I think first of all we need to distinguish between two kinds of spamming emails. Some spamming emails focus only on business information, and some spamming emails have documents or files attached to them. We are basically focusing on those spamming emails with attachments. There are a lot of different forms of attachments that can be sent through the emails.
As we mentioned before, some of the emails contained the software called malware, and in my situation, which I explained before, we have evidence regarding the suspect who conducted the business email compromise. The malware he sent was capable of obtaining the log-in credentials of the email accounts. For example, if you accidentally click on that particular email with that attachment, the log-in credentials of your email account would be leaked to the suspect. Then the suspect was able to look into your email account, which you wouldn't notice. He kept on monitoring your email account for a long period of time so that he could find the optimum time for impersonating you and for sending emails to some people from the finance department in order to get some monetary reward. This is only one of them.
We also have some situations involving ransomware. It is also commonly sent through spamming emails. If you execute those files, some of the files in your computer would be encrypted so you would have to decrypt them on your own. You would either have to pay for the decryption tools or use your own means to get the decryption tools. Otherwise, the files will be encrypted permanently. In this respect, Interpol is trying to help victims to get some of the decryption tools.
These are two common activities.