Ruslan Rakhmetov, Security Vision
We've already talked about the types of unwanted mailings and the risks they bring with them. Spam is difficult to avoid completely, but it can be significantly reduced. Therefore, in this article we will look at ways to protect yourself and various tricks that will help you protect yourself.
There are three levels of protection: prevention, filtering and safe behaviour.
1. Do not publish your contacts in the public domain, do not leave your email and phone number on forums, in social networks and comments, and if you need to specify your email on a website, replace @ with [at] (for example, example[at]mail.com), so that automatic bots do not recognise it. Use disposable emails and virtual numbers for SMS (e.g. Google Voice, TextNow), and for registrations on dodgy sites you can create a temporary email through services like TempMail or Mailinator. You can also create a separate email for subscriptions and purchases, and use the main email only for important matters. Use unique passwords for different services, because if your email leaks from one database, it should not lead to the hacking of other accounts.
2. Enable anti-spam filters in your mail, mark unwanted emails as "spam" (this is how the mail service learns and blocks such emails in the future), set up blacklists and use mail services with good protection (ProtonMail and Tutanota pay more attention to security than mass services), and services like Unroll.Me help you unsubscribe from unnecessary mailings.
3. Do not click on links in suspicious emails. If a bank or shop asks you to confirm something, it is better to go to the site manually through your browser, rather than clicking on a link from an email. Check the sender, because official companies write from corporate addresses (@bank.com, not @bank-security.net) - if the sender's email is suspicious (e.g.support@paypal-secure.ru instead ofsupport@paypal.com ), it's probably a scam. Do not download attached files from strangers (especially if they are .exe, .zip, .docm, .pdf - they may contain viruses and scripts that run processes on your device). Use two-factor authentication (2FA).
Check if your address has leaked (you can use the free service Have I Been Pwned to check for leaks), change your email if spam cannot be stopped and remember: the state is the guarantor of your safety, in Russia you can file a complaint with Roskomnadzor.
The usual defence methods (filters, blacklists) work well, but if you want extra security, you can use tricks to avoid spam and even confuse spammers:
- Plus-addressing (tagged email)
If your email service supports plus-addressing (Gmail, Outlook, ProtonMail), you can add any word to the + address: Instead ofexample@gmail.com , use example+shop@gmail.com for purchases, example+news@gmail.com for news. If at some point spam to example+shop@gmail.com , it means that the shop has leaked your email and it can be blocked.
- Subdomains in email (if you have your own domain)
If you have your own domain (e.g. mydomain.com), you can create emails using the template: bank@mydomain.com,social@mydomain.com , etc. If one of them gets into the spam database, it is easy to disable it.
- Reverse spammer trap
Some services allow you to set up an autoresponder that tells the sender that the email does not exist. Spammers can remove your address from the database if they see such a message.
- Virtual numbers
To avoid giving your real number on websites, you can use services like Twilio, Google Voice, Receive-SMS and FreePhoneNum, which is also used by developers.
If the site allows you to register with a wrong number, try changing one digit. If you still receive a confirmation code, it means that the site does not verify the reality of the number, and you can enter a random number.
- Blacklists and false answers
If spammers are constantly calling, you can set up an answering machine like "the number is no longer in service", you can use a voice answering machine or record a short message on your phone to do this. You can also subscribe to an email service that automatically sends spammers false emails confirming that the email does not exist (e.g. MailWasher).
- Hiding the number in messengers
In many messengers you can hide your number and show only your nickname instead. For example, in Telegram you can use your ID instead of your number (@yourusername).
On social media, set up filtering so that only friends or verified contacts can post.
- Use of "empty" profiles
If a social network requires a phone number or email, you can create a fake profile with a temporary email. Using a unique email for each social network to track leaks is time-consuming, but can protect those who are particularly privacy-conscious.
If the site asks for personal data unnecessarily, you can enter fictitious data. For example, if you need to enter an address, you can enter Lenin Street 1 (or another common address).
These techniques will help you avoid spam and protect your personal data. The main rule is not to give out your contacts unnecessarily and use security tools. If spam is already happening, filter it, use false responses and change your approach to registering on sites.
Spam is used to steal employee credentials, which can lead to the leakage of confidential information, and attached files and links in spam emails can contain viruses, trojans and encryption tools that can paralyse a company's operations.
Keeping activity logs and analysing anomalous employee activity related to corporate email and blocking phishing attacks prevents data leaks and potential fines for non-compliance with GDPR, PCI DSS, ISO 27001. Reducing the amount of time employees spend dealing with spam increases productivity. Reducing the risk of malware infection reduces data and infrastructure recovery costs.
Spam increases financial risks (email compromise can lead to the substitution of payment details, fraud and financial losses) and IT infrastructure overload (mass spam attacks can block the work of mail servers and employees). There are also reputational risks - if attackers gain access to corporate contacts, they can use them to send spam on behalf of the company.
Various technological measures can be used to protect companies. For example, implementing corporate anti-spam filters (Proofpoint, Mimecast, Microsoft Defender for Office 365, Cisco Email Security), using DMARC, DKIM, SPF to protect the corporate domain from spoofing and sending spam on behalf of the company, and separating corporate email addresses into security levels (e.g., public contacts for clients are separated from internal emails).
Since responding to spam is a well-researched area, the processes are fairly easy to automate, for example by setting up spam detection and blocking through SIEM systems, SOAR for more automation and machine learning.
Effective protection involves not only technology, but also organisational measures and human training. Regular penetration tests can be conducted to assess the resistance of employees to social attacks, while monitoring corporate email leaks via Dark Web scanning (SpyCloud, Have I Been Pwned, DeHashed) will allow you to detect the threat in time.
In today's digital world, spam is not just an annoyance, but a cybercriminal tool that carries serious financial and reputational risks. Companies must implement multi-layered protection, combining technological solutions, organisational measures and continuous threat monitoring.
.jpg)
 2 - копия.jpg)
.jpg)
.jpg)
