2 min read

Empty Spam Messages: the Oft-Ignored Threat Lurking in the Shadows

Silviu STAHIE

December 17, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Empty Spam Messages: the Oft-Ignored Threat Lurking in the Shadows

Empty spam seems like a waste of time and resources for all parties involved, but its existence is part of more extensive plans devised by attackers who seek important information. Bitdefender’s telemetry shines a light on this relatively obscure type of attack that often remains hidden by anonymity and apparent uselessness.

When people receive an empty email, they tend to ignore it. It seems incomplete, or maybe the email was sent by mistake. But spam campaigns take effort and resources. “Someone” invests time and money to send spam emails, and they’re not doing it because they are bored. Everything has a purpose, even if the purpose of an empty email is not immediately apparent.

As consumers, we’re used to receiving spam emails that at least try to do something, like present users a link or even hide a malicious attachment. No alarm bells sound when we see an empty email, but they should. An empty email in the inbox likely means we’re targeted in a spam campaign.

The true purpose of empty spam

Empty spam has an obvious and insidious purpose: gathering information about the recipient and its availability. But not all empty spam is the same.

The simplest is an email with nothing but the subject, which sometimes could be a number or characters that make no sense. The role of this message is to determine if the email address is valid. If the sender doesn’t receive a message saying the email doesn’t exist, it means it’s a valid address, which is useful information.

In other situations, the spam email sends back a read receipt, telling the attacker not only that the email is valid but that the inbox is actively used and a real person opened the message.

Other times, attackers send an empty email with a subject line that makes sense and maybe even a few extra words in the body of the text, prompting the recipient to answer the email asking for more details. The attacker now knows that it can send a more direct phishing email, targeting the user directly.

More common than you think

Many of these emails are sent by botnets, sometimes automatically. Bitdefender’s security researchers analyzed a batch of 250 million spam emails gathered from our global honeypot network, discovering that 0.4% were empty spam emails. It might not seem like much, but when you’re dealing with hundreds of millions of emails, 0.4% means 1 million empty spam messages.

Bitdefender has also noticed two massive spikes in the past 30 days, with a couple of possible explanations. It’s likely that a threat actor is just testing a new botnet or functionality or it’s actually an indicator of an ongoing campaign.

We also managed to see how these emails are distributed globally. It turns out that only three countries are responsible for more than half of all empty spam emails. Brazil takes first place, with 44.27 percent, followed by Iran, at 10.23 percent, and the US, with 5.3 percent.

Spam emails won’t go away anytime soon, but it helps if users look at them as threats and not annoyances. Even if the bulk of these messages never reach their targets, with security solutions filtering the vast majority, some might still go through. After all, if they’re sent from a trustworthy domain and have no malicious links or attachments, they might seem legit. They’re not. If you ever see an empty email in your inbox from unknown senders, mark it as spam and remember that it’s actually someone trying to learn a little bit about you.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

1.8 Million Texans Caught in TDI Data Breach 1.8 Million Texans Caught in TDI Data Breach
Silviu STAHIE

May 20, 2022

1 min read
Your Identity is Being Traded on The Internet Every 2.5 Minutes Your Identity is Being Traded on The Internet Every 2.5 Minutes
Radu CRAHMALIUC

May 20, 2022

3 min read
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read