I rate spammers and their relatives as some of the filthiest scum on the earth because they prey on the innocent and vulnerable. People too naive and technically unable to defend themselves from attack by criminals out to steal, con, extort, blackmail, or otherwise extract money or resources for them while they hide behind the vastness of the internet. Their attempts may be seen as little more than the odd nuisance email (if it's not a stealthy attack), but this represents only the tip of a massive, dangerous, and highly organised criminal activity with no emotions, and the single aim of ruining anyone they can get their hooks into.
The following article is nothing particularly innovative, but I liked its simplicity, and it does give a few pointers in straightforward language that might help someone, so it deserves to be spread by the good guys in the White Hats - pity we can't distribute it using spam methods
Anatomy of a spam e-mail A daily chore of modern life for many is the morning trawl through a full inbox deleting spam email. But just where does it all come from and why do spammers use bizarre text, names and images in their emails?
I have found that using the Block Sender routine keeps the number of spam messages down a bit, presumably they have to use a new fake address everytime. It is certainly better than just deleting them as they then seem to multiply a lot. The message rules help a bit too but they seem to cotton on to this one and change the words used, particularly for viagra ads.
Doesn't happen (much) to me - as ignoring/deleting is the simplest and most effective treatment, assuming you have some sort of protection installed. Block Sender (or Blacklist) is ok, but they have thousands of address to send from, so is really only effective if the list comes from a provider. Fingers crossed, I have these in the wings, but haven't needed them yet (whistle)
I just got an email from another webmaster who has had to cancel and replace his private email address as a nasty type of spammer used it as the source of their filth, so there are all sort of hazards other than incoming spam.
For anyone that hasn't had this piece of advice, NEVER, and I repeat NEVER use the unsubscribe option or link on spam. This merely confirm that your email address has someone live at it to read their muck, and will increase your popularity. The link is fine, and safe to use on legitimate sites of course, but never on anything unsolicited.
I thought I'd have a quick look at the current spam criminal summaries, and see what's hot at the moment, and there are some handy examples to echo my warning about how dangerous it is...
Spam king and online drugstore operator Christopher William Smith, aka Rizler, 26, who is awaiting trial at the Sherburne County Jail, Elk River, Minn., used his phone privileges to arrange a hit on a witness and the witness's family. According to the indictment, Smith called an acquaintance from jail March 4 and allegedly stated he intended to threaten and intimidate a witness he expected would testify against him in his upcoming trial on drug and other charges. The indictment alleges Smith also said he intended to have the witness or the witness's family killed.
David Lennon, 18, used an e-mail-bombing program called Avalanche to send approximately 5 million messages to his former employer in 2004. The flood crashed the company's e-mail server.
Jeanson James Ancheta, 21, was sentenced to nearly five years in federal prison for using malicious software to seize control of 400,000 computers and then selling access to the zombie machines to spammers and hackers.
Sergey Kazachkov, of Voronezh in central Russia, former lead guitarist for Kazakhstan heavy metal band DLM turned science student, escaped jail after been convicted of running websites that distributed an estimated 4,000 different computer viruses.
A default judgment against Sanford ''Spamford'' Wallace and his company, SmartBOT.Net, orders them to give up $4,089,500 in ill-gotten gains.
Russians selling ''spyware for lamers'' kits for $15. Branded as WebAttacker, the script-kiddies' dream kit provides an overview and index to all the freeware and shareware spyware creation packages available on the Internet. The kit includes spam-sending techniques to lure victims to compromised Web sites and a number of applets and scripts that simplify the task of infecting computers.
Jumpstart hit with $900,000 spam fine. Jumpstart Technologies LLC will pay a $900,000 civil penalty for violating the CAN-SPAM Act, the largest penalty yet for illegal spam, according to the Federal Trade Commission (FTC).
Four indicted in Nigerian email scam. As part of a massive advance-fee scheme, the defendants allegedly sent spam e-mail to thousands of potential victims in which they falsely claim to have control of millions of dollars located in a foreign country that belongs to an individual with a terminal illness.
Inspired by this thread, or more likely just realising that I knew how to add the required code, I took the opportunity to add the interesting Spam Poison option to the Main Site.
This is a novel approach to the problem of spammers, and is unpopular with some 'experts', that uses their own methods against them.
