Spam Examples (2023): The 10 Worst Attacks of All Time

By Tibor Moes / Updated: May 2023

Spam Examples (2023): The 10 Worst Attacks of All Time

Spam Examples

Imagine you’re at a party and one guest just won’t stop talking, drowning out everyone else and causing a ruckus. That, dear readers, is what spam is like in the digital world. It’s the loudmouth that disrupts our peaceful online gathering.

In this article, we’ll dive into the 10 worst spam examples ever, showing you how these uninvited annoyances wreak havoc in our inboxes. Get ready to explore this digital party crasher’s notorious history!


Spam email messages are automatically sent to many addresses at once. Also known as junk mail, spam emails are used for advertising or spreading malware.

  1. ARPANET Incident (1978): Marketer Gary Thuerk sent the first spam message to 393 ARPANET users, causing an uproar and leading to the creation of network etiquette guidelines.
  2. Canter & Siegel Incident (1994): Law firm Canter & Siegel spammed Usenet newsgroups with ads for their services. This led to the creation of the first anti-spamming policies and guidelines.
  3. AOL Incident (1995): A teen known as “MafiaBoy” flooded AOL users with spam, disrupting activities and causing AOL to invest in spam filters. He was later prosecuted, setting a legal precedent for cybercrime.
  4. Melissa Virus (1999): Programmer David L. Smith created a virus that sent itself to the victim’s email contacts, causing $80 million in damages and leading to increased investments in antivirus software.
  5. ILOVEYOU Worm (2000): Computer science student Onel de Guzman launched a worm that overwrote files and caused up to $10 billion in damage. This led to stricter computer misuse laws, especially in the Philippines.
  6. SoBig Worm (2003): An unknown source launched the SoBig worm, acting as both a trojan horse and a self-replicating worm, causing $37.5 billion in damages and leading to advancements in antivirus and anti-spam technology.
  7. MyDoom Worm (2004): Originating from Russia, the MyDoom worm infected 1 in every 12 emails worldwide, causing $38 billion in damages and leading to significant advancements in antivirus technology and spam filtering systems.
  8. LinkedIn Incident (2012): Following a data breach, LinkedIn users were flooded with spam emails attempting to trick them into revealing personal information. This led to significant security enhancements by LinkedIn.
  9. Yahoo Incident (2013): Hackers backed by a foreign government caused one of the largest data breaches in history, affecting 3 billion Yahoo accounts and leading to widespread changes in how companies handle and secure user data.
  10. Google Docs Phishing Incident (2017): Unknown sources launched a phishing scheme targeting Gmail users, posing as a Google Docs sharing request. This led to Google updating its phishing detection systems to prevent similar attacks.

Don’t become a victim of spam. Protect your inbox with the best antivirus software and your privacy with the best VPN service.

Spam Examples In-Depth

1. The ARPANET Incident (1978)

Once upon a time, in the year 1978, the digital realm experienced its first-ever spam attack. It was a time when the Internet was still in its infancy, mainly used by research institutions and government agencies. The culprit? A well-intentioned yet misguided marketer named Gary Thuerk.

Thuerk, a marketer for Digital Equipment Corporation, decided to send a promotional message to 393 users of ARPANET (the precursor to the Internet). This may seem a drop in the ocean compared to today’s spam volumes, but back then, it was unheard of, and it certainly ruffled some feathers!

The attack was short-lived, but the shock was felt across the network. The targets were primarily located in the United States, and while there was no direct financial damage, the breach of etiquette and the interruption of users’ peace led to a sense of violation. The data compromised was not personal or financial but it did set a precedent for unsolicited mass messages.

The incident sparked a heated debate within the ARPANET community, leading to the establishment of guidelines for network etiquette. As for Thuerk, there were no legal repercussions, but his name has since been etched in history as the ‘Father of Spam’.

2. The Canter & Siegel Incident (1994)

Fast forward to 1994, and we find ourselves in the world of Usenet newsgroups. Here, a law firm named Canter & Siegel executed what is arguably one of the most notorious spam attacks in history. The culprits, Laurence Canter and Martha Siegel, used a simple script to flood the newsgroups with advertisements for their immigration law services.

The spam lasted a few days and was not limited to one country or region. It was a global onslaught, affecting countless users who relied on these newsgroups for their daily digital interactions. While it’s hard to put a financial figure on the damage, the inconvenience and disruption to users worldwide were substantial.

As for the victims, they were not individuals, businesses, or governments per se, but the community of Usenet newsgroup users. The spam did not compromise any data, but it greatly disrupted the usability of the newsgroups, leading to user frustration and loss of trust.

In the aftermath, the online community rallied, with many Internet Service Providers (ISPs) implementing software to block or filter out spam. This incident led to the creation of the first anti-spamming policies and guidelines. Canter and Siegel faced no legal consequences at the time, but their actions, widely seen as a violation of netiquette, earned them the scorn of the online world and forever changed the way we handle and perceive spam.

