In the early days of the Internet, spammers primarily targeted newsgroups on USENET, the online conferencing system. These are newsgroups that are organized as forums to discuss particular topics. As electronic messaging systems advanced, it made possible the practice of crossposting – posting the exact same message to multiple newsgroups and other online forums.

Spammers were quick to adopt crossposting as a tool of their trade. Now, they could send the same electronic message to thousands of newsgroup members at the one time. Not only could they target a larger audience with one posting, but they also did not have to differentiate between the interests and focus of the individual forums that they targeted. What’s more it cost them next to nothing to spam these newsgroups.

As email became an increasingly widespread mode of communication, the spammers shifted their focus the massive audience that it made available to them. Mass emailing software soon became another essential tool of their trade, as they begun to use this application to send junk email to thousands upon thousands of unwilling recipients.

The spam industry also adapted the available Internet technology to create the “spambot”. A spambot is an automated program that will rove the Internet, “harvesting” email addresses from newsgroup postings and from other websites. It literally gathers thousands of email addresses in a single hour. These are compiled into bulk mailing lists with which the spammers can thousands of victims at a time.

The practice of sending out unsolicited, unwanted junk email and junk postings came to be called “spam.” The term is commonly believed to have been derived from a British comedy skit by Monty Python, in which a restaurant serves each meal with a side of spam. As a waitress emphasizes to a couple the availability of spam with every dish, a group of Viking patrons break out in song, singing “SPAM, SPAM, SPAM… lovely SPAM! wonderful SPAM!” in a loud chorus. In the 80′s, the term was adopted to refer to the junk emails and postings, and the name stuck.

The earliest, most widely known incident of commercial spamming dates back to 1994. It involved two lawyers who spammed USENET to advertise their services as immigration lawyers. They later expanded their marketing efforts to include email spam. The incident is commonly referred to as the “Green Card Spam.”

This nefarious industry has since grown in leaps and bounds. Today, more than half of the trillion-plus emails that are sent and received are spam. Initially, spam was generally advertising-related email. In more recent years, however, a particularly nasty crop of spammers has emerged, who send out their spam with nothing less than malicious and/or criminal intent. Some send out spam that contains viruses or malicious code. Others devise scams intended to defraud you of your money. And then there are those whose focus is identity theft.

Benign or malicious, commercial or criminal – spam has transformed the way we communicate electronically, and will continue to do so well into the near future and very likely beyond. Spam has become a regular, albeit unwanted, fact of online life.

Tweet This Post

In the early days of the Internet, spam was little more than an irritating nuisance. However, like every other aspect of the Internet, spam has evolved to become something far more nefarious in nature.

To understand just how big a problem spam has become, it will help to realize the sheer volume of unsolicited junk mail is sent out every day. More than 50% of all the trillions of email that is mailed out is spam. This spam clogs up and wastes bandwidth, especially with the recent advent of image-based spam. It places a huge strain on servers and wastes a huge amount of time and money to deliver millions upon millions of unsolicited emails to the inboxes of recipients.

Mass Mailing Viruses

Aside from constantly inundating your inbox with unwanted email, spammers now also pose grave threats to the health of your computer

One of these new dangerous aspects of spam are that illicit senders can now manipulate your email addresses, and make it seem to the rest of the world that the spam that is sent is coming from your personal computer or domain. This may result in your service provider blocking your Internet connection, or terminating your account. And all of it can be done without any knowledge on your part. It can easily be made to seem that you are an actor in a malicious mail campaign when in fact you are an unwitting actor at best.

AVF

Email is the most common vehicle of choice for spreading viruses, and for hackers to get into your computer system. There is an increasing amount of this type of spam being mailed out of late. These small programs can be used in myriad harmful ways, including crashing your own system, crashing that of the parties you email or keystroke logging to gather your personal information.

Another insidious tactic that the spammers employ is called “Phishing.” It involves the spammer sending out junk email that is specifically designed to look like it is from a reputable, legitimate source such as a reputable company like ebay or paypal. This spam utilizes the company’s logo and official graphics.

