Support the fact-based journalism you rely on with a donation to Marketplace today. Give Now!
An email inbox filled with spam. MIKE CLARKE/AFP/Getty Images

The daily grind: Even email spammers work 9 to 5

Jana Kasperkevic Aug 23, 2017
An email inbox filled with spam. MIKE CLARKE/AFP/Getty Images

We have all been on the receiving end of spam emails. You know the ones I am talking about — the offers of Viagra, a Nigerian prince requesting your help in exchange for millions of dollars or a stranger informing you of money that was awarded to you. Just yesterday, I received an email informing me that there is $10.7 million waiting for me, and all I have to do is fill out a form with my personal information and send it along to a Mr. Bukola Saraki, Senate President of Nigeria. The spammers — even if their scenarios are implausible and their spelling often suspect — sure are persistent.

They are also hard very working. It turns out that the majority of spammers keep the same work hours as you do, according to data released earlier this week.

A research team at IBM called IBM X-Force Kassel accessed billions of unsolicited spam emails every year. Using data collected from December 2016 to June 2017, the team was able to map out a spammer’s typical workday. They found that more than 83 percent of all spam was sent during weekdays, with spammers taking bit of a break on weekends. Their workday usually starts around the time that people in Europe are getting to work. Spam emails drop off around 4 pm ET just as some U.S. workers are wrapping up their workday.

According to IBM, these findings align with the recent move among spammers to targets employees and their organizations rather than just spamming people indiscriminately. By sending phishing emails during typical work hours, spammers are catching employees at their desks when they are more likely to click on an incoming email.

And click they do. While many spam emails are still easy to spot, there are also some that have become much more sophisticated, fooling recipients into doing things like sharing their bank information or work email passwords and clicking on Google doc links, helping spread malware and ransomware throughout their networks. Earlier this year, ransomware programs WannaCry, Petya and NotPetya spread through 150 countries and infected the computers of thousands of people, costing organizations millions of dollars.

While the majority of spammers keep traditional work hours, there are, however, some spammers who work throughout the weekend and into the evenings. Those diligent overtime spammers are most likely spam bots, according to the study. These particular spam bots are designed to collect email addresses from the internet and then send out emails automatically to large quantities of recipients.

The IBM research team was also able to break down where phishing attempts from spammers were coming from:

  • 30 percent came from India.
  • 25 percent came from South America
  • 11 percent came from China
  • 11 percent came from Central and East European Union
  • 9 percent came from Western European Union
  • 7 percent came from U.S. and Canada
  • 6 percent came from Russia

While phishing has been around for years, its use by spammers has grown significantly over the past decade. Consider this: the number of phishing attacks has increased 5,753 percent from 2004 to 2016, according to the Anti-Phishing Working Group. Back in 2004, the group recorded about 1,609 phishing attacks a month. At the end of last year, that number was 92,564.

According to the FBI’s Internet Crime Complaint Center, from October 2013 to December 2016 more than 22,000 Americans have fallen prey to online scammers trying to hack their email accounts. Altogether, the scammers were able to steal as much as $1.6 billion dollars.

The rise in phishing attacks targeting businesses and their workers is one of the reasons why tech companies like IBM are trying to collect more data about spammers and their behaviors. It’s also why a growing number of companies are purchasing cyber insurance, insurance designed to protect companies in the event of hacking or other types of data-breaches. At the moment, cyber insurance costs companies an estimated $3.25 billion a year in premiums. That number is expected to grow to a staggering $20 billion in premiums by 2025, according to insurance provider Allianz SE.

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.