When their bots crawl through your site, trying to harvest any email addresses that may appear inside it, they are directed to the Spam Poison site, which delivers millions of email addresses to the spammer's automated email generators - and every one of them's a falsie, dead as a doornail
I wandered by a site I have a tenuous connection with, and noted that it had had a revamp, and that the owner had set up a blog - only two entries, and in one he was making a big song and dance about his email address being abused, and getting no help from Ofcom, and having a dig at them too. When I noticed that he was accusing BT of this heinous offence, I had to look closer, and found he was 'Out of Order'.
Here the bulk of the issue, and if this is the sort of thing that Ofcom are not pursuing, then at least we know they are not wasting resources needlessly...
Spam and abuse of email addresses Today I received an email from BT. Nothing wrong there you might say except the email address was one I used for online ordering from DABS. BT bought DABS and, it seems, they are using the DABS email list. Again, you might say so what? The email was not for DABS products but BT products and you were linked to their shop not DABS.
Even though I did allow DABS to use my email address for marketing, I did not tick the box marked "third parties". According to Ofcom (waster of space really) this is an abuse of my email address.
I have complained to BT but only received a stock reply. I have tried to use Ofcom in the past but they really aren't interested and offer an online form that seems more geared to discouraging you from pursuing the process.
Grrrrr.
Without eyes on the BT contract drawn up to govern their purchase of DABS, I can only make assumptions, but having done similar, I can't see an organisation the size of BT buying an operation like DABS without having all its agreements Novated, or legally passed to them as part of deal. This would include DABS customers, and all information and agreements relating to them - in other words, BT becomes DABS so far as any existing deals are concerned, so Mr Grrrrr becomes a BT customer when the deal is done. If he has a problem with BT, then he contacts BT, in the same way as he could have contacted DABS, and says "Remove me, I no longer wish to be a customer". Ofcom doesn't enter the picture at any point - this is a business deal.
Reading between the lines, Mr Grrrrr says "According to Ofcom (waster of space really) this is an abuse of my email address", however he also goes on to say complained to BT and got a stock reply (why complain - ask to be removed), and used Ofcom in the past, so the 'According to Ofcom' remark is just that, his interpretation of the rules. It is also blatantly incorrect as he has stated he 'did not tick the box marked "third parties"'. Fine, and would be a reason to complain, if BT had been a third party that DABS passed his email on to, but they weren't. BT acquired DABS, and probably all their staff, assets, liabilities, contracts, and... customers.
It's a shame that Ofcom etc have to waste their time on nonsense like this, marked as spam, while the real spam pile up in our mailboxes offering is all sort of questionable medicines, questionable sexual advances from foreign lands, and millions of £/$ of wealth - and ruin the lives of the vulnerable folk that respond, generally poor and with mental health problems.
And Mr Grrrrr wants them to waste time over one email he got from BT, that wasn't even spam anyway.
1 If "Ignorance of The Law is No Excuse", the why can those providing services to spammer scammers claim immunity by saying they have no knowledge of what those they are providing services such as credit card handling, while ordinary mortals can't, for example, escape speeding prosecutions by claiming not know what the speed limit was?
2 Although the trail is convoluted, the researcher was nonetheless able to follow much of it. If there was any real desire or intent to quash spam scams, then it seems fairly obvious to my simple mind that a it wouldn't take much effort to tie together the authorities and the ISPs, and create software similar to that used to detects and bar stolen mobile phones automatically. Do the same to the scam spam chain, and since these crooks want an easy life, the increased effort (of which there is none at all at the moment) would make them fed up.
There doesn't seem to be any official enthusiasm to kill this - is it possibly because it doesn't provide tangible statistics of the number of victims? How many are in a rush to report their various patent organ expanders and weird medicines have cost them dear?
One repeat... if you note the closing comment in the articles, remember NEVER to reply or respond to any sort of spam, even to accept or confirm that you want to unsubscribe, or cancel it. All this does is CONFIRM to the scammer that there is a real, live person at the email they targeted, and you can depend on a lifetime of further spam to you account.
Over the past few weeks I have been receiving a deluge of spam, mostly offering dubious medical assistance. Over the past couple of days I have been receiving pages with no title and no sender or addressee details and what seems to be acres of code. When I tried to block the sender I hit a screen which said that one or more of the senders could not be blocked.