The purpose of this type of spam is to get your personal and financial information. Often it will fraudulently send you to web sites where this information regarding email, finances, bank accounts or other personal info is gathered and used in illegal ways. Very often, the spammers will combine methods, spamming their victims with virus-laden software, phishing and other schemes that take spam to a whole new level of illicit, criminal activity.

A 2006 study by Consumer Reports estimated that in two years, Americans spent more than $7 billion on repairs and parts replacement resulting from viruses, malware and spyware. This does not take into account the cost to the Internet Providers who have to pay for all the bandwidth taken up by the spammers junk, or the cost in time, money and productivity to businesses that have to sort through all the spam.

Spam is no longer harmless, silly, or simply annoying. It is increasingly harmful and we need to protect against it.

Tweet This Post

The threats posed by spam are always evolving, and phishing is one of the most recent scams the spammers have come up with.
Your most important protection against phishing is vigilance and a healthy skepticism. You can, however, supplement this with Anti-phishing software programs

Anti-phishing software works by detecting phishing content that may be contained in an email. It is genrallly used in conjunction with your email service as a toolbar. This tool bar will display the real name of any website you visit, and expose any spoofed websites that phishers may attempt to use.

This software is offers a second line of defense to for blocking phishing attacks and sites that might have foiled and bypassed by your browser’s built-in protection. Here are a few of them:

Earthlink Toolbar Scamblocker
Offers a check towards a phishing blacklist of sites
Checks the owner and location of the web site
Prevention against phishing and pop ups

Earthlink offers a free browser toolbar that includes ScamBlocker, an application that protects you against phishing scams and phishing pop ups. It will, for example, warn you when you attempt to connect to a website that is on Earthlink’s balcklist of fraudulent sites. It will analie each web page hat you visit and display a security rating of the webpage on its toolbar.

Earthlink’s Scamblocker can be downloaded at this link:

http://www.earthlink.net/software/free/toolbar/

Netcraft Anti-phishing Toolbar
When a one recipient of a phishing email reports it, the relevant URL is blocked for the rest of the Netcraft community members.

It will display for you the website’s hosting location, which will help expose fraudulent urls. Say, for example, you are on the bankofamerica.com website, the hosting location is unlikely to be in Poland.
The toolbar will also detect any web addresses that contain letters or characters that are only used in the URL to deceive.

The Netcraft Anti-phishing Toolbar can be downloaded at this link:

http://toolbar.netcraft.com/

TrustWatch Toolbar
This free toolbar is also designed to protect against phishing, identity theft and internet fraud. It does real-time checks to let you know if a web site you are visiting has been verified by a legitimate third party organization, and if it is therefore safe to transmit your confidential personal information. It is the internet equivalent of a credit check.

The TrustWatch Toolbar can be downloaded at this link:

http://toolbar.trustwatch.com/

Stopzilla Anti-Spyware 5.0
STOPzilla works by detwecting and blocking Phishing Attacks, Popup Ads, Spyware, Adware and other malicious applications. It also provides hijack protection.

Stopzilla can be downloaded at this link:

http://www.stopzilla.com/

Spybot – Search and Destroy
This is a free Anti-Spyware application. An important feature of this application is that it will Write-protect your computer’s HOSTS file, which is a primary target of phishers’spyware.

Spybot can be downloaded at this link:

http://www.safer-networking.org

Webroot’s Phish net
Phish Net employs a dynamic blacklist to protect against phishing. The application stores your personal data such as credit card numbers, social security numbers, etc. When you visit a site and attempt to enter this information, a pop-up will alert you that it is not on your list of trusted sites, and will expose any redirects that the may be involved in the transmission of your data. It will also verify that the site has an encrypted connection before it transmits the data.

