All right, listen up people: We have a problem. I thought we'd resolved this during our talk last year, but it turns out some people out there are still using spam e-mail as their personal shopping mall.
Twelve percent of respondents to a recent survey said they bought a product or service by clicking on a link in a spammed message, according to the Messaging Anti-Abuse Working Group (PDF). While 12 percent may not sound like much, it's just enough of a success rate to make it worthwhile to spend a few hours plugging an e-mail message into a botnet, and spew advertising all over the World Wide Web.
Tell me the truth. Was it the cheap Viagra? The acne pills? Or could you just not live without that special formula guaranteed to "turn her on"?
As for the rest of us who haven't bought something, we're not in the clear either. The MAAWG says only 48 percent of those surveyed have never clicked on spam. If you count the 12 percent going on a spam bonanza and the 48 percent who are wary of spam, that leaves another 40 percent of people unaccounted for.
And that where things gets even worse.
MAAWG says 17 percent of respondents who actually clicked on spam e-mail just made a mistake and didn't realize what they'd done. That number seems a little high to me, but all right, the 17 percenters made a mistake and are in the clear too.
Now, get this: 13 percent of respondents said they just clicked on spam for no reason at all. They didn't make a mistake, they didn't want to buy something, they just opened an e-mail message and clicked on a Web link advertising cheap prescription medicine without any warning bells going off in their heads.
Have you learned nothing, you unlucky thirteens? Let's review: if you don't recognize the Web address in a link or you don't trust the source of the link, then don't click on it. Remember: Responding to spam just encourages more spam.
So now let's move on to the craziest, and smallest, group of respondents in this study. The people I like to call "the ‘experimentalists." According to the MAAWG's report, 6 percent of people clicked on a link contained in spam e-mail, because -- are you ready for this? -- they "wanted to see what would happen." Takes your breath away, doesn't it?
The worst that could happen
So what could happen if you click on an e-mail link? Well, you could be taken to a Web site where malicious code is slipped onto your computer leaving you vulnerable to identity theft. Then again, maybe a hacker could just turn your darling little machine into a zombie without you ever knowing it.
Congratulations, zombie, you are now part of a botnet -- a network of thousands of computers that can be controlled by a criminal organization. Botnets can be rented out to hackers who want to use an unwitting computer army for various cyber attacks, and other computer shenanigans, like, say, sending out millions of spam e-mail messages advertising Viagra, acne pills, and sexual enhancements.
Of course, it's also possible you could just get a great deal on a stereo system or the most beautiful jewelry you've ever seen.
The MAAWG survey interviewed 800 people across the United States by telephone and over the Internet. The survey covered people who did not have corporate e-mail supported by a dedicated IT staff.
Interestingly enough, MAAWG said that more people admitted to clicking on a spam e-mail link through the Internet survey than over the phone. I wonder if there was a shame factor involved here? Come on, phone people, admit it; behind closed doors you're clicking away on all kinds of spam, aren't you?
There is some good news, though, because spam responses may be dropping off. Last year, the Internet security firm Marshal said 29.1 percent of people made purchases as a result of spam, as opposed to MAAWG's finding that only 12 percent are spam-friendly.
Then again, spam must have a pretty big customer base, because analysts are bullish about spam levels for 2009. Microsoft and others have found that 97 percent of all e-mail is spam, and unwanted messages are migrating from your inbox to Twitter, Facebook, and even your cell phone. Earlier this year, McAfee estimated the amount of energy consumed by worldwide spam belches as much carbon into the atmosphere as 3.1 million cars consuming 2 billion gallons of gasoline.
Spam: stop the spew
As always, studies like the MAAWG's can be interpreted in various ways. But judging by the spam in my own e-mail, it's clear that unwanted e-mail messages are still a growing problem. So here and now I challenge you to do what I'm doing, and vow to never click on a spam link again -- not that I've ever done that sort of thing before, mind you. I'm also going to make sure my security software is always up to date just in case I do "mistakenly" click on that e-mail asking me to claim my free PlayStation 3.