns are used to generate cash fraudulently, they generally act as businesses, with operators planning their workdays around business hours.
Over 83 percent of spam is sent during weekdays, with “significant” drops over weekends. After analyzing six months’ worth of data, the team also discovered the biggest days for spam campaigns are Tuesday, Wednesday, and Thursday.
There is a hike in spam volumes around 5am UTC (1am EST) during weekdays, and IBM says this is because “spammers start off with Europe before they ‘follow the sun’ and start spamming recipients in the US.”
Spam volumes drop off around 8pm UTC (4pm EST), although the researchers reported some activity still takes place which mainly strikes US targets.
According to the team, these findings are linked to the propagation of malware families including Dridex, TrickBot, and QakBot, all of which are involved in campaigns by cybercriminals which focus on financial fraud.
“As such, these gangs make sure to spam employees in very pointed bouts of malicious mail, and at times potential new victims are more likely to open incoming email,” the researchers say.
While spam activity is 24/7, IBM found that spammers still do enjoy their rest, with a drop recorded in activity around the globe during respective sleeping hours. Night owl spammers, however, tend to operate around midnight, with a second peak at 1pm, and then a drop around 11pm — only to start up again at midnight.
The countries where most spam campaigns stem from are India, South America, and China.
Spam is likely to remain a thorn in our sides for years to come, but this kind of behavior is also rife on social networks. Twitter, for example, has a serious problem with spam bots, networks of fake accounts which, once following legitimate accounts, then lure hapless users into clicking on malicious links or fake websites.