Webroot’s Phish net can be downloaded at this link:

http://www.webroot.com/consumer/products/

Tweet This Post

Spam was once just clutter in your inbox; now it is a commonly used vehicle for fraud, electronic crime and even corporate espionage. The 4 Ws of spam answer the most commonly asked questions about spam.

What is Spam?

Spam, also called junk email, is generally defined in the Internet industry as unsolicited commercial email (UCE). It is email that is sent out in bulk to a huge number of recipients who did not request it. The contents of spam range from benign advertising to malicious programs that can literally hijack your computer system do grave damage.

The most common commercial spam advertises pyramid schemes, pornographic web sites, mortgage loans, chain letters, credit repair, fraudulent pharmaceuticals and illegally pirated software. The more dangerous spam will often contain viruses that can infect your computer, Trojan horses that can hijack your email program and use it to send out spam to your friends and family, and phishing scams that attempt to get your personal and financial information.

Who Spams?

“Spammer” is the term used to refer to those responsible for spam. In the Spam world, there are two types of spammers. There are the honest spammers who comply with the anti-spam laws, and have the consent of the spam recipients. These willing recipients usually join the honest spammer’s “opt-in” mailing list by signing up at a website, for example to enter a lottery, or to be notified of future promotions.
Then there are the dishonest spammers, who will get your email addresses by any means possible. They use their spam for criminal or malicious purposes and have zero regard for the law.
Spammers range from the lone, home-based individual to multi-million dollar companies with several employees. Most of the spam companies are increasingly relocating to offshore locations to evade US laws and law enforcement.

Where do the Spammers Get your Email Address From?

Spammers get their victim’s email addresses from just about anywhere you can imagine. Primarily, they use Newsgroup harvesters and Spambots, which are automated programs designed to “harvest” (extract) email addresses from online sites. Newsgroup harvesters target newsgroup postings and other unprotected web-based forums, which tend to have low security. Spambots troll the Internet, scanning websites and “harvesting” (extracting) email addresses. It typically searches for the “@” sign that denotes an email address.

The average spambot can harvest over 30,000 email addresses in just one hour. And this goes on 24/7, year and year out.
There are also companies that sell CDs that are packed with valid email addresses. These can sell for as little as $25, and they are a goldmine for any spammer.

Why do Spammers Spam?

In a word? Money. Spammers literally make millions from their illicit trade. Studies show that for every million junk emails sent out, a spammer will average about 100 sales. Add to this the fact that they make $50-$100 in commission for each sale, and you can see how the numbers add up to incomes in excess of $100,000 a year! What’s more, spamming can cost next to nothing.

But why does spamming continue despite its cost in time, effort and money? Because there are people out there who respond to spam. Even with a minimal response rate of one sale from every 10,000 emails, it can be highly profitable. If no one responded to spam, the spammer’s cash cow would starve and the practice would end. It is these few who keep the spammers in business. They make the cost of spamming worthwhile.

Tweet This Post

The threats posed by spam are always evolving, and phishing is one of the most recent scams the spammers have come up with.
Your most important protection against phishing is vigilance and a healthy skepticism. You can, however, supplement this with Anti-phishing software programs

Anti-phishing software works by detecting phishing content that may be contained in an email. It is genrallly used in conjunction with your email service as a toolbar. This tool bar will display the real name of any website you visit, and expose any spoofed websites that phishers may attempt to use.

This software is offers a second line of defense to for blocking phishing attacks and sites that might have foiled and bypassed by your browser’s built-in protection. Here are a few of them:

Earthlink Toolbar Scamblocker
Offers a check towards a phishing blacklist of sites
Checks the owner and location of the web site
Prevention against phishing and pop ups

Earthlink offers a free browser toolbar that includes ScamBlocker, an application that protects you against phishing scams and phishing pop ups. It will, for example, warn you when you attempt to connect to a website that is on Earthlink’s balcklist of fraudulent sites. It will analie each web page hat you visit and display a security rating of the webpage on its toolbar.

