Helping people with computers... one answer at a time.
It seems with all the constant news and awareness about spam it would disappear as people fail to fall for it. Sadly, that's nowhere near the case.
We all get dozens of rubbish e-mails about drugs, watches and, of even more concern, bank and building society information/account renewals. Is anyone still caught out by these spammers/villains? Surely they only keep going because gullible people respond. Or am I wrong?
You're right, and you're wrong.
Like you, for a long time I too believed that people just wouldn't be naive enough to fall for 99% of what shows up as spam.
I was wrong. Very wrong.
You're right, in that spam only exists because at a fundamental level it works. If it didn't work there wouldn't be any reason for it, at least not in the quantities we see.
Most spammers now are typically illegitimate business people trying to make money. It's a very practical decision: if spam didn't make money they'd focus their attention elsewhere.
Clearly they're not focusing elsewhere.
I throw spam into about three major buckets:
Infection attempts. Most of the time these days these are attempts to infect your machine with a spam-sending zombie, so you might not notice. These emails typically ask you to open an attachment which causes the infection, or take you to a website where the infection is downloaded.
Product sales. These are trying to entice you to buy drugs, body enhancement aids, jewelry or the like at enticingly low prices. The problem, of course, is that most are scams, or the drugs are outdated, the aids don't work and the jewelry is fake.
Phishing attempts. These are trying to entice you to provide your personal information by imitating some other legitimate site with which you may have an existing relationship. Once you give up your personal information, identity theft and credit card fraud follows.
I'll actually add a fourth class of spam: legitimate businesses that don't understand or follow best practices when it comes to emailing people. They're not malicious, per se, but if I didn't request it and you keep sending it to me, it's still spam.
Now, it's very easy to think that anyone who falls for these kinds of things is stupid, or at least naive or gullible. As you've said, we all get so much of it every day, you would think that absolutely everyone would know by now.
And you'd be wrong.
To begin with, the vast majority of computer users are not like you and I. To put it simply, they're not as savvy as you think.
Let's take an example: the infamous Nigerian 419 scam.
This scam has been around for years. In fact, it predates the widespread use of personal computers, starting out as a scam that spread by fax. I think most of us have heard of it, and it regularly makes the mainstream press as someone is, once again, taken in.
Let me summarize that: it's been around for years, it's publicized regularly, and people are still falling for it all the time.
It's no wonder that spam gets enough of a "success rate" for it to remain viable.
I'd chalk it up to a combination of ignorance - not as a derogatory term, but simply meaning "not knowing" - and a dash of desperation.
As much as you or I may have heard about various scams and issues, we are not everyone. Even if 1% of the population hasn't heard of a particular problem, or heard enough to take it personally or seriously, that's 1% that's vulnerable right there. And there are so many different types of scams or variations on scams, it's difficult, if not impossible, to know about them all even at a conceptual level.
Now, consider that people are often in desperate situations, and that these are the very people that scammers target. Be it people who suffer from poor body self-image that they're told can be solved with a pill, are in dire financial straights that could be wiped away by helping some overseas contact, or people who simply lust after goods and services they can't afford any other way ... these, and many others, are the people that end up making spam "worth it" to the spammer. (I also have to say that recent phishing attempts have been getting better - you don't need to be anything but trusting to fall for something that really really looks like it might have come from your bank.)
The other part that factors in that's difficult to comprehend is the incredibly tiny success rate that spammers need to make it worth their time.
Ultimately, spam costs the spammer next to nothing. And more spam costs ... well, it costs nothing more. There's no reason not to send a lot of spam, and in fact every reason to do so.
Consider this: you're a spammer and you send out one million spam messages at a cost of nearly nothing, and exactly one person falls for whatever it is you're selling. That's one person's worth of nearly pure profit. The other 999,999 who didn't respond cost you nothing. In fact, you can likely multiply your profits by a factor of 10 by sending to ten million people the next time, at no additional cost.
In traditional marketing that's a horrible "conversion rate" - one in a million, 0.0001%. But it's nearly free money to the spammer.
So the bottom line remains: spam still exists because it works, and it doesn't take much of a success rate to "work".
And be it due to ignorance, gullibility, or simply not being as computer savvy as the rest of us, it only takes a few people to fall for it to make it worth the spammer's efforts.