ACE and Chubb are now one.
ACE has acquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

Why Some Malware Attacks Scam Us Better Than Others

A study on malware attacks recently released by cybersecurity firm F-Secure found that spam is the most effective method for delivering malware.

According to F-Secure, hackers rely on phishing emails because systems are more protected against other forms of malware attacks. The click rate for email spam increased this year, up to 14.2 percent in 2018.

Among the spam emails that F-Secure examined in spring 2018, 46 percent were dating scams; 31 percent contained links to malicious websites; and 23 percent contained malicious attachments.

Many spam emails first direct users to a safe site before redirecting them to a site containing malware. This helps malware avoid detection. Another way hackers avoid automatic analysis is by asking users to enter a password contained in the body of the email in order to open an attached file.

According to the study, users are 12 percent more likely to open a phishing email if it claims to be from someone they know, and 4.5 percent more likely to open it if the subject line is free of errors. Scammers are also more successful if the email "implies urgency," rather than including "an urgent call to action." Ray Schultz "Dating Scams Are Widely Used In Malware Attacks, Study Finds" (Jul. 31, 2018).


The F-Secure study confirms that most malware is spread through infected email attachments and links to infected websites. Workplace participants must never click on a link or open an attachment, unless the participant is expecting the email and is certain of what is contained in the attachment.

Even then, however, participants should keep up their guards. If a cyber thief has spyware on your computer, they can emulate email that is routine and expected. This is a highly effective form of social engineering.

If an employee suspects an email is spam, participants should never reply to the email because a reply simply confirms to the spammer that the email address is a good one and will simply increase attempts, including targeted phishing, known as spear phishing.

As discussed above, infected spam often originates from dating sites.  Organizations should prohibit access to such sites from their networks.

Finally, your opinion is important to us. Please complete the opinion survey:


Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

3.7% in Oct 2018

Payroll Employment

+250,000(p) in Oct 2018

Average Hourly Earnings

+$0.05(p) in Oct 2018

Employment Cost Index (ECI)

+0.8% in 3rd Qtr of 2018


+2.2% in 3rd Qtr of 2018

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

CEO And CFO Fraud Creates Exposures For Boards

The SEC finds two Silicon Valley company officers committed a $700 million fraud. What oversight was missing that led to this enormous fraud? We examine. Read More

Are Your IoT Devices Vulnerable To Attack?

Too often organizations and individuals forget to secure IoT devices, which hackers can breach to access network-connected computers. We examine. Read More

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

Not having a cybersecurity plan with human oversight left the U.S. Department of the Interior vulnerable to data breaches. We examine what this means for your organization. Read More