Spam is junk email. It's annoying at best and a security risk at worst. Some spam is harmless, though irritating. However, some spam is sent by cybercriminals who are attempting to capture your personal data through innocent looking marketing emails.
Spammers send massive amounts of junk email in hopes that at least some of the recipients will click on the links or attachments. When someone clicks on a spam email, they're sent to phishing or malware websites, where they're tricked into providing personal information, activating a virus or downloading malicious software.
For an email to be considered spam, it must be both unsolicited and sent in bulk. Not all bulk email is spam. Not all unsolicited email is spam. If you agreed to receive an email from a company, it is not spam.
Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups and email viruses that harvest users' address books. The addresses are then sold to other spammers. Here are more details about the ways in which email addresses are collected:
- Email messages that are forwarded multiple times, like jokes or email hoaxes, videos.
- Directory Harvest Attacks (DHAs) are carried out against email servers to acquire a list of users on your server that will accept email; that list is sold to spammers.
- Email spambots (web crawlers) scour newsgroups, forums, social networking sites harvesting email addresses.
- Buying and trading via mailing lists.
- Randomly generating (guessing) common email addresses.