3. The AOL Incident (1995)

In the mid-90s, a rebellious teen known by his online moniker “MafiaBoy” decided to cause a stir in the digital landscape. During the summer of 1995, he carried out a massive spam attack that targeted AOL (America Online) users, a popular internet service provider at the time.

“MafiaBoy” wasn’t after money or sensitive information. He was after chaos, and for a brief period, he managed to turn AOL into a digital battlefield. Users across the United States were flooded with spam emails, disrupting their daily online activities and turning their inboxes into a junkyard.

The attack wasn’t just disruptive; it was expensive. While it’s hard to pin down an exact financial cost, the impact was significant, as AOL had to invest heavily in developing and implementing strategies to curb the wave of spam.

The immediate aftermath saw AOL and other ISPs stepping up their game. They began developing more advanced spam filters, marking a significant milestone in the eternal battle against spam. As for “MafiaBoy,” he was eventually caught and prosecuted, leading to stricter laws and regulations surrounding digital misdemeanors, thus setting a legal precedent for future cases of cybercrime.

4. The Melissa Virus (1999)

Just as the digital world was starting to recover from the AOL Incident, a new menace arose. In March 1999, a worm named “Melissa” began wreaking havoc on a scale never seen before.

The brainchild of David L. Smith, an individual with a knack for programming, the Melissa virus was no ordinary spam. It was a parasitic file that, once opened, would send itself to the first 50 contacts in the victim’s email address book. It spread like wildfire, affecting millions of individuals and businesses worldwide.

The financial impact of the Melissa virus was staggering. It caused an estimated $80 million in damages, stemming from the disruption of email services and the costs involved in removing the virus. The virus did not directly compromise any data, but the disruption it caused was enough to classify it as a significant cyber threat.

The aftermath of the Melissa virus was a turning point in the fight against cybercrime. It led to increased investments in antivirus software and a heightened awareness of email security. As for Smith, he was apprehended and faced severe legal consequences, including a 10-year prison sentence (though he served only 20 months). His conviction served as a stark reminder to would-be cybercriminals of the serious consequences of such actions.

5. The ILOVEYOU Worm (2000)

As we entered the new millennium in the year 2000, little did we know that a computer worm was about to turn the digital world upside down. It came in the form of a love letter, an email titled “I LOVE YOU,” only to wreak havoc once opened.

The culprit behind this attack was Onel de Guzman, a computer science student from the Philippines. His intention was not to cause harm but to steal internet access passwords due to the high cost of internet in his country.

The worm was not picky about its victims. It targeted individuals and businesses alike, affecting tens of millions of users worldwide, especially in Asia and Europe. The worm didn’t just spam inboxes; it also overwrote files, making it more destructive than its predecessors.

The financial damage caused by the ILOVEYOU worm was immense, with estimates ranging up to $10 billion. The worm led to significant data loss as it overwrote image and document files.

The aftermath of the ILOVEYOU worm attack was a wake-up call for many. It highlighted the importance of regular data backups and the dangers of opening suspicious emails. The event led to the creation of more stringent computer misuse laws, particularly in the Philippines, where de Guzman was located. However, due to the lack of such laws at the time of the attack, he did not face any legal consequences.

6. The SoBig Worm (2003)

In 2003, the digital world was shaken by the SoBig worm. Unlike previous spam attacks, SoBig had a two-pronged approach. It acted as both a trojan horse, sneaking onto a user’s computer disguised as something else, and a worm, self-replicating and spreading to other computers.

The origin of the SoBig worm remains unknown, with the perpetrators managing to cover their tracks effectively. The worm targeted both individuals and businesses, primarily in North America and Europe, and its reach was extensive, affecting millions of computers.

The SoBig worm was particularly damaging, causing an estimated $37.5 billion in damages. The worm didn’t just flood inboxes with spam; it also allowed the perpetrators to control infected computers remotely, which they then used to send out even more spam.

The SoBig worm spurred advancements in antivirus and anti-spam technology, leading to better detection and prevention of such attacks. It also led to international cooperation in the fight against cybercrime, as nations recognized the need to work together to prevent such incidents. Despite the scale of the attack, no legal actions were taken, as the perpetrators were never identified.

7. The MyDoom Worm (2004)

The year 2004 brought with it the MyDoom worm, one of the most damaging spam attacks in history. The worm, thought to have originated from Russia, spread via email, appearing as a transmission error with subject lines like “Mail Delivery System” or “Mail Transaction Failed.”

The MyDoom worm was insidious, affecting individuals and businesses alike on a global scale. Its reach was extensive, with estimates suggesting that at its peak, 1 in every 12 emails sent worldwide was infected with MyDoom.

The financial fallout from MyDoom was staggering. It’s estimated to have caused $38 billion in damages, making it one of the most costly spam attacks in history. The worm didn’t just spam inboxes; it also opened backdoors on infected computers, allowing them to be controlled remotely.

