With all of the diligence and innovation that goes into anti-spam technologies and initiatives, it’s hard to imagine that old-fashioned spam, meant to drive consumers to e-shops, remains profitable in any significant way. The profitability of phishing seems more obvious. Phishing attacks use common, emotional motivators to manipulate: false accusations (you owe us money!), trust (fake mails from your bank) and rewards (you’ve won the lottery!). These are age-old persuasion ploys that have existed long before e-mail. Sophocles, one of the ancient Greek tragedians said, “ Profit is sweet, even if it comes from deception.” What a perfect motto for botnet operators, spammers and phishers.
Phishing is clearly profitable, hence the sky-rocketing increase in attacks since 2011. RSA estimated worldwide losses from phishing attacks alone amounted to over $687 million in 2012. Someone’s loss is someone else’s gain.
But what about spam? Benoît Roumagère from Microsoft’s Outlook.com recently told the French newpaper Le Monde, “spam [after filtering] represents 2-3% of inbox mail". The industry is obviously doing a stellar job at reducing spam. Considering the low volumes of spam making it to the inbox combined with the general disdain the public has for unsolicited mail, how can spam still be profitable? Who today really opens those offers for Viagra or a fake Rolex? This is exactly what Prof. Dr. Thorsten Holz of Ruhr University in Bochum Germany wanted to know.
Dr. Holze and his research team gained access to one 16 of the 30 control-servers comprising one botnet. According to their report, every server used between 90,000 and 120,000 compromised computers to send mail each day. The botnet was able to send around 87 billion spams per month.
And yet, as Dr. Holze’s team discovered, in average only 0.000000081 percent of all spam recipients actually make a purchase! So how can this be profitable? According to Dr. Holze “sending spam mail is extremely inexpensive for operators of online shops. The shops can rent access to botnet servers and send 100 million spam mail for 350€. The average purchase of the 0.000000081% consumers who respond to the spam is 100€. This means out of 100 million spams sent, they gain 8 purchases and 800€ bringing their net profit to 450€.” Dr. Holz’s team also found that the statistical probability of a purchase increases to more than 0.000000081% the more spam you send.
Dr. Holze's findings were previously confirmed by researchers at UC San Diego in an effort to explain the economics behind spam. Their findings? “The financial success of spam networks depends overwhelmingly on scale and high margins, not a high purchase rate, to make money.”
Colonel Eric Feyssinet, in charge of anti-cyber crime unit of the French Gendarmerie described spam in Europe as, “a parallel economy thriving with its base in Russia, where affiliate spam programs are called, “partnerka”, the Ukraine and Azerbaijan” but with “clients all over the world.”
Sophocles, mentioned above on his rather morose view had something else to say about profit; “Things gained through unjust fraud are never secure.” Indeed. Onward march the anti-spam initiatives.
Image Source: Modern Life is Rubbish