Lori Reed | A Passion for Learning | spam

Week 3 Thing 7: Blog Spam

Wow within a minute of my last post, I got hit by blog spam in the comments. How annoying. To prevent this I have turned on word verification for comments.

Read more about blog spam and what Blogger is trying to do about it.

Just like junk mail and telemarketing, spam is here to stay!

*Note: This post was written when this blog was on Blogger.

Technorati Tags:

Fighting Spam


These days when the word spam is mentioned, people tend to make a face. Not because of fond memories of the potted meat product, but because of the nuisance of unwanted email, which is the 21st century definition of spam.

Spam may come from someone you know in the form of chain letters or forwarded urban legends, or it may come from complete strangers. Some spam has viruses attached. But mostly spam is just a time-waster. Not only does spam waste your time but it also wastes valuable resources such as network bandwidth, space on email servers, and productivity costs in the time it takes you to delete the unwanted messages.

So here are some tips to combat spam:

  • Never, ever give out your email address on a public Internet forum, such as a discussion group or a blog. There are billions of zombie-like computers that scour the Internet looking for email addresses to add to spam lists. I have a Yahoo account that I use specifically for Web sites that require an email address, so that I do not get as much spam to my work and personal email accounts.
  • Or disguise your email address, joe at yahoo dot com, will allow people to understand your email address, but will prevent automated searches from finding your address. Remember that computers are looking for a standard email format, name@place.com.
  • Block images from your email. In Outlook, do not use the Preview Pane or Auto Preview. Most free, web-based email services will allow you to block images via the Options settings. Images can contain hidden messages that when viewed are sent back to spammers to let them know they have found a valid email address, resulting in…more spam.
  • Do not click the link at the bottom of any email messages to Remove Me From List. This is an instant way to let spammers know they have found a valid email address. Remember spammers get big bucks for real or validated email addresses. Don’t let them know you exist. Cyberspace is the one place where you want to be unpopular.
  • Delete, without opening, any messages that look suspicious. If it looks like spam, it probably is. If you do not know the sender, it is probably spam. If you receive email from the FBI or CIA it is probably spam.

See the October 2004 issue of InfoBytes for more details on reducing spam and instructions for using Outlook junk mail filters to reduce spam.

For more information on spam and efforts to combat it, check out the following sites:

http://www.ftc.gov/spam/

http://www.spamlaws.com/us.shtml

http://spam.abuse.net/

PSA: Spoofing a CIA Warning

(spoofing to transmit a virus)

Several staff have received emails that appear to be from the CIA. An example of the message is below:

—–Original Message—–
From: Post@cia.gov
Sent: Wednesday, November 23, 2005 3:37 AM
To: 0ILQ002W5BMMBI@plcmc.org
Subject: You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++7:00 a.m. to 5:00 p.m., US Eastern time

While this email looks like it is from post@cia.gov, rest assured that the CIA is not monitoring your Internet use. In fact, Internet use doesn’t even technically fall under the CIA’s jurisdiction…unless you are a terrorist.

This is an example of spoofing. Spoofing is commonly used by spammers and phishers to forge the From line of an email address.

In this case, the email had a virus attached. One of the clues that the email is a fraud is the email address that the email was sent to is not a valid email address. Another clue is the inconsistent capitalization — the “w” in we should have been capitalized. Phony emails also frequently have misspelled words in an attempt to sneak past junk mail filters.

In this case the “sphisher” (have I invented a new word) was sending a virus. If I would have opened the attached file then I would have gotten the virus on my computer. Luckily, PLCMC has sophisticated anti-virus and email filtering software installed, so the attachment never even made it to my Inbox.

When is doubt always close the email (or better yet don’t even bother to open it), and go to the home page where the email appears to have come from. A quick trip to www.cia.gov brought up this message on their home page:

Some members of the public have in the past few days received a bogus e-mail falsely attributed to CIA’s Office of Public Affairs. CIA did not send that message. In fact, it does not send unsolicited e-mail to the general public, period. If you have gotten such a message, we strongly encourage you not to open the attachment, which contains a destructive virus.

For more information about phishing make sure to read Helene’s post on 11/18/05 about Bank of America and a phishing fraud, and if you have time take a look at this article: http://techupdate.zdnet.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html

PSA: Online Banking Alert

(phishing scam)

Phishing schemes have been abundant for a few years now, but until recently they haven’t been quite as sophisticated. Take this email notice for example (an actual email received by one of our staff members just today) …


(Click for larger image)
The notice looks official and even contains references to the BofA website and a URL that looks like it should be legit. However, the URL is actually a redirect from the BofA site to a scammers site. How can this happen? Well according to several phishing alert and fraud organizations, the scammers are using a weakness of the Bankofamerica.com site. To view the explanation, click here.The Bottom Line: No matter have legitimate an email notice may look, be sure to contact the company or organization personally first to confirms its not a scam –and don’t use the contact info from the email – get the information from a primary source (i.e. telephone book or company website).

Victims of phishing scams, which are designed to capture obtain your personal information (name, SS#, online passwords, accounts, etc) soon become victims ofidentity theft! So be on the lookout and if it looks fishy phishy ( or even not) always do your homework and contact the organization yourself. A mere 5 minutes of detective work could save you 5 years of identity theft headaches.

PS: These type emails are so common, that even the BofA site has its own section for fraud

Author Helene Blowers