Spam Emails and Phishing Scams: An Unexpected Solution by IT Experts

Different email clients have different levels of “spam” exclusion ……?

Google and Microsoft in the U.S. have made it a priority to fight against spam, and they are battling adversaries around the world. They are fighting adversaries from all over the world, and their sales scale is different from other companies.

says Yugo Fujita, president of Cyber Research (Suginami-ku, Tokyo), a company that supports cyber security measures. Google and Microsoft provide the “G-mail” and “outlook (formerly Hotmail)” e-mail services, respectively.

According to Mr. Fujita, there may be a difference in the elimination of unsolicited e-mail depending on the operator of that server. Indeed, if you have addresses from two or more companies, you may find that you receive more or less junk e-mail depending on the e-mail software you use.

About 40% of junk e-mail… The basis of “phishing scam” prevention is the elimination of junk e-mail.

According to the “Unsolicited Email White Paper 2022-2024” by the Council of Anti-Spam E-mail Promotion, there is no firm definition of unsolicited email, but it is generally “annoying” and a social problem. It states that unwanted e-mail is sent against the recipient’s will and continues to be sent even if the recipient rejects it, resulting in a frequency that interferes with daily life and business operations.

Unsolicited e-mails include not only advertisements and promotions, but also fraudulent and blackmail e-mails such as fictitious claims. In particular, those that send e-mails pretending to be from well-known companies, such as financial institutions, to fraudulently obtain account numbers, passwords, credit card information, etc. are called “phishing scams” or “phishing e-mails.

While it is natural for users to be wary of phishing scams and other unwanted e-mails in order to avoid them, it seems that e-mail service operators are also checking and eliminating them.

According to the “White Paper on Unsolicited Email,” unsolicited email became a social problem around 2001.

According to the white paper, unsolicited e-mails accounted for about 37% of all domestic incoming e-mails as of last September, of which a considerable portion is handled by telecommunication carriers’ filters, etc., and the percentage reaching users is believed to be lower than that.

The white paper points out that unsolicited e-mail is becoming more sophisticated and malicious. The white paper points out that unsolicited email is becoming more sophisticated and malicious, and that there are two types of unsolicited email: “mass-sending” and “standard” unsolicited email.

The “mass-mailing type” involves the purchase of e-mail address lists from directory companies, the creation of random e-mail addresses and their indiscriminate transmission, the use of “decoy sites” to induce the registration of e-mail addresses, and the collection of e-mail addresses on blogs and other Internet sites. The “standard type” uses information on specific organizations or individuals obtained in some way to pose as a supervisor or business partner, or by attaching files containing viruses.

Anti-Spam Measures” Depend on the Processing Capability of Businesses

According to Mr. Fujita mentioned above, both Google and Microsoft in the U.S. offer “workspaces” for businesses to facilitate work and other tasks over the Internet. The workspace includes functions such as video calling, chatting, and schedule management, and e-mail service is one of the functions, with paid services offering increased data storage and other conveniences. Both companies are truly in the business of providing e-mail services and have many users around the world. Anti-spam measures are an important part of their core business.

On the other hand, there are IT (information technology) companies and cell phone companies that provide e-mail and SMS services in Japan as well.

They have a separate core business and are not considered to have reached the same level of anti-spam measures as Google or Microsoft,” said Mr. Fujita.

Mr. Noboru Ueno, representative of Tricorder (Chuo-ku, Tokyo), which provides support for cyber security measures, also commented, “Gmail and other such sites are not the best at detecting suspicious e-mails.

Gmail and others are putting a lot of effort into their systems for detecting suspicious e-mails,” said Mr. Ueno. This is to prevent them from becoming victims of spam or suspicious e-mails from attackers,” he points out.

He points out. On the other hand, compared to the world’s top operators, Japanese operators

“I feel that Japanese operators do not have a high level of capability to handle suspicious e-mails

Ueno also says. What kind of countermeasures are email service providers taking against spam? They do not disclose this information, as it may benefit attackers.

In addition to checking e-mail addresses, such as whether the sender has sent a large number of similar e-mails in a short period of time, we also check the contents of e-mails for text, links, attached files, etc.,” says Mr. Fujita.

Checking the contents of e-mails in detail requires high computing power, technology, and expense.

We have a black list” (Mr. Fujita ) of links in e-mails. For example, if there are instructions for transferring money to crypto assets such as Bitcoin, the body of the e-mail may be suspected of a crime. If we check the text and determine that it is not correct, it is sorted into spam or other types of junk mail.

Mistaken for spam…Trouble with online applications for Kanagawa public high schools

On the other hand, the stricter the pre-checking of junk mail, etc., the more appropriate ones are eliminated, and another problem arises.

Sending a large number of e-mails with the same content in a short period of time may be regarded as either a promotion/advertisement or a suspicious attacker. In such cases, the following troubling problem occurred earlier this year.

Public high schools in Kanagawa Prefecture began online application this year, but there were problems early on. Pre-registration began on January 4, and when students used G-mail provided by the U.S.-based Google to pre-register, on January 9, there was a string of inquiries from parents saying that they had not received an information e-mail.

The Education Bureau of the Prefectural Board of Education announced on January 19 that the system glitch had been resolved. The cause was believed to be an increase in the number of e-mails sent to applicants who had registered G-mail addresses as their contact information, which caused restrictions on the G-mail side.

However, some believe that the problem lies not with Gmail, but with the school itself.

The technical level of the outgoing mail server at the school was not up to par, so G-mail probably played the mail. The school may not have been able to keep up with the security level of G-mail,” said Fujita.

It is believed that a large number of similar e-mails were sent in a short period of time and were mistaken for spam, but the problem is on the sender’s side, i.e., the school’s side, he said.

Regarding this issue, the “Community” section of G-mail’s official website points out the following, although it says, “This is an estimate by an outsider who observes G-mail system trends, and is not an official announcement by Google. “It is presumed that this was caused by incorrect settings (on the part of the school), which caused Google’s system to reject incoming mail sent from the relevant mail server. The explanation of the cause by the Kanagawa Prefectural Board of Education’s Education Bureau also does not seem to be correct.

As in these cases, there have been some inconveniences where necessary e-mails are treated like junk mail and cannot be received. As email service operators try to raise the level of security and eliminate unsolicited email, it becomes increasingly difficult to distinguish it from what is truly necessary.

Mr. Ueno said.

“When security levels are raised, there is also the problem of false positives that cause emails to be treated as suspicious, even though they are legitimate emails,” Ueno points out.

Mr. Ueno points out. What’s more,” he adds,

“Foreign attackers are also using artificial intelligence (AI) and other technologies to use plain Japanese, so it is not easy to automatically remove only suspicious e-mails, and the game is still being played.

It is not easy to automatically eliminate suspicious e-mails, so it is a constant battle. In order to avoid receiving unwanted e-mails, e-mail software from a business with a high level of security is one of the options.

However, that is not the only way to be safe. No matter what kind of e-mail you use, you need to take defensive measures such as not opening suspicious e-mails, not disclosing your e-mail address unnecessarily, and avoiding the use of important e-mail addresses by using “discarded” addresses when filling in e-mail addresses on survey sites, etc.