Message Control

How To Stop Unwanted Emails From Reaching Your Inbox

Thursday, July 29th, 2010

There are really only two ways to keep spam out of your in-box:

Prevention — This is at best only partially effective and requires a fresh and un-spammed email address. However, if you do start with a new address prevention can seem downright miraculous.
Filtering — Also not perfect but a good spam filtering service should remove more then 99% of the messages you don’t want. The thing to watch out for in filtering is false positives. (False positives are messages that should have been delivered but were blocked instead.) Blocking spam is easy, the hard part is not blocking the good messages.

(Actually, there is a third way but we’re assuming you don’t want to give up email altogether.)

These approaches are not mutually exclusive. In fact the most effective spam filtering comes from a combination of both. This means that, even if you have a good spam filtering service, it still helps if you take preventative measures. Relying on your filtering service to take care of everything is like asking asking your doctor to keep you healthy when you have a lousy diet and fail to exercise.

Don’t Encourage Them

First and foremost, spam exists because it works. If a spammer sends out millions of emails enough people will respond to make it worthwhile. Don’t be one of them.

(more…)

Tags: anti-virus, spam
Posted in All About Email, Message Control | No Comments »

Vonage Account Security Phish – A Perfect 10

Tuesday, July 27th, 2010

This is one for the record books.

The other day we intercepted several copies of a phishing email that, in conjunction with a fake web page, attempts to acquire your Vonage phone number and password.

Subject: Important – Vonage Account Security Information

From: “donotreply@vonage.com” <donotreply@vonage.com>

The body contains this image file:

: Fake Vonage Survey Request

In and of itself this phish is not particularly outstanding. The image file above looks like it could be from Vonage but actually links to a forged version of a Vonage sign-in page. The web site is not even a very good forgery.

What is outstanding is the URL of the fake web site . . .

(more…)

Tags: forging, phishing, url, vonage
Posted in Message Control, Phishing Lessons | 1 Comment »

Arthur Simmons – InTrust Domains – Bogus Domain Marketing

Monday, July 26th, 2010

Domains are cheap and easy to register, and marketing of otherwise low value domains can be so profitable that spammers simply cannot resist the opportunity.

Our favorite example currently goes by the name of “Arthur Simmons” from “InTrust Domains” but the personal and business aliases this spammer users are no doubt very many indeed.

We’ve seen this spammer send domain sales notices from a variety of email addresses, including:

Arthur Simmons <arthur@dni-domainsales.net>
Arthur Simmons <arthur@hostingbulb.net>
Arthur Simmons <arthur@trafficpad.net>
Arthur Simmons <arthur@spiritedconceptsinc.net>
Arthur Simmons <arthur@ideathreads.net>
Arthur Simmons <arthur@alterconcepts.net>
Arthur Simmons <arthur@valuealmanac.net>

And that’s just a small sampling. The domains used by this spammer are all recently registered, all redirect to the same spam landing pages, and are all easily disposable and thus likely to change in the near future.

(more…)

Posted in Message Control, Spam Tactics | 1 Comment »

Old Fashioned Advice For Avoiding Spam Email

Wednesday, July 14th, 2010

If you don’t respect your online identity, nobody else will and before long your in-box will rot and fall off. At least that’s what our mother told us. She also told us to eat our vegetables that we’d go blind if we forwarded email to ourselves.

We usually take what Mom says with a grain of salt.

However, it is true that if you start with a clean (as in “never been used”) address you can keep your in-box mostly spam free for a long time using basic email address hygiene.

Disclaimer: The tips that follow do not help to avoid dictionary campaigns which is why we say mostly spam free. Choosing a longer and/or more obscure address can help with this and an occasional spam from a dictionary campaign is not a big problem as long as you don’t open it, don’t reply and delete it right away.

Prevent Email Spam

The best way to prevent email spam is to keep your email address out of the hands of spammers. In order to do this you have to take precautions to ensure both safe web surfing and safe emailing. We’re sure your mother already warned you about the ways of the Internet too, but in case she didn’t, this is probably what she would say.

1. Be Modest With Your Email Address

You may think it’s cool to bare your email address in public but it can only lead to trouble. The web is crawling with address collectors (also known as harvesters) that just want to get into your in-box. Given the chance they will grab your address and have their way with it.

Cover your email address in public by using obfuscation. Instead of showing off your entire address at social networking sites just hint at it like this:

myaddress AT mydomain DOT com

Anybody that’s worth knowing will understand and you won’t get anywhere near as much attention from undesirables.

