Stopping Spam Emails: Protect Yourself from Online Phishing
By Hannah Hilst | Legally reviewed by Melissa Bender, Esq. | Last reviewed May 04, 2024
This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.
The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.
No matter how much the internet evolves, spam has always been an issue for users. Despite efforts to filter, limit, and block spam online, it continues to annoy consumers.
But the danger of spam can extend beyond just irritating you. It can bury the important messages you need to see. It can even trick you into falling for a scam.
On a broader scale, spam can clog up the entire internet system. Email services and internet service providers (ISPs) incur many expenses to fight spam and fraud.
This article will describe how spam can threaten your privacy and security online. You'll also find out what steps you can take to reduce spam in your inbox.
What Is Internet Spam?
Spam can take many forms, but the term encapsulates unsolicited, unwanted messages.
You'll likely see spam via email, especially since email addresses are easily sold or exposed in data breaches. Social media and text messages can also be spam.
Spam Emails
Email spam is unsolicited commercial email (UCE). Messages advertising a product or service that you didn't ask to receive are junk email.
People often use the term spam to describe any advertisements online. But not all unwanted emails are spam. Spam is something you never asked to receive.
When you sign up for their services, companies often ask for your email address. Once you give your email address, you've agreed to get emails. For example, receiving a bulk email from Banana Republic advertising its new fall line isn't spam if you've opted into its email program.
Scam Emails
Not all spam messages are scams, but unsolicited emails pose a higher risk. Because of digital advertising laws, legitimate businesses must follow the rules to avoid spamming customers. Scammers ignore those rules.
Below are examples of typical spam messages that indicate scams:
- Job scams: Outlandish promises of low effort or skill for high pay, such as, "Double your income from home!"
- Royalty scams: Prominent figures (e.g., a Nigerian prince) seeking help to recover their riches
- Cybersecurity scams: Advertisements for antivirus software from unknown senders that install malware, spyware, or ransomware on your computer instead
- Tech support scams: Warnings about your computer, such as an alert about hackers, with a promise to fix the issue if you give the sender access to your device
- Investment scams: Eye-catching offers for cryptocurrency schemes or high returns like "Turn $100 into $100,000 fast!"
- Recovery scams: Guarantees of reclaiming money you lost through theft, gambling and betting losses, or poor investment performance — only to take more money from you
- Phishing attacks and spoofing scams: Use of a fake pretext or email header information to trick you into revealing your personal information (a major cause of identity theft)
These emails may also contain malicious links and attachments. Reducing the spam you encounter can lower your risk of accidentally falling for a scammer's trap.
Why Do Legitimate Businesses Send Spam Online?
Spam is a cheap way to advertise. Spammers lure people into buying a product. Because spammers work in such high volume, if only 0.1% of their targets follow up, they'll still profit by hitting the send button.
Compare online spam to junk mail through the postal system. Companies pay high printing and postage costs, but people usually toss it out without looking at it. Junk email is much cheaper. Plus, spammers get immediate rewards if you buy something online.
How Did Spammers Get My Contact Information?
A spammer or legitimate company might get your email address or phone number through a variety of means, including:
- You actively sign up to get emails or text messages (solicited)
- You passively consent to get messages from a business through opt-in clauses in the fine print of a transaction or offer (solicited)
- A spammer "harvested" your email address from the internet and added you to its mailing list without your permission (unsolicited)
- Someone sold a bulk list of email addresses, including yours, to a spammer without giving you anything in return (unsolicited)
- A data breach leaked your email address and other personal information, which hackers exposed to spammers and scammers (unsolicited)
Whether you're buying shoes or subscribing to a news publication, you'll likely have to give your email address before you can get the service or product. Many websites fail to protect this data or tell you how they will use it. The best way to confirm that a company won't give your information to anyone else is to check their privacy policies.
How To Prevent Spam
Once spammers get your email address, they can be hard to ditch.
You might try to reply to the message asking them to stop contacting you. Unfortunately, replying can only confirm that your email address is active. It may encourage a bad actor to send more spam and phishing emails your way.
Instead, you can try the following methods to prevent spam and its consequences:
- Use email filters: Nearly all modern email providers (Gmail, Microsoft Outlook, Yahoo Mail, etc.) offer built-in spam filters. You can usually adjust the settings to ensure you still get emails from legitimate senders in your inbox.
- Create a zombie: A "zombie" email account is a secondary account you don't use for personal or business communications. For example, you might use it when shopping or signing up for apps. Spam and ads can flow into this account instead of flooding your real account.
- Don't share your real email address: When giving your email address is optional, or if you don't trust a website's security and privacy measures, don't give it.
- Don't interact with suspicious emails: Avoid opening, clicking on links, downloading files, or replying to the email message.
- Report spam: Email clients usually give you a quick and easy way to flag a message as spam and remove it from your main inbox. The message will move to your spam folder. As many people report spam, service providers can track and detect spammers to improve their filtering tools.
- Unsubscribe: Legitimate businesses must allow you to opt out of marketing emails and newsletters. Look near the bottom of the message to find an unsubscribe button or link. Review the link before clicking it to ensure it isn't malicious.
- Protect your device: Whether you use a desktop computer or a mobile iPhone or Android to check email, keep your device safe. Install security updates as soon as they're available.
You can also check how public your email address is. Try typing it into your web browser's search engine. If your email address pops up, you're probably on someone else's email list. Users sometimes publish their email addresses on professional websites or social media profiles like LinkedIn or Twitter.
You can remove your contact information from everywhere on the web under your control. But it will likely still be available elsewhere online. Once your email address is publicly visible, it may be impossible to retract for privacy.
Consumer Protection Laws Fight Against Spam
Many laws help ensure your online browsing and email are private. Yet, spam can be legal.
The most notable federal law limiting online spam is the CAN-SPAM Act. The act focuses on "Controlling the Assault of Non-Solicited Pornography and Marketing" (CAN-SPAM). Commercial email senders must include a valid postal address and opt-out information.
Unfortunately, this law did not prevent spam entirely. It essentially legalized it — as long as senders follow marketing requirements and label emails as advertisements. Under the law, companies can still send you emails you never asked for.
Can I Sue a Spammer?
No, consumers can't pursue private lawsuits against a spammer who violates the CAN-SPAM Act. Suing someone for committing fraud related to a spam email may be possible, but the underlying complaint would be the fraud, not the spam itself.
The Federal Trade Commission (FTC) and state attorneys general enforce the CAN-SPAM Act on behalf of consumers. If a sender continues to spam you without letting you opt out, you can report them to these entities.
Your ISP has the power to sue spammers for significant damages. Because spam imposes high costs for ISPs, they can hold spammers accountable. While some ISPs have sued spammers, these lawsuits haven't been enough to stop spam altogether.
Spam Can Create Other Legal Issues
Ultimately, the burden of preventing spam falls to you. Reduce spam as much as you can and report spammers to the FTC. You can also press your local politicians to strengthen anti-spam laws.
You have recovery options and legal protections if spam causes fraud or identity theft. Speaking with a consumer law attorney may be helpful, depending on the extent of your losses.
Next Steps
Contact a qualified consumer attorney to assist with the hazards and stress accompanying identity theft and online scams.