If you’ve been feeling like you’re getting a lot more spam these days, you’re not alone. Both spam calls and spam texts increased in quantity over the course of the COVID-19 pandemic, with 5.9 billion spam calls reported in June 2021 alone, an 11% increase. Spam texts didn’t grow as much, with only 7.1 billion (a 1% increase) more — but complaints about spam texts were up 146% in that period. Now, it seems text message spam is on the rise, with many of us having had a barrage of suspicious-looking text messages recently.
The numbers for spam emails are even more staggering, with 122.3 billion sent every day though most get caught by spam filters. Truecaller, a well-known caller ID and spam-blocking app, also confirmed that there’s been an unprecedented increase in spam robocalls and text, with an estimated $29.8 billion lost to scam calls in 2021.
Anecdotally, we’ve certainly noticed an overall increase in spam, as well an increase in the amount of spam making it through the spam filters. In addition to it being annoying, we also have to remain vigilant to make sure our devices don’t become compromised, and our priceless data doesn’t get into the wrong hands.
But with so many technologies and algorithms available to block spam, why are we still getting these email and text messages in 2022? We asked industry professionals their thoughts on spam to find out.
How are spammers getting my info?
You get spam messages because someone gets access to your email address or phone number. Think about how often you provide your phone number or email address when checking out online, when registering for something, or when signing up for a rewards program in a store.
“Many of these service providers have been breached, and the consumers don’t even know it. There is no way for a consumer to reclaim their info after a breach, and that is when it is leaked to robocalling services for big money,” Rick Lazio, former congressman and now senior vice president at cyber consultancy Alliant Cybersecurity, told .
That’s really how simple it is. Even if you practice good data security, there’s no way to avoid having your phone number and email floating around in the world. It’s just the cost of modern living and convenience.
Why you receive inappropriate spam messages
If you’ve ever received an NSFW (not safe for work) spam message that contained completely inappropriate subject matter, you’re not alone.
“While everyone gets spam, there has been an uptick in receiving “inappropriate” or “dirty” spam texts and emails,” says Rizwan Virani, CEO of Alliant Cybersecurity. “Bad actors know what they are doing. The purpose of sending spam and phishing messages is to ultimately get the receiver to open, click, or provide information. In regard to the dirty spam, bad actors are having success with these types of messages, and therefore, they are sending them out at a much higher rate than ever before.”
Even if someone replies with “stop sending this to me,” the spammer has then engaged the recipient, which provides them with a way in for further exploitation and data gathering.
Spam and regulatory issues
Another reason we continue to receive spam calls and emails is that laws are slow to catch up with online crimes, and spammers use this to their advantage. “There is little to no legislation from a cybersecurity or data privacy standpoint that allows law enforcement to go after the criminals who enacted the breach … or allow users to protect their data,” Lazio says.
“These are all fast-moving issues that Washington is attempting to solve,” Lazio continued. “We at Alliant Cybersecurity also see the benefit in a private right of action by consumers against the vendors who purchase the data and/or a big increase in the penalty for the same (up to $5 million, for example) if law enforcement catches up. And maybe even a whistleblower provision to incentivize people on the inside of these companies to shine a light.”
The Federal Communications Commission (FCC) does allow people to make complaints and has initiatives to combat robocalls together with the Federal Trade Commission (FTC), which allows you to sign up for the National Do Not Call Registry. The FCC has also engaged in enforcement actions, sending cease-and-desists and imposing fines. However, part of the issue is that the spam problem is simply too big for just the FCC to handle alone. “Closer coordination within the agency and between federal and state partners can help in addressing this consumer epidemic,” said FCC Chairwoman Jessica Rosenworcel as part of her statement about the launch of a Robocall Response Team.
How to tell if a text or email message is spam
If you weren’t expecting a message from that person or business, it could be spam. Other signs of spam are the following:
- A sense of urgency in the message
- Bad grammar or spelling errors in the message
- The message contains a to click on
- The message is asking for your personal info or asking for money
- The sender’s email address is from a personal email, but they’re claiming to be a business
- You don’t recognize the number, but the sender is claiming to be someone you know
What to do if you get a spam message
If you get a message that you think might be spam, do not engage with the sender in any way, shape, or form. “The best practice in dealing with spam is to not respond and delete it. Do not reply and do not call the sender’s phone number,” Virani says. “Luckily, opening a text message does not have any risk at this time. That said, clicking on links, pictures, replying to the text, and providing any additional information does. Instead of opening the text message, to begin with, play it safe and delete it.”
If you’re not sure whether or not a message is spam, reach out to the individual or company directly and ask them if they contacted you. If you receive a message from your bank, for instance, and you’re not 100% certain that message came from your bank, call your bank directly and ask them if they’ve sent you any text messages or emails.
Whose devices are most vulnerable?
Regardless of if you’re on Android or iOS, there are ways to prevent spam, but some devices might be more vulnerable than others.
“Phone operating systems do carry their own risks and vulnerabilities,” says Virani. “Android phones are actually riskier because of the variety of different operating system versions among Android phone manufacturers. The best practice here is to make sure you are keeping your phone up to date with the latest software. It is also imperative to understand what mobile apps you have on your phone. Mobile apps carry new code and new vulnerabilities as well. Be sure to update your apps and remove any that you are not regularly using.”
How to prevent spam
Aside from third-party ID and spam blockers like Truecaller, many cellular carriers offer spam-blocking services either as a separate app you can download or an extra subscription service. One such example iswhich is available to customers for free and offers scam ID, scam block, and Caller ID services. Verizon offers a similar to screen incoming calls, and Call Filter Plus,which requires a subscription but includes caller ID and a block list. Finally, AT&T has which lets you block spam calls and unknown numbers, as well as identify spam risk. The Call Protect Plus Upgrade requires a monthly subscription, but it adds caller ID, reverse number lookup, and more granular controls over call categories that are allowed through.
Pixel device users can also use Google’s A.I.-powered Call Screening to filter out spam calls and block robocallers. Most default phone dialers on both Android and iOS also have call-blocking options, letting you build your own call-block list and offer a way to export this list when and if you switch devices.
Clean up your data
Beyond these basics, we also asked Patrick Ambron, CEO of BrandYourself, about other ways to help prevent spam. He suggests going directly to data brokers and people search sites to opt out so they cannot sell your data. He also recommends deleting old accounts and protecting your active accounts.
“While we may not want to admit it, many of us still have that old MySpace account that we lived by in high school but haven’t thought of in decades,” Ambron said. “While it may seem harmless, these accounts are still at risk of a data breach, which would make all the personal information they contain available to spammers on the dark web. We recommend auditing all of your email accounts, new and old, to make sure any old social media accounts are deactivated. Tools like BrandYourself’s Account Deleter or Mine can automate that process for you for free …
“Take advantage of sites that offer two-factor authentication, which many do today. Use password managers like LastPass or OnePassword to create complex passwords that are easily accessible, so you’re not constantly resetting them. Also, take advantage of the new privacy options sites like Facebook or Google have begun to offer. Turn off tracking toggles manually or use tools like JumboPrivacy to do this for you. VPNs and ad blockers are great additional tools to limit the amount of data tracking occurring as you browse.”
Practicing good data hygiene from the beginning is obviously the easiest, but the next best option is to go and clean up old zombie accounts and delete profiles and services you aren’t using anymore. It may be tedious, but the less personal information you have floating around online, the better.