Deleting without opening is always a good idea, especially for those varieties with the subject line of "I thought you'd like this", which don't have they usual medical/sexual signs up front. Makes it tougher to come up with meaningful subjects for your own real messages though - so they don't get binned.
Once your email is "In the loop" there's nothing you can do about it, other than ensure you don't slip and accidentally read/reply and confirm it is 'live'.
I used to have another forum member that really was a Little Old Lady, and every time she emailed me I knew this would be followed by a period of weeks during which I would then receive a torrent of filth as it was clear that her machine had something installed on it that was using her active address book as a source of addresses to spam.
One of the easiest ways to have the rubbish blocked is to use one of the big webmail services. I've used lycos since day one, and it hasn't let me down. They has some sort of revamp recently, and although it seems to have caused some technical hiccups with the method I use to access it, I haven't seen a single spam message since they made the changes, previously there had be a few appearing each week.
I also use Google mail, which to date has filtered thousands of spam messages an not let even one into my inbox - unlike lycos, google lets you review what it's caught in case it has been too keen, but I have never found a genuine message being wrongly barred.
I never touched hotmail with even the proverbial 'barge pole' because of its origination amongst kids and nerds in the early days - years ago, one business colleague even admitted if a client had a hotmail address, he'd quietly find a way to drop them!
(I don't know if Google email accounts still need an invitation from an existing user - if so, anyone can ask me as I have built up a reserve of hundreds of invitations)
With regard to using blocking or rules in something like Outlook or Outlook Express, I wouldn't waste my time with this nowadays, as you could spend the rest of your life filling in black/whitelists to no avail, as the spammers are changing their details continuously to ensure that manually updated lists are quickly rendered ineffective.
I'm also tempted to advise throwing away any of the big name anti-virus/spam packages like Norton or McAfee. For one, you're blackmailed into subscribing to them for the rest of your life or they will go obsolete, and for another, they're a pain as they seem to be poorly written, and forever appear in lists describing installation problems with other software.
Again, since before it was known in public, I've used an anti-virus and email protection system from AVG. Free for personal use, AND subject to free, daily, automatic updates if you are on the web:
I used to run a stack of programmes to guard against external problems, but with the Google and lycos services killing the mail threat better than I can manually, and AVG doing the business locally (it integrates with Outlook) I just don't bother with anything else now.
Alerts from AVG have fallen to 2 or 3 over the course of a year, usually false alarms arising from software that is known to trip anti-virus alerts.
There's only one genuine threat that I see occasionally, and it usually arrives if someone sends me something apparently legit, but which they have obtained from a less than savoury site. AVG shouts at me immediately, and identifies it as carrying a payload that wants to use my PC to download software without letting me know it is happening.
There is one other thing to bear in mind, and that is that you (or anyone you know) don't have to do anything wrong to be the recipient of this stuff. It's very simple to write routines to create millions of email address names automatically, and then just tack @whatever.com on to the end of them, and leave that code to sending those email forever. So the odds of it generating your, mine, or anyone else's address at some point is inevitable.
On further inspection the messages appear to be the standard dollar loans, viagra and enlargement spam. The strange thing is that they come up on the Inbox list as a completely blank line and also show no sender or addressee. It is all a bit strange. I am certainly under attack from some where. I had 43 spam emails this morning and another 6 by tonight.
I have updated McAfee andd scanned My Computer and Drive C - nothing was found. The machine is operating normally except that it seems to take longer to start up.
The blank lines etc indicate that this has nothing to do with you or your computer, and that the junk is probably being generated automatically by bulk mailing lists and automated spam generators.
If you actually open one of those messages (I know, bad idea, but the actual likelihood of opening one with a payload is small in reality, and your email scanner should catch it if it's any good), then you will find there is a Properties option that will let you see the full header of the message, and that can give you more clues as to how it got to you.
I think I mentioned this before, but it bears repeating, and if you want to use a temporary/disposable email address to get into a site that won't let you access it, or download free or trial software without giving your email (which you probably don't want to do just for that), then use something like...
Guerilla Mail is for sale! $7,500 down from $15,000. Interesting, but not worth it - if the buyer sticks ads on it, then the sort of folk that use it will ignore them, and if the service had a charge, even a small one, then they'd just go elsewhere. Pity.