If you have a web site of your own you should avoid exposing links to your email address. It is possible to have address links on your site but you have to be careful to hide them from address collectors using a tool like the OnlyMyEmail Encoder.

2. Giving It Away Is Asking For Spam

Promiscuity is dangerous. Everybody wants your email address and most of them have bad intentions. This includes banks, grocery stores, magazines, warranty cards, job applications and especially web sites. They may seem nice but you never know if they’ll spam you or who they’re going to sell the information to.

If you must give an email address to a web site of questionable repute you need protection. Use a disposable email address and cast it aside like a used condom when you’re done.

3. Practice Safe Surfing

Make sure you have up to date anti-virus software with you at all times. You never know when you might need protection. The Internet is full of nasty viruses and malware and current AV software is your best defense against STDs (Sneaky Trojan Downloads).

Lack of money is no excuse. Many anti-virus clinics will provide you with free prophylactic software. Here are a couple of our favorites:

Remember, safe surfing not only protects you, it protects your friends. One virus can infect everyone in your address book. Using prophylactic software also protects you from your friends. Do you really know how careful they are?

4. Be Discrete About Your Partners

If you do engage in email intercourse, don’t let the whole world know who you’ve been emailing with. Learn to use Blind Carbon Copy (Bcc) to make sure you don’t give away your friends’ addresses and encourage your friends to do the same for you.

Do you really want everyone you email with to know about everyone else you email with? Think of your reputation! You’ll feel better knowing that by using Bcc you’re maintaining your privacy and keeping your affairs to yourself.

5. Avoid Strangers With Cheap Pills

Strangers will try to get you to their web sites by enticing you with cheap ED pills, easy diets, cheap watches and porn. Once they get you there they’ll abuse your privacy at best and probably steal your money and infect you with STDs.

It’s much better to ignore offers from strangers entirely and not give them the chance to trick you. Never reply to spam emails and if you can, delete them without opening them. If you do open them, never click on the links inside.

Your Email Address Is Precious

If you value your privacy you will heed the advice above. Take good care of your address and you will be able to enjoy it for a long time. On the other hand, if you lose your innocence you will never be able to get it back. Your address will become jaded and used; passed from spammer to spammer like a worn out penny. Just another victim of spam.

Tags: anti-virus, email, funny, humor, malware, spam, viruses
Posted in All About Email, Message Control, Spam Tactics | No Comments »

Yahoo Groups Spam

Tuesday, July 13th, 2010

While the dominant Internet email providers (Hotmail, MSN, AOL, Gmail & Yahoo) frequently talk about their commitment to fighting spam, they are actually amazingly inattentive to the rampant spam abuses allowed and enabled by their own systems.

We only occasionally point out examples of how sloppy, permissive and ineffectual these firms are in regards to spam, because thoroughly documenting the spam faults of these enterprises would be a full time job in and of itself.

That said, from time to time the abuses are just so obvious (easy to spot and catch) rampant and perpetual that we can’t help but wonder if they even deploy more than 2 or 3 high-school summer interns to their entire anti-abuse efforts.

We realize that they do all expend effort on filtering inbound spam emails from reaching their own users. Where they are apparently asleep at the wheel is in preventing their systems from being abused by spammers to send out emails and/or to host spam landing pages.

The latest example of such unchecked abuse is the spammers using Yahoo Groups to host and promote online sales of spammed pharmaceuticals (or at least brightly colored pills claiming to be the real thing).

(more…)

Tags: botnet, spoofing
Posted in Above The Law, Message Control, Spam Tactics | No Comments »

What’s A Disposable Email Address?

Friday, July 9th, 2010

If you spend much time on the Internet you’ll notice that everybody wants your email address. The reasons they give for wanting it vary but they’ll generally come down to one of these:

They use it to identify you — Email addresses are unique by definition and therefore make good user names.
They want to keep you up to date — In other words they want to send you marketing messages.
They allow others to contact you — This applies to sites that publish profiles like forums and social networking sites.
They want to sell it — Bet you didn’t know your address was worth money.

Creating a unique user ID is a legitimate reason for wanting your email address but many organizations think “Heck, as long as we have this huge list of addresses we might as well sell them and make some extra cash.” The same goes for “keeping you up to date”.

Social networking sites are also likely to sell or lease them to outsiders or “Marketing Partners”. Especially if they don’t charge you for their service in the first place. They need to make money one way or another.

