How do we deal with our inboxes being overwhelmed with unwanted ads and other messages, not to mention malicious content aimed at stealing our identity, bank details and other personal information? This was the question that participants in the panel discussion titled SPAM: A Fool’s Paradise (“Spamovanje ludom radovanje“), organised by the Serbian National Internet Domain Registry Foundation (RNIDS) as part of events to mark European Cyber Security Month, set out to answer. The debate was co-organised by the Museum of Science and Technology which was also the venue for the event, on 20th October 2016.
Moderator Jelena Ožegović, RNIDS Marketing and Communications Associate, opening the discussion, gave a short introduction to the topic, defining spam mass-messaging that is unsolicited, regardless of its content. In other words, any message sent to its recipients without their consent is considered spam. In Serbia, despite no less than four different laws prohibiting this business practice, some companies and organisations continue to pester the public with unsolicited material placed in their postboxes, unwanted messages sent by email or SMS and unwanted land or mobile phone calls. It is public knowledge that the personal data of citizens is sold to companies for them to use in targeting potential clients with commercial messages.
This was an apt introduction to the talk by Aleksandra Petrovski, co-founder of the wwwrite.rs Training Centre for Web Content Creators, who said she was offered 800.000 email addresses for purchase. She refused to do so, firstly because it was illegal, and secondly because it was her belief that it is much more effective to build your own database of users based on their specific interests.
When there is profit to be made companies are sometimes prepared to bend and break laws, and to contact potential customers without their permission. Žarko Ptiček, IT legal advisor in the company Ptiček, said that consent was a key concept in the debate on spam. Internet and mobile providers must protect their clients as much as possible from spam and, where they fail to do so, their users have the right to request the identity of the sender and start proceedings against them. Unfortunately, in Serbia, service providers do not always act in line with the user’s rights. This is why the public needs to be educated about the dangers that lurk on the Internet, as well as when using other forms of communication. Jovan Šikanja, security administrator at the company Limundo, said he believed that the public could protect themselves from unwanted messages by analysing them in detail – first to determine who the sender is, then to look at the way the message has been written (they are commonly grammatically incorrect, having been translated by Google Translate), then to judge what the sender actually wants.
Additionally, said Vladan Babić, chief specialist for network and information security in the Information Systems Attack Response Centre of the Serbian Ministry of the Interior, people should have multiple email addresses and use them for different purposes. For example, emails we supply when entering promotions or to get discounts or sale items should not be used for serious purposes such as electronic payments etc.
But over and above all this, Ptiček said, we need to use our common sense: “You can’t have won a million pounds in the UK National Lottery if you didn’t even enter it. Don’t fall for offers that involve you receiving some generous gift for no good reason. You need to realise that if something is being offered for free then you yourself are the goods – only you won’t be paying with money but with your personal data.”
If your company has been misrepresented by someone who has spammed others in your name, you are not responsible for any harm caused but you are responsible for your reputation. That is why, Boško Radivojević, said, we need to educate our users and develop a unique voice when communicating with them so that they are able to differentiate your company from anyone trying to imitate it. It could be a special signature added to emails, addressing your user by their surname or some other unique detail that is not easily imitated.
At the debate it was announced that the CERT (Computer Emergency Response Team) would be able to start work next year, but that it would take at least three years to become fully operational. The audience also had a chance to hear the Slovene experience in this area from Gorazd Božič, director of SI-CERT, who said that spam was a kind of “defeat for Internet self-regulation” and that some systemic solution was needed, after all, in order to protect citizens from unwanted messages. The problem was, Božič said, that laws were written for those who respected them, while those who violated them should be dealt with by other authorities.
Solution is education
There are various types of spam. Unwanted advertising may be annoying, and floods the email inboxes of Internet users, but it is not always as dangerous as malware can be. As technology has advanced, malware has become increasingly sophisticated, and more and more resembles emails sent by organisations or people we know, and special precautions should be taken with it. Experts warn that each mail should be reviewed for at least 30 seconds, looking at all its key aspects and at who the recipient is. Social engineering has very much progressed: it targets people’s needs and wants in a way that explains why people often succumb to deception.
The best way to fight spam is through constant education – that was something all participants in the panel discussion agreed on. In the words of one participant in the debate, just as people examine each tomato they buy at the market they should also examine every message they receive online. We should take the same care online as we do offline. The younger generations who are exposed to these new technologies need to be educated about all the dangers that lurk on the Internet. This is why IT education needs to be introduced not only in primary schools but as early as pre-school.