Earthlink’s Scamblocker can be downloaded at this link:

http://www.earthlink.net/software/free/toolbar/

Netcraft Anti-phishing Toolbar
When a one recipient of a phishing email reports it, the relevant URL is blocked for the rest of the Netcraft community members.

It will display for you the website’s hosting location, which will help expose fraudulent urls. Say, for example, you are on the bankofamerica.com website, the hosting location is unlikely to be in Poland.
The toolbar will also detect any web addresses that contain letters or characters that are only used in the URL to deceive.

The Netcraft Anti-phishing Toolbar can be downloaded at this link:

http://toolbar.netcraft.com/

TrustWatch Toolbar
This free toolbar is also designed to protect against phishing, identity theft and internet fraud. It does real-time checks to let you know if a web site you are visiting has been verified by a legitimate third party organization, and if it is therefore safe to transmit your confidential personal information. It is the internet equivalent of a credit check.

The TrustWatch Toolbar can be downloaded at this link:

http://toolbar.trustwatch.com/

Stopzilla Anti-Spyware 5.0
STOPzilla works by detwecting and blocking Phishing Attacks, Popup Ads, Spyware, Adware and other malicious applications. It also provides hijack protection.

Stopzilla can be downloaded at this link:

http://www.stopzilla.com/

Spybot – Search and Destroy
This is a free Anti-Spyware application. An important feature of this application is that it will Write-protect your computer’s HOSTS file, which is a primary target of phishers’spyware.

Spybot can be downloaded at this link:

http://www.safer-networking.org

Webroot’s Phish net
Phish Net employs a dynamic blacklist to protect against phishing. The application stores your personal data such as credit card numbers, social security numbers, etc. When you visit a site and attempt to enter this information, a pop-up will alert you that it is not on your list of trusted sites, and will expose any redirects that the may be involved in the transmission of your data. It will also verify that the site has an encrypted connection before it transmits the data.

Webroot’s Phish net can be downloaded at this link:

http://www.webroot.com/consumer/products/

Tweet This Post

There are several myths and misconceptions that abound when it comes to Phishing. These are the top 5 most common ones:

Myth #1

Anti-spam software can detect phishing email

While anti-phishing and spam filters can decrease the number of phising emails that get into your inbox, they are not 100% effective. Whenever anti-phishing technology keeps improving, the phishers are always devising ways to get around them. It truly is a cat-and-mouse game.

Secondly, because spam email and phishing email are different (phishing email spoofs a legitimate business), a different set of rules and criteria are required to detect the phisher.

Myth #2

As long as I don’t give my password and user-name, I won’t be Phished

Phishers are getting increasingly sophisticated. They now employ several variations on the original spoofed email that once requested your password and user-name.

They will, for example, instruct you to click on a link so as to update your information at a website. If you do click on the link, malware such as a keylogger or syware wil be downloaded to your computer.
The link may take you to a spoofed website, but it may also link you to the actual website of the legitimate business. Once there, a pop-up or overlay is activated, directing you to log in. You will probably be unaware that your access information has been compromised.

Myth #3

Most Phishing attacks originate from outside

With all the time and effort that has been poured into the Nigerian 419 spam scams, it is commonly assumed that phishing originates from emerging countries outside America. However, a study by Symantec shows that the majority of phishing attacks actually originate within the U.S.

Myth #4

Phishing is a problem that we can solve by educating users

This is not true. There are various ways the phisher can camouflage an IP address. In fact, a large proportion of phishing attacks are enabled through common misconfigurations in a web application. Phishers can manipulate internet technology to redirect you from a real and legitimate website, in such a way that although the original web address points to this real web site you are taken to the phisher’s web site.

As the incidents of phishing and identity theft have increased, people have become more aware, and better able to identify phishing emails. The percentage of phishing victims has gone down. However, even though users are getting better educated and informed about phishing, there is always still a chance that someone will mistake a well-crafted phishing email for the real thing.