I've never had many spam mails, even on openly published addresses on domains I operate. I suspect that's only because I don't ever, ever, respond to any of the rubbish in any way, and confirm that someone has opened and read the spam mail.
I got an interesting one the other day. It was a job/dealership offer, and an initial check showed it was genuine (when I say 'genuine' all I mean is that it the info was genuine as was the business concerned - a software business near Poland), but checking the email and hosting details showed they had nothing to do with the business the mail was supposed to come from, and originated from a known source of spam. The spammer had hijacked the real company's appearance, description, name etc to create their 'hook', but had still made the spammer's mistake of not understanding that if they can't write in English, and make basic spelling and grammar errors, then none but the retarded (sorry, just being realistic) will pay them any attention, so it all seems very pointless and time-wasting.
Just ride it out, it can take months for a surge to waste away. Resist the urge to send return emails telling them to Foxtrot Oscar, I've seen it tried - bad idea, and/or use Google/Lycos webmail in public.
It is not an address I use much on the web except for utility companies etc.. The hotmail one I do use has never ( so far) had any spam strangely enough. I guess it has come from a contact's infected computer. It does tend to suggest that Toucan doesn't care much about spam although it has to be said, I never received one spam message until about a year ago.
I think the most interest point made in the article is that all the spam is generated in Russia and China, and sent to the west, and while the west is working to fight spam, Russia and China don't give a damn because it's not being sent to them - even though it's people in the US that are funding/originating it.
Worse still, they reckon 200 people are responsible for 80% of spam.
200 isn't all that many, and I don' think anyone would shed a tear if Black Ops or Wetworks were sent out to 'neutralise' this particular group of 200, and deter any wannabees from replacing them as a by-product.
If I should fail to be heard of for a while, then it may have something to do with becoming 'not quite' a millionaire
The following notification was received the other day... FROM: THE DESK OF THE VICE PRESIDENT no less
While reading this, it might be worthwhile pulling up the online El Gordo results page, which seems to think The Last Draw Date was: Saturday, March 8th 2008
There is only one worrying aspect, and that is the lack of demand for any money or personal information on the claim documentation that accompanies this - I can't immediately see where the scam is!
Maybe the fax or phone number is one of the nasties that is organised to redial you and reverse charge you £100s.
What you can't see are the dreadful graphics on the headed paper. Quite what a bad, chunky, low resolution scan of AXA's logo has to do with El Gordo I don't know, but it wouldn't surprise if AXA were to sponsor a scam, given the amount of times their logo is shown incessantly on ITV, and the pathetic returns their bonds provide to small investors - you might make more leaving your cash under the bed and selling the fluff that gathers on it.
The clever ones are quite good, a lot of those pretending to be from banks and big organisation like MSN use original graphics clipped from real sites, and pasted together to make official looking documents/emails.
The giveaway is when they ask for personal data of the type you never ever release, and then a look at the header info and source usually reveals an email origination that looks like it is real, but has odd characters when inspected. They depend on that odd feature of reading that means provided the first and last letters of a word are in the correct place, your brain will 'correct' the ones in between if they are in the wrong order, or only slightly mis-spelt.
Apparently unconnected, judging from their domains, I received three mails which might have delivered something nasty onto my PC this week.
In a new ploy I haven't come across before, I saw the messages which were reasonably well titled, and noted that UPS had tracked two failed deliveries to me, and that those nice people at Customs wanted me to confirm details to release a parcel (oddly, not HM Customs or Customs and Excise).
Inspecting the messages showed they all claimed have forms for me to download and print out, then fax back once I had signed them.
Needless to say, things never went that far, even though I was curious to see what was on the forms.
There were, of course, no forms, and as I probed just a little further I found that these documents - which had had their icons edited to make them look like Word documents - were actually executable program files. Since I'm no longer amused by battling these things, they were deleted and the domains reported to my mail provider, but anyone that simply opened these up normally, even just to read them without printing, could be in for a nasty surprise.
As I always say, if email arrives that you don't expect, ALWAYS don the rubber gloves and get the tools out before touching it - or just delete it without thinking. If it's something that important and not pre-arranged, the sender should be using something a tad more reliable anyway.