The response to MyDoom was a massive global effort to halt its spread and remove it from infected systems. This led to significant advancements in antivirus technology and spam filtering systems. Despite an intense investigation, the originators of MyDoom were never found, thus no legal consequences were enacted. However, their legacy remains as a grim reminder of the potential damage that spam can cause.

8. The LinkedIn Incident (2012)

Moving into the era of social media, 2012 marked a significant shift in the landscape of spam attacks. This time, the target was LinkedIn, the popular professional networking platform. The attack followed a data breach in which 6.5 million user passwords were leaked.

This spam incident was a little different. It didn’t involve a virus or a worm, but rather a flood of spam emails sent to LinkedIn users, presumably in an attempt to trick them into revealing more personal information. While the perpetrators of this attack remain unknown, their actions had a global impact, affecting LinkedIn’s user base across the world.

The financial damage from this incident is hard to quantify, but the reputational damage to LinkedIn was significant. Users’ trust in the platform took a hit, and the company had to work hard to restore confidence. The data compromised in this attack was personal, with users’ professional information at risk of being exploited.

In the aftermath of the incident, LinkedIn made significant security enhancements to protect user data and improve password security. The breach also served as a wake-up call for other social media platforms, leading to industry-wide improvements in data security. Despite the scale of the breach, no individuals or groups were identified as being responsible, and as such, no legal action was taken.

9. The Yahoo Incident (2013)

In 2013, the internet witnessed one of the largest data breaches in history, affecting the popular web services provider Yahoo. This wasn’t just a spam attack; it was a full-blown cyber assault, with over 3 billion user accounts compromised.

The culprits behind this massive breach were a group of hackers backed by a foreign government. Their actions had a global impact, with Yahoo users around the world falling victim to the attack. The data compromised included names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers.

The financial implications of the breach were enormous, not just from the direct costs of addressing the breach, but also due to the reduction in Yahoo’s sale price when it was acquired by Verizon in 2017. The breach knocked an estimated $350 million off Yahoo’s sale price.

In response to the breach, Yahoo took steps to secure user accounts and improve its security infrastructure. The breach also led to widespread changes in how companies handle and secure user data. In terms of legal consequences, the US Department of Justice charged four individuals, including two officers from the Russian Federal Security Service (FSB), in connection with the breach in 2017.

10. The Google Docs Phishing Incident (2017)

Fast forward to 2017, and we find ourselves witnessing a sophisticated spam attack that targeted Gmail users. Disguised as a Google Docs sharing request, this spam attack was a phishing scheme designed to trick users into giving away access to their email accounts.

The culprits behind this attack remain unknown, but their actions had a significant impact, affecting Gmail users worldwide. The phishing scheme didn’t directly lead to financial losses, but it posed a significant risk to personal data, with potential access to all emails and contacts for those who fell for the scam.

The attack was stopped by Google within an hour of its detection, demonstrating the company’s rapid response capability. Google also immediately began rolling out updates to its phishing detection systems to prevent similar attacks in the future.

This incident served as a stark reminder of the importance of vigilance when it comes to email security. It also highlighted how quickly and effectively tech companies can respond to such threats. While the perpetrators of this attack were not identified and thus faced no legal consequences, the incident served to remind users and companies alike of the constant need for caution in the digital world.


As we’ve seen through these infamous spam attacks, the digital landscape can sometimes feel like the Wild West. But don’t worry, you’re not defenseless. Here are a few crucial steps to help you stay safe:

  1. Update, Update, Update: Always keep your devices and software up to date. Updates often include patches for security vulnerabilities that could be exploited by hackers.
  2. Invest in Protection: Consider investing in reliable antivirus software for Windows like NortonBitdefenderMcAfeePanda or Kaspersky. These programs can provide an extra layer of protection against various forms of cyberattacks, including spam.
  3. Be Vigilant: Be cautious with unsolicited emails or messages, especially those asking for personal information. If something seems too good to be true, it probably is.
  4. Educate Yourself: Stay informed about the latest cyber threats and safety measures. Knowledge is power when it comes to cybersecurity.

For more information, you can refer to the following trusted cybersecurity resources:

  1. National Institute of Standards and Technology (NIST): NIST is a federal agency that develops technology, metrics, and standards to drive innovation and economic security.
  2. U.S. Cybersecurity and Infrastructure Security Agency (CISA): CISA is the nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.
  3. The European Union Agency for Cybersecurity (ENISA): ENISA provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe.
  4. Internet Crime Complaint Center (IC3): The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant.
  5. Stay Safe Online: Powered by the National Cyber Security Alliance, this resource offers tools and resources to stay safe online.

By being proactive about your cybersecurity and staying informed about the latest threats, you can significantly reduce your risk and surf the web with peace of mind. Stay safe out there!

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor has tested 39 antivirus programs and 30 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

You can find him on LinkedIn or contact him here.