Myth #5

I will know one when I see one

This is another misconception regarding phishing, and a potentially dangerous one at that, especially in our digital world. With all the time, talent and technology available to them, these cyber crooks have more than ample resources to create and execute increasingly realistic email spam, web site spoofs or other electronic means by which to scam you out of your confidential financial data and wreak havoc on your financial affairs.

Vigilance is, in fact, your number one protection against the phisher’s hook. Underestimating the phishers may cost you.

Tweet This Post

Whitelists are quite possibly the single most effective form of spam protection available on the market today. They are as close as you can get to totally eliminating spam from your inbox.

A whitelist is a database of trusted email addresses, IP addresses and domains. To build the list, each one of these trusted sources is manually added to the whitelist. Only email from a whitelisted source is delivered to the user’s inbox. In fact, whitelists are so effective, that the catch-rate for spam is almost 100%.

However, the efficiency of whitelists comes at a price, because it produces a large number of false positives. This means that a lot of legitimate email goes undelivered. To deal with this problem, a challenge-response technique is often instituted.

When an email from an unknown source is received, the system will respond automatically, sending a “challenge” back to the sender. This challenge may require the sender to answer certain questions, or decipher an image that displays a series of letters and numbers. This image can only be deciphered by a human, and not by spamming software. Once this is successfully done, the email is allowed to go through the system to the inbox. The sender is also added to the whitelist. The challenge-response methodology uses a combination of human judgment and software technology to determine which email to let through and which to block.

The advantage of this method is that it is not worth it to spammers to wade through all the challenge-response emails and respond to them. They are more likely to remove the email address from their lists and go after other addresses that do not have such requirements. However, the inconvenience of having to register to send email to the whitelist user may discourage legitimate email senders from following through.

Another impractical aspect of whitelists arises when the email account user places an online order, registers for a newsletter or other service. Each of these new email sources must be manually added to the white list. If the user forgets to do this, or enters it incorrectly, important email may be blocked.

Whitelists are far more effective than anti-spam filters, because the latter work by calculating the probability that if an email contains particular words, it is likely to be spam. However, spammers easily get around this feature simply by misspelling words, or by avoiding words associated with spam. For this reason, spam filters are usually only 80-90% successful. This may be acceptable on a personal account, but not on a business account that likely receives over a hundred emails a day.

Whitelists are especially beneficial to businesses as they almost totally eliminate the waste of valuable time that would otherwise be spent wading through the hundreds of spam that are received each day. However, despite their effectiveness in blocking spam, whitelists have not gained widespread use because of the high rate of false positives. It is also virtually impossible for businesses to compile an exhaustive whitelist database of trusted email sources.

Tweet This Post

The volume of spam that is sent out every minute of the day has reached pandemic proportions. The simple reason for this is because the cost to a spammer ranges from zero to negligible. In fact, anyone with a list of email addresses and Internet access can spam thousands, even millions of people with a single click of the mouse. The cost of spam, however, now runs in the millions.

Bandwidth

Spam takes up valuable Internet bandwidth that would otherwise be used for legitimate business and personal use. Bandwidth refers to rate at which data is transmitted; it is the amount of data that can be transmitted within a fixed amount of time. The lower the bandwidth, the slower the transmission.

When spam uses up valuable bandwidth, and clogs up the system, it causes costly delays in the transmission of important, legitimate information. It forces the Internet Service Providers (ISPs) to increase bandwidth just to handle the increased volume. This costs money, and this cost is passed on to the consumer.

Viruses, Worms and Malware

It is becoming an increasingly common menace. Spammers will attach viruses to the email they send out for purely criminal or malicious purposes. Some viruses, for example, are programmed to self-install and give the spammer access to all the vital information stored on your computer. This information is often be used for identity theft purposes.

Other viruses simply do great harm to computers the world over. A Consuner Reports study estimates that the cost of repairs and replacement parts for damage done to computer systems by viruses was over 8 billion over the past two years. This does ot take into account the billions spent on anti-spam and anti-virus software.

