Global cybersecurity firm F-Secure on Tuesday said spam emerged as the most common method for cybercriminals to spread malware in 2018, accounting for nine out of every 10 infection attempts throughout the year.
Spam campaigns disguised as delivery notifications or online shopping invoices have been popular with cybercriminals all year long, the cybersecurity firm found in a research.
The findings suggest that these tactics can prove even more effective around the holidays.
"The kind of spam that criminals use doesn't seem so spammy to a lot of people this time of year. More people are just more open to the commercial messages spammers like to spoof, which makes individuals more vulnerable at home and at work," said F-Secure Behavioral Science Lead Adam Sheehan in a blog post on Tuesday.
"Tests we performed using simulated Black Friday and Cyber Monday phishing emails saw about 39 percent more people click than similar tactics we use at other times during the year, which isn't a trend we like to see," Sheehan added.
Roughly 69 per cent of spam campaigns attempted to trick users into visiting malicious URLs and download a malware-laden file or commit another action that results in an infection.
Malicious attachments were used in the remaining 31 per cent of campaigns.
Downloaders, bots and backdoors together account for 52 per cent of malware delivered through spam, followed by banking trojans (42 per cent) and then ransomware (six per cent).
The Emotet, Trickbot, and Panda banking trojans are the most frequently seen malware families delivered through spam, the research showed.