Just for good measure, I also got a letter this morning, the content of which suggest someone is having a try at getting a form of credit using some of my details. Unfortunately for them, I happen to deal with the organisation involved, so I can have a little word with them at start of business on Monday. I should win either way, spoiling some piece of thieving scum's day, and giving me some comeback if the company doesn't pay attention and I get a bill that's not mine at some time in the future. While that shouldn't happen given the degree of details involved, I like to play safe.
This was sent to me, not from the sender, but from someone who thought I might like a laff.
Said to have been a serious (if we can use that word here) spam message, with all the usual signs of having been sent from our good friends in Nigera, or somewhere similar...
I pray that this email reaches you in the best of health. This letter may come to you as asurprise due to the fact that we have not yet met. The message could be strange but it’s real and you will realise this if you pay some attention to it. I want to notify you about it at least for the sake of your integrity.
My name is Major Greg Boner Moyo, a direct and only remaining member of the wealthy Moyo family. I am an astronaut with the South African Air Force and on loan to the National Aeronautics and Space Administration (NASA).
In 2003 I left earth aboard the Mars Rover, Spirit. Seven months later I arrived on Mars.Prior to departing earth, I deposited the amount of US$ 11,600,000 (Eleven million, six hundred thousand United States dollars) in four safety galvanized boxes in a European financial institution which will be disclosed to you upon your acceptance of my proposal.
Last year, during the course of my research on Mars, I was ambushed by a group of analdwelling rebel Martians who inflicted great torturous pain upon my body with anal probes.
After a few weeks of enduring the physical pain, they released me. As a direct result of this cruelty, I am now very ill with a ruptured uterus that has defiled all forms of medical treatment and which has been deemed to be inoperable by my Martian surgeons. I am writing this mail to you on a laptop from my hospital bed in the Martian capitol of Zhwrong.
I now have but a few weeks to live and I am far too ill to endure the long and arduous journey back to my South Africa home. Therefore I have decided to donate the bulk of my fortune to a church or charitable organisation that will utilize this money in the manner which I shall impart to you later. In return for your assistance, I shall authorise you to keep 30% of this fund for your trouble and aggravation plus an additional 10% to cover your expenses.
You should contact my attorney in Johannesburg immediately with your address andtelephone number and he will give you his full contact information and guidance so that we can make arrangements as soon as possible.
Contact Barrister Richard Hardon Baloye Barristers & Solicitors, Johannesburg, South Africa Email:rev.georgeharris2@live.com
Sincerely yours, Major Greg Boner Moyo, National Aeronautics and Space Administration Elysium Veterinary Infirmary Zhwrong, Mars Nano nano
I've had some new ones slipping the net over the past few weeks, and these are along the same idea as the UPS theme, but in this case it's "my" airline tickets, which are now ready for collection as per "my" order, and the final security details and payment are now needed so that they can be released for collection - or some such nonsense. I really don't bother reading the detail now, as the very idea that a real ticket agent would ask for such things is just so preposterous as to be an insult.
It is strange how the spam you get varies from time to time. I started getting what purported to be CNN news updates and appeared genuine - I deleted them as usual. After a couple of weeks they changed to a different name of news updates and the titles became more and more farcical.
Now I seem to be getting a stream of porn videos. They all get the delete process too.
This is a bit of a gem, and the original text was carried in an email created using images, graphics, photographs, and colours stolen from the real Lloyds TSB site.
As an aside, if you didn't see the news items, Lloyds TSB made the news last week when they ejected one of their support staff from the building. Breaking the fundamental rules of network management trust, when he spotted a Lloyds' customer (who had a grievance) had changed his online banking password to "Lloyds is pants", the loyal member of staff took it upon themselves to change it to "no it isnt", leading the customer to be barred from his account as he obviously didn't know the password. The problem - and a story too long for this thread - only came to light when he phoned for help to get access.
As a network admin entrusted with the personal detail of hundreds of staff members, I think firing this fool was getting let of light, and there should have been more severe sanctions available, even something criminal for what they did.
Anyway, the following message begins by warning the poor punter that there are false emails floating about out there, and that they will naughtily ask for personal details, and then promptly goes on to use that rationale as justification for getting the recipient to do just that!
