Cyberclinic: Spam success rate? 0.000008%
You might wonder why your email is clogged up with hundreds of messages informing you that your sexual potency is to be found wanting. Well, the answer has emerged from a study at the University of California: it's because spammers need to send approximately 12,500,000 messages in order to get one positive response from a recipient.
I'm not sure about the ethics of their study, seeing as the researchers actually conducted their own fake spam campaign in order to assemble the results – but after they'd sent some 350 million email messages to gullible punters such as ourselves over a period of 26 days, they secured just 28 orders. Now you might think this a fantastic ratio, a testament to the power of spam filtering and the public's ability to identify a spam message and make the correct decision not to respond to it. But the Storm network – the colossal botnet responsible for a significant proportion of the world's spam – is still estimated to bring in some £4,430 every day, despite the miserable conversion rate. Which, by my rough estimates, means a billion spam messages sent every day by that one network alone. Terrifying.
CONFUSED ABOUT TECHNOLOGY? SUBMIT YOUR QUERIES TO CYBERCLINIC USING THE COMMENT FORM BELOW, OR EMAIL QUESTIONS HERE.
They didn't send any spam themselves, they hijacked an existing botnet sending spam and replaced the urls in the spam with their own perfectly safe but very trackable ones, thus allowing them to both track responses and orders and prevent stupid people from sending real orders to actual spammers.
Posted by: Marysia | Friday, 14 November 2008 at 05:49 PM
That's the proportion of people who willingly purchase fake pharmaceuticals.
Other studies report that on average 5% of recipients of spam at least "click through" (even just out of curiosity!) - which is enough to present them with a spoofed financial site or infect them with a drive-by virus. And it seems reasonable to suppose that the success rate for the more expensive technique of spear-phishing is even higher. Then there are the pump-and-dump scammers, whose spam doesn't even need an explicit click-through response, yet who I've seen turn over millions of dollars in a single day.
And that is the point isn't it? The sophisticated crooks are using the sophisticated, effective, and profitable techniques, and the morons at the bottom of the food chain are selling fake pharmaceuticals.
Posted by: Ian Kemmish | Sunday, 16 November 2008 at 09:09 AM