< All Topics

Email spam, malware, or viruses attached to emails are a common web security threat. They can be delivered through an email message or an attachment in the email, replicate themselves and spread from one device to another. Additionally, malware and viruses can not only infect the recipient’s computer and email account but can also harm and infect other users by generating email spam via your address book.

What is Email Spam?

Email spam definition is; unwanted or unsolicited emails sent in bulk to many recipients.

Commercial or Malicious Intent

These emails are often sent for commercial purposes, such as advertising products or services, but can also be used for malicious intent, such as spreading viruses and malware.

Irrelevant Content

Email spam is most often identifiable by its content, which is often irrelevant to the recipient, and in addition, that it is sent to many people who did not request it.

If you receive a spam email, mark it as spam and delete it from your Inbox. Do not reply to it or click on any links or attachments that it may contain. Replying will confirm that your email address is active, leading to more spam and opening your account up to subsequent malware and virus infections.

Hosting Security Measures

Your hosting provider should provide security measures such as email spam filters and malware scanning, which are designed to identify and block unwanted messages. You should also avoid opening emails and attachments from any unknown senders, or any that look suspicious, or just feel ‘off”. Always scan email attachments with antivirus software before opening them and be cautious of where you share your email address.

Malware Attached to Emails

While email spam itself is not malware, if opened, or activated in anyway, it can cause an infection on your computer and then use your email account to send out more spam malware.

Malicious Software

Viruses and malware are malicious software programs that are aimed at infecting computers, networks, and servers to cause disruption. They can be spread through email attachments, links, or downloads. Once they infect your device, they can steal your personal information, corrupt your data, or take control of your accounts.

Disguised as Legitimate Docs

Email attachments are one of the most common ways that viruses and malware are spread. They can be disguised as legitimate files such as PDFs, Word and Excel documents and images. When you open the attachment the virus or malware is activated and can infect your computer.

They can also be hidden in links in the body of the mail. When clicked, the link will often take you to a phishing website that steals your data, or a website that is carrying malware.

Common Types

Some of the most common types of email spam malware infections include:


A virus is a type of malware that can replicate itself and spread to other computers to deliberately corrupt data and cause damage.


Trojans are malware that disguise themselves as legitimate software and cause damage to systems, devices and servers and steal data.


Ransomware encrypts and locks files on a computer and the attacker will demand payment in exchange for the decryption key. Note that paying the ransom is not a guarantee that all data will be restored successfully.


Spyware monitors a user’s activity on their computer without their knowledge. It is used to steal personal information, credit card and banking details along with usernames and passwords to commit identity theft.

To help prevent malware and virus infestations, always be cautious when opening emails from unknown senders, do not click links or download attachments from any source that you are unfamiliar with, or are not expecting an email from. Use reliable anti-malware software to scan email attachments and ensure that your service provider has substantial security in place on their servers.

How Malware is Used for Email Spam

Malware is used to send email spam from your email account by essentially hijacking and taking control of it.

Emotet Botnet

An example of malware used to hijack and spread malicious spam is the Emotet botnet. A botnet is a network of computers that hackers have infected and are controlled remotely without their owner’s knowledge.

Purpose is Data Theft

It is listed as one of the most dangerous email malware infections, and was initially designed to steal banking information; it is now used to also spread malware and ransomware via. malicious spam (malspam).

Primary Distribution

The primary distribution method for Emotet is through malspam in the form of phishing emails that trick users into clicking malicious links or attachments. Once it has infected your email accounts it uses your contacts list to send itself to every email address in it.

Recipients are Deceived

Since these emails are coming from your hijacked email account, the recipients and their spam filters generally won’t view them as spam and open them along with potentially clicking harmful links and downloading infected attachments.

Signs of Malware Infection

You can tell if your account has been taken over by malware if:

  • You try to access your account and the password no longer works.
  • Using the “Forgot Password” link does not go to your inbox.
  • Your Sent folder contains large amounts of emails you did not send.
  • The recipients of the spam email include people you do not know.

What To Do if Your Email Has Been Hijacked?

If you suspect your email has been hijacked and is being used for spam, follow these steps:

Change your password

Changing your email password immediately will help prevent further unauthorized account access. Make sure you use unique, hard to crack passwords for all your online accounts.

Contact your service provider

Finally, if you are unable to regain control of your email account because you have been locked out of it, immediately contact your email service provider for assistance.

Scan for malware

Use anti-malware software to scan your computer and remove any infection on your system.

Check and update your settings

Check your email settings to ensure they have not been changed without your knowledge and update your privacy and security settings.

Enable two-factor authentication

Using two-factor authentication on your account will add an additional layer of security.

Was this article helpful?
Please Share Your Feedback
How Can We Improve This Article?