Security's Everyman

Security's Everyman

Monday, September 10, 2007

Information Security Poll Results (SPAM)

The poll regarding SPAM and who has done what has ended. Just as a recap here is the question and the answer choices.

Have You or anyone you know actually bought something sold via spam or gotten a virus due to clicking on a malicious email link?

Yes, I bought something. (0%)
Yes, I know someone who bought something. (7%)
No, I have not bought anything nor no anyone who has. (45%)
Yes, I have gotten a virus via a malicious email link. (11%)
Yes, I know someone who has gotten a virus via a malicious link. (54%)
No, I have not nor do I know anyone who has gotten a virus via a malicious email link. (27%)

Obviously the totals add up to more than 100% because you could choose more than one answer.

I like the honesty of those who admitted to getting a virus because the clicked on a malicious link. That's something hard to admit especially when you are in IT or Information Security.
What is really interesting is that only 7% of you even know anyone who has bought something via SPAM. It still boggles my mind that anyone would actually buy something via a complete stranger because they received an email. Just think of the possible dangers. 1) You have now given them your address. 2) You have given them your Credit Card or Bank Account information. 3) Even if they don't do anything malicious w/ the first two you are taking the chance that they will bill you and never ship the product. Unless you are using a 3rd party that guarantees you some sort of protection you are out that money. I guess though that if 7% of all SPAM that is trying to sell you something is acted on that is a whole lot of sales. I don't know what the average actually is but I'd venture to guess is quiet a bit less than 7%.

That is bad enough but to me the real danger here is the potential of getting your machine infected or owned by clicking on a malicious link in and email. Getting a traditional virus or worm is bad but today the real likelihood is that you will get botware that turns your PC into a SPAM bot or allows it to be used for other nefarious purposes. Worse than that is getting a rootkit or keystroke logger that is used to steal your identity and all of your user ID's and passwords for online banking, trading, etc... This can really cause nightmares in real life.

Thanks again for taking my poll and I'll have another one posted soon.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.