20200722 The anatomy of crime originated in e-mail.

Evolution of risk in e-mails.

In the mid-1990s, I received an e-mail which carried malware in an attachment. At that time, my home PC was not connected to the office network. The malware installed itself and began to randomly pick documents off my hard disk and to send them to random contacts in my e-mail address book. Exactly how it was that it was stopped after only dozen or so mails with no confidential documents being issued is the story of dumb-luck. Maybe I’ll tell you one day.

There are several techniques for getting malware onto your PCs. By far the majority start with an e-mail.

Many commentators (some independent, some highly partisan) report on sources of spam and, equally important, the risks that spam presents.

In the light of the increasing number of reports of malware originating with Russian, Chinese, North Korean and Iranian hacking groups, this information from Statista.com is highly relevant.

https://www.statista.com/statistics/263086/countries-of-origin-of-spam/

“Leading countries of origin for unsolicited spam e-mails in 3rd quarter 2020, by share of worldwide spam volume”

Russia 23.52%
Germany 11.1%
USA 10.85%
France 6.69%
China 6.63%
Iran and North Korea are somewhere below 1%

But other opinions are available. Software provider Spambrella sets this list for priority in March 2021:

China
United States
Russia
Taiwan
Ukraine
United Kingdom
Germany
Australia
Germany
Belgium

As became apparent from several large-scale disruptions of corporate networks, the way into companies, the so-called “attack vector,” is often through that old technique that infected my PC all those years ago: via an approach by e-mail.

The precise method of delivery may be by attachment, it may be by drive-by installation for those who persist in using HTML mail (it really should be banned) or for those that click a link (another reason plain text is better because then you can see what you are clicking on)

I’ve been banging on about this for years and I’m delighted to see that Sourcehut has posted a page about it: https://useplaintext.email/

I guess the rot set in in the mid 1970s when IBM found a way, with their Golfball typewriters to make bold face and different typefaces (they weren’t called “fonts” then) in ordinary typed documents. I kinda miss those simple documents: the were what they were and nothing distracted from the words on the page.