Survey: 17 Percent Responded to Spam Despite Most Knowing the Danger

By Matthew Harwood

A new survey may make you question how schooled the average Internet user is in Internet security—even those who use computers the most.

Recently, the Messaging Anti-Abuse Working Group (MAAWG), an anti-spam group, interviewed 800 general consumers on their knowledge of botnets and asked each participant "Why did you click on that spam link?"

Despite 82 percent of respondents saying they were aware of botnets and malware and two-thirds replying they're Internet security conscious, one out of six people said they had responded to a message they suspected was spam.


"Those who did click on spam say they either made a mistake, are not sure why they did it, sent a note to the company, or were interested in the product or service," reports the survey.

Another reason so many people click on spam despite their knowledge of the threat is due to a sense of false confidence. Only 20 percent of respondents said they believe they their computers will likely get infected by malware. Fourteen percent believe their computer will never get taken over by a bot.

This led Ferris Research Inc.—a research and analysis firm for the messaging industry, whose comments were included in the report—to observe:

You might assume that the more technically savvy you are, the less likely you are to be hit by a virus, but that is not true. Our previous research indicates that the more you use computers, the more likely you are to get hit by a virus.

The survey also found that it was people under the age of 35 that take more spam precautions, such as using discretion when giving out their e-mail address or using another e-mail address for situations that may result in spam.

Another demographic group more sensitive to security is people that will allow experts to remotely access their computer to eliminate malware. Overall, 63 percent said they would allow remote access. MAAWG describes these people as "probably more cautious when using email, more aware of bots, and are more likely to say they could be infected with a bot."

The report concludes by listing a slew of recommendations for businesses, Internet service providers and e-mail providers, and antivirus and antimalware vendors.

For businesses, MAAWG recommends trying to reward employees for reporting spam by giving prizes and awards to spam reporters. The report recommends looking at Google's method for reporting malicious Web pages for ideas.

♦ Photo of malware installed by botnet by Paperghost/Flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.