I don't know which is the bigger fool: the scammer for trying the very trick their email has just warned of, or any punter that falls for it and clicks the link given
Having inspected the link (but not tried it) it wouldn't appear to go a scam, but to something that's probably rather offensive.
Quoted Text
Dear Sir/Madam,
LloydsTSB Bank always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from LloydsTSB advising them to follow a link to what appear to be a LloydsTSB web site, where they are prompted to enter their personal Online Banking details. LloydsTSB is in no way involved with this email and the web site does not belong to us.
LloydsTSB is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service.
Due to the recent update of the servers, you are requested to please update your account info at the following link.
Like the writer of the following article, I have to take the odd wander into my Spam Folder every so often, just to see if anything has been swept in there that is actually legitimate, and needs a new rule added. Like the writer, I find this visit doesn't come with any surprises, and there's never anything there that I would go near, or even want to poke with a disinfectant soaked barge pole.
I've also watched the documentaries about the elderly, confused, or mentally ill people who believe, or are unable to determine the nature of spam cons, and have handed over their life saving to such schemers. Some of the saddest of these cases are those who cannot understand the problem, and having been cleaned out of cash, actually go on to raise credit and get into debt in order to send money in respinse to spam request. Their families try to help them, but cannot watch them 24/7, and these schemes still arrive by snail mail.
Slightly less than half (48 percent) said that they have never clicked on a spam e-mail. That's the good news, but that means the other half have clicked on or responded to spam. But why? The answers will undoubtedly horrify you. A full 12 percent said that they were interested in the product or service being offered—those erection drug and mail order bride ads do reach a certain market, it appears.
I believe I am, as they say, "In the wrong business":
Quoted Text
"Although a small percentage of the computing population, these numbers still earn a significant enough return on investment to support a booming spam-driven underground economy," wrote MAAWG. Indeed, with spam making up a very large majority of all e-mail traffic—Microsoft recently claimed it was at 97 percent—even low sellthrough rates are enough to make things very profitable. With botnets supposedly sending more than 80 percent of that spam (according to Symantec), there are now relatively few man-hours involved in making money from a spam-based business. Just set it and forget it.
Any pointers as to where I can invest my life savings in acquiring one of these spambot system would be appreciated
This is described as arriving the form of some sort of question which makes an appeal of some sort, for information or advice.
It may be new to the Guardian's tech's, but it doesn't look like anything new to me.
After all, why would someone I don't know address a personal request for such advice information, and from an email address I obviously won't recognise?
It's all obvious spam, and I simply delete it without further consideration or thought.
It's easy not to get caught by spam, but the media likes to talk it up.
If I don't know the sender or their email address, or if the subject means nothing to me, then it gets dumped without further thought.
Anybody that matters will tell me about a change of name or email address beforehand, if they can. I haven't lost anyone yet.
Spam only works because most folk just don;t bother to take care.
For example, this week I have emails from two of my banks, both very serious and following their corporate appearance with current logos and layout, warning me about spam etc, and requesting that I contact them immediately, and increase my security levels.
There's only only one small problem - I have never even dealt with the banks concerned, let alone an account.
Examining the return email address could also fool the casual user, as they contain reasonable facsimiles of the bank's possible email addresses.
I think it would be a reasonably safe bet that they get lots of replies - unfortunately.
I am forever preaching that span and scam is easy to beat:
If you get contacted by someone you have never heard of that want to know anything about you or your computer...
Slam the phone down or delete the email.
End of story.
If everybody followed this rule, spam and scam would soon dry up.
However, people are greedy, people are silly, and sadly, some people are simple and trusting, while others have mental deficiencies (and I mean that in the illness sense) and these are all the sort of targets that make spamming and scamming a worthwhile venture.
Here's a sad example of how it can work, and use misrepresentation of an innocent trustworthy supplier to give the scam apparent credibility:
Tilset Services shop is one of the first you see as you arrive in Rothesay from the big ferry, as the blue shop is right on the front, opposite the harbour.
I've never been in though, as it's generally closed whenever I've been there, but I have always thought the place must be a wee gem, provided it delivers a decent service, it has a captive market.
Home
Calendar
Search
Register
Login
Spam/Scam-busters
Print Thread
Report to Moderator
Logged
Site
Private message
ICQ
Skype
