If you’ve been feeling like you’re getting a lot more spam these days, you’re not alone. Both spam calls and spam texts have increased in quantity over the course of the COVID-19 pandemic, with 5.9 billion spam calls reported in June 2021, an 11% increase. Spam texts didn’t grow as much at 7.1 billion (a 1% increase), though complaints about spam texts were up 146%.
The numbers for spam emails are even more staggering, with 122.3 billion sent every day though most get caught by spam filters. Truecaller, a well-known caller ID and spam-blocking app, also confirmed that there’s been an unprecedented increase in spam robocalls and text, with an estimated $29.8 billion lost to scam calls in the past year.
Anecdotally, we’ve certainly noticed an overall increase in spam, as well an increase in the amount of spam making it through the spam filters. In addition to it being annoying, we also have to remain vigilant to make sure our devices don’t become compromised, and our priceless data doesn’t get into the wrong hands.
But with so many technologies and algorithms available to block spam, why are we still getting these email and text messages in 2021? We asked industry professionals their thoughts on spam to find out.
You get spam messages because someone gets access to your email address or phone number. Think about how often you provide your phone number or email address when checking out online, when signing up for something online, or when signing up for a rewards program in a store.
“Many of these service providers have been breached, and the consumers don’t even know it. There is no way for a consumer to reclaim their info after a breach, and that is when it is leaked to robocalling services for big money,” Rick Lazio, former congressman and now senior vice preident at cyber consultancy Alliant Cybersecurity told .
That’s really how simple it is. Even if you practice good data security, there’s no way to avoid having your phone number and email floating around in the world. It’s just the cost of modern living and convenience.
If you’ve ever received an NSFW (not safe for work) spam message that contained completely inappropriate subject matter, you’re not alone.
“While everyone gets spam, there has been an uptick in receiving “inappropriate” or “dirty” spam texts and emails,” says Rizwan Virani, CEO of Alliant Cybersecurity. “Bad actors know what they are doing. The purpose of sending spam and phishing messages is to ultimately get the receiver to open, click, or provide information. In regard to the dirty spam, bad actors are having success with these types of messages, and therefore, they are sending them out at a much higher rate than ever before.”
Even if someone replies with “stop sending this to me,” the spammer has then engaged the recipient, which provides them a way in for further exploitation and data gathering.
Another reason we continue to receive spam calls and emails is because laws are slow to catch up with online crimes, and spammers use this to their advantage. “There is little to no legislation from a cybersecurity or data privacy standpoint that allows law enforcement to go after the criminals who enacted the breach … or allow users to protect their data.” Lazio says.
“These are all fast-moving issues that Washington is attempting to solve,” Lazio continued. “We at Alliant Cybersecurity also see the benefit in a private right of action by consumers against the vendors who purchase the data and/or a big increase in the penalty for the same (up to $5 million, for example) if law enforcement catches up. And maybe even a whistleblower provision to incentivize people on the inside of these companies to shine a light.”
The Federal Communications Commission (FCC) does allow people to make complaints and has initiatives to combat robocalls together with the Federal Trade Commission (FTC), which allows you to sign up for the National Do Not Call Registry. The FCC has also engaged in enforcement actions, sending cease-and-desists and imposing fines. However, part of the issue is that the spam problem is simply too big for just the FCC to handle alone. “Closer coordination within the agency and between federal and state partners can help in addressing this consumer epidemic,” said FCC Chairwoman Jessica Rosenworcel as part of her statement about the launch of a Robocall Response Team.
If you weren’t expecting a message from that person or business, it could be spam. Other signs of spam are the following:
- A sense of urgency in the message
- Bad grammar or spelling errors in the message
- The message contains a link to click on
- The message is asking for your personal info or asking for money
- The sender’s email address is from a personal email, but they’re claiming to be a business
- You don’t recognize the number, but the sender is claiming to be someone you know
If you get a message that you think might be spam, do not engage with the sender in any way, shape, or form. “The best practice in dealing with spam is to not respond and delete it. Do not reply and do not call the sender’s phone number,” Virani says. “Luckily, opening a text message does not have any risk at this time. That said, clicking on links, pictures, replying to the text, and providing any additional information does. Instead of opening the text message, to begin with, play it safe and delete it.”
If you’re not sure whether or not a message is spam, reach out to the individual or company directly and ask them if they contacted you. If you receive a message from your bank, for instance, and you’re not 100% certain that message came from your bank, call your bank directly and ask them if they’ve sent you any text messages or emails.
Regardless of if you’re on Android or iOS, there are ways to prevent spam, but some devices might be more vulnerable than others.
“Phone operating systems do carry their own risks and vulnerabilities,” says Virani. “Android phones are actually riskier because of the variety of different operating system versions among Android phone manufacturers. The best practice here is to make sure you are keeping your phone up to date with the latest software. It is also imperative to understand what mobile apps you have on your phone. Mobile apps carry new code and new vulnerabilities as well. Be sure to update your apps and remove any that you are not regularly using.”
Aside from third-party ID and spam blockers like Truecaller, many cellular carriers offer spam-blocking services either as a separate app you can download or an extra subscription service. One such example is T-Mobile Scam Shield, which is available to customers for free and offers scam ID, scam block, and Caller ID services. Verizon offers a similar Call Filter to screen incoming calls, and Call Filter Plus,which requires a subscription but includes caller ID and a block list. Finally, AT&T has AT&T Call Protect, which lets you block spam calls and unknown numbers, as well as identify spam risk. The Call Protect Plus Upgrade requires a monthly subscription, but it adds caller ID, reverse number lookup, and more granular controls over call categories that are allowed through.
Pixel device users can also use Google’s A.I.-powered Call Screening to filter out spam calls and block robocallers. Most default phone dialers on both Android and iOS also have call-blocking options, letting you build your own call block list and offer a way to export this list when and if you switch devices.
Beyond these basics, we also asked Patrick Ambron, CEO of BrandYourself, other ways to help prevent spam. He suggests going directly to data brokers and people search sites to opt out so they cannot sell your data. He also recommends deleting old accounts and protecting your active accounts.
“While we may not want to admit it, many of us still have that old MySpace account that we lived by in high school but haven’t thought of in decades,” Ambron said. “While it may seem harmless, these accounts are still at risk of a data breach, which would make all the personal information they contain available to spammers on the dark web. We recommend auditing all of your email accounts, new and old, to make sure any old social media accounts are deactivated. Tools like BrandYourself’s Account Deleter or Mine can automate that process for you for free …
“Take advantage of sites that offer two-factor authentication, which many do today. Use password managers like LastPass or OnePassword to create complex passwords that are easily accessible, so you’re not constantly resetting them. Also, take advantage of the new privacy options sites like Facebook or Google have begun to offer. Turn off tracking toggles manually or use tools like JumboPrivacy to do this for you. VPNs and ad blockers are great additional tools to limit the amount of data tracking occurring as you browse.”
Practicing good data hygiene from the beginning is obviously the easiest, but the next best option is to go and clean up old zombie accounts and delete profiles and services you aren’t using anymore. It may be tedious, but the less personal information you have floating around online, the better.