On an average day, only about 23% of received email is legitimate, 75% tends to be spam and the remaining 2% leads to malware.

The spam portion is pretty predictable. The top 3 most common types of spam are online pharmaceuticals (29%), counterfeit luxury goods (17%), and online romance scams (16%). This breakdown has been the same for several years, indicating the spammers are meeting with success.

Overall, successful spam seems to feed on people's feelings of inadequacy and need to compensate.

The spammers also succeed because most of the victims will likely not report. Someone who has placed an order for Viagra or some male enhancement pill will probably be too embarrassed to notify their credit card company or the authorities if the promised shipment isn't received. Not to mention not wanting to report because placing the order was itself illegal. Ditto for the counterfeit luxury goods scams - no one wants to 'fess up to trying to buy what amounts to stolen merchandise.

The malicious email categories seem to be a bit more volatile. For example, in 2009 financial themes (aka phishing) were the most predominant, comprising about 86% of the total malicious email. In 2011, however, there were far more shipping themes for malicious email, such as UPS or Fedex package delivery scams. In 2010, shipping scams foisting malware comprised 41% of the malicious email and financially themed malicious email was in 5th place at around 7%.

In 2011, shipping themes were in the #1 spot at 33% followed by financial themes at 28%.

Traffic ticket scams were the new kid on the block in late 2011. These email scams claim to be citations and photographs of traffic violations captured via traffic cams. As with many other types of scams, the criminals are preying on people's fear. Indeed, fear and a sense of urgency are the most common motivators used by scammers.

The financially themed email tries to convince recipients something will happen to their bank or credit card account if some action is not taken (such as opening the attachment or clicking the link in the email). Ditto for the shipping scams - recipients are advised a delivery attempt has failed and they must take some action in order to recover the goods (i.e. open the attachment or click the link in the email). The traffic ticket also tries to evoke a sense of fear/urgency by conning recipients into thinking they've got a ticket that needs to be paid (by opening the attachment or clicking the link in the email).

And, of course, by opening that attachment or clicking the link in the email, the recipient is unwittingly infecting their computer with malware - usually a downloader trojan that will install even more malware in the hours and days following.

So how can you counteract the continuing onslaught of spam and malware in your inbox?

1. Bear in mind that WYSIWYG (what you see is what you get) does not apply to anything online. HTML, the language of the Web, tells the browser and email client what to display. There can be a vast difference between what is displayed and what is actually lurking behind the scenes. HTML markup makes it easy to display an innocent looking link that behind the scenes points to a very malicious website. (See: Fraudulent Link Scams). Reading email in plain text will thwart this, but may not be an option for those using a webmail provider.
2. Don’t click on links or open attachments in email that was received unexpectedly. That includes links and attachments from friends, family, and co-workers. Pay attention to the language used in the email – is it consistent with the type of spelling/phrasing the sender would normally use? When in doubt, contact the sender using their address from your address book (don’t hit reply on the email) and ask if they really intended to send you that link or attachment.
3. Keep your system completely patched. This applies whether you’re using a Mac, or Windows, or Linux. And it applies to all programs – especially third-party addons such as Java and Adobe Reader/Acrobat. In fact, you’re much more likely to get hit by a third-party exploit than an exploit of the operating system. It also goes without saying that you should keep your antivirus software up to date at all times.
4. Avoid fear/urgency based reactions. If you receive an email claiming to be from your bank or some government entity claiming that you must take some action, go the old fashioned route. Contact your bank or the government entity via phone or in person and ask if the email is legitimate. Never use a phone number or email address provided in the body of the suspect email – those are likely fake as well and will simply direct to a criminal call center masquerading as the real thing.
5. If an offer sounds too good to be true, it probably is. Don’t purchase goods from unknown vendors, particularly if the purchase would be considered criminal in your jurisdiction. Ask yourself, “if this purchase goes awry, would I be embarrassed to report it to authorities?”. If the answer is “yes”, do not make the purchase.
6. While it may be tempting to believe the person on the other end of the email is really a twenty-something year old Russian beauty, the reality is she is far more likely a balding, 50+ year old man with a pot belly whose motive is to drain your bank account.

Fear, urgency, greed, and lust are the most common tripping points for victims of email scams. The next time you’re confronted with a questionable email, take a deep breath, walk away from the computer, and think through the possibilities. The brain is a marvelous instrument. If you can keep your emotions out of the way, chances are you’ll have no trouble spotting a scam for what it really is – a scam.