Productivity

Spam is not only annoying, it also takes up valuable time just to go through it and figure out sort out the spam from the valid mail. For businesses that receives hundreds of emails a day, the cost in time and productivity really adds up.
The “cost of spam calculator” that is available at cmsconnect.com estimates the that spam costs almost $1000 per employee each year, with over 50 hours of lost productivity for each one.

Lost Messages and Data

As we try to battle the spammers by installing spam filters and blockers, these programs often weed out legitimate businesss correspondence. Lost correspondence from a client or supplier can easily cost businesses money, clients and goodwill

Identity Theft

The phenomenon of phishing has become more prevalent as spammers think up new ways to make a buck at your expense. Phishing involves the use of email that is designed to look like a legitimate company has sent it. It is sent out to millions of people in the hope of scamming them into revealing personal information that the scammer can use for identity theft. The cost of Phishing and identity theft to their victims now also runs in the billions.

The cost of spam is a financial drain on the economy. We pay a high price for the spammer to scam his victims. The spammer pays nothing.

Tweet This Post

Each minute of each day, there are literally thousands upon thousands of spam email messages flooding inboxes the world over. Some of that email even goes out from what appears to be your very own email address! Where on earth do spammers get your email address? There are various ways – some are legitimate, and most are not.
Typically, spammers will “harvest” email addresses from legitimate web sites, such as USENET groups, chat rooms, message boards, AOL profile pages and special interest group postings. These are sites you have visited and requested more information from, or corporate sites where you may have placed an order.

The spammers collect these addresses using automated programs called spambots. Spambots are designed to harvest the email addresses from these web sites. They scan every page on the site, collecting any text containing the symbol “@” they find. The email addresses they collect are compiled into a database, loaded into a bulk-emailing program and out goes the spam. Often, these harvested email addresses are also sold to other spammers ; once you email address makes it to a spammer’s mailing list, it will make it onto their fellow spammer’s lists.

Some websites require you to register before you can place an order or access certain parts of the site. Not all these websites will be as protective of your email address as you may wish. Newsgroups are particularly notorious for exposing their users’ email addresses to the spam gatherers. Most newsgroups do not take a great deal of care to hide the email of their users, and each and every email member email address is exposed and up for grabs by spammers. Some of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply guess or make up every possible variation of email address based on the domain name, for example @yourDomain.com . They create a mailing list of these addresses and then spam them. Corporate emails are especially vulnerable, as their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers because they can and do send out millions of this type of junk mail a day. A small proportion of the emails will actually be legitimate and will receive the spam – that is good enough for the spammer. This method of gathering email addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to harvest your email. When you place your email address on a web site, remove the @ symbol and replace it with the word “at.” This makes it far more difficult for the spam harvester to gather your address, because it cannot be gathered mechanically; it can only by read by a human who is actually reading the site. Alternatively, you should display your email address as an image rather than as text.

Tweet This Post

Never respond directly to any unsolicited email that asks you to update or verify your personal information. Banks, stores and other legitimate businesses will never ask you to give this information via email, particularly following the advent of phishing.

If there is any doubt as to whether or not the email is from who it purports to be, contact the company immediately to confirm and clarify the request for information. Be sure to call a phone number from your statement. Calling the phone number in the email is probably a direct line to the identity thief.

Never click on a link in any such email. To do so would be to risk downloading malicious Trojan horse spyware, which will install keyloggers in your computer system. This would provide hackers direct access to all the personal data stored on your computer, which they will use for their own nefarious financial gain.

Never, ever fill out forms contained in an email that request personal information. The mere request for this information should ring a loud alarm bell. Phishers are able to use HTML to design very official-looking email messages. Any information entered into these forms goes directly to the phisher

Never trust links contained in unsolicited email. Phishers have devised ways to spoof legitimate website links. Common tricks that are used include misspelling web addresses or using sub-domains that include the name of a legitimate business.

An email link can also be “masked” in such a way that it displays a very official looking text-link to a legitimate company’s website, but clicking on it will take you to the phisher’s web site.

Do not