(more…)

Tags: disposable email address
Posted in All About Email, Message Control | No Comments »

What’s An Email Address Collector?

Wednesday, July 7th, 2010

Spam is a volume business. The spammer that sends the most spam to the most addresses wins. Therefore, spammers need to continually find lots of new email addresses.

An email address collector (a.k.a. email address extractor, harvester or scraper) is a software tool used by spammers to crawl the web looking for email addresses.

How Does It Work?

Email address harvesters are more or less the same as the web crawlers used by search engines to index the web. Basically, crawler software starts with a given web page and visits every page linked from that page and every page linked from each of those pages and so on until it is stopped or it runs out of links.

In the case of a search engine crawler the software also records various pieces of data about each page such as word frequencies, what links it contains and how old it is. An address scraper is only interested in email addresses. It searches each page for character strings containing ‘@’ and ‘.’ (and if it’s really smart ‘at’ and ‘dot’). When it finds these two characters in the right order (and possibly other criteria are met) it saves them to the spammer’s database.

(more…)

Tags: email
Posted in All About Email, Message Control, Spam Tactics | No Comments »

What Happens If I Click That Link?

Monday, June 21st, 2010

An important email safety practice is to avoid clicking on links that aren’t safe. This begs the question “How do I know if a link is safe to click?” The truth is you can never be sure, but there are ways of mitigating the risk.

A link’s presentation has two major components:

The visible text (or image)
The URL that the link references

These two pieces of information are not required to be related so you can have a link that says “Log in to my bank” but actually takes you to “badwebsite.com”. The trick is to know what the link actually refers to, not what it wants you to think it refers to.

(more…)

Tags: browsers
Posted in Message Control, Phishing Lessons | No Comments »

Click Here To Log In – Craigslist Phishing

Thursday, June 3rd, 2010

This is priceless!

We just intercepted what might be the coolest Craigslist Phish ever. Maybe even the trickiest Phishing fraud ever — it’s definitely among the best we’ve seen.

For the sake of context, the normal Phishing and identity theft attempt goes something like this: You get an email that says something dire like “your account has been hacked/suspended/overdrawn or whatever” and then presents you with a link to a fake login page so the phisher can trick you into providing your username and password.

That is, of course, assuming you click the link and fill in the login form.

Most of the time the hyper-linked text will say something like “Log in” or “Click Here” or “Access Your Account” and if you hover your mouse over the link and look at the status bar of your email client you’ll see that the link actually goes to an abandoned URL like “abctreesurgery.com”; a random one like “sksjhrkeykser.com” or something on a hacked google groups page.

But this Phisher is in a class of their own.

(more…)

Tags: fraud, phishing, spoofing, virus
Posted in Email Fraud, Message Control, Phishing Lessons | 1 Comment »

Dear American Express Customer – Phishing Fraud

Wednesday, June 2nd, 2010

Up until now, we haven’t really seen many “American Express” Phishing fraud emails, though we’re not really sure why.

Perhaps it is related to smaller market share, or a perception that such card holders might be slightly more sophisticated and harder to trick? Whatever the reason, based on volume of the latest campaign, it’s irrelevant now.

Emails are arriving in mass, with a wide variety of spoofed Sender variations such as:

“American Express” <autoremailer@cc.americanexpress.com>
“American Express” <customercare@cards.americanexpress.com>
“American Express” <customercare@cc.americanexpress.com>
“American Express” <customercare@mail.americanexpress.com>
“American Express” <donotreply@card.americanexpress.com>
“American Express” <forms@card.americanexpress.com>
“American Express” <forms@cards.americanexpress.com>
“American Express” <forms@cc.americanexpress.com>
“American Express” <noreply@card.americanexpress.com>
“American Express” <no-reply@cards.americanexpress.com>
“American Express” <online@cc.americanexpress.com>
“American Express” <online@mail.americanexpress.com>
“American Express” <onlineforms@cc.americanexpress.com>
“American Express” <onlineforms@mail.americanexpress.com>
“American Express” <support@mail.americanexpress.com>

The Subject lines are less varied, generally including one of these:

American Express Online Form
customer notification
important alert
important information
important instructions
important notification
important security update
instructions for customer
official information

Regardless of the Sender address and Subject line variations, the body of the emails has been fairly consistent:

(more…)

Tags: fraud, phishing, spoofing
Posted in Message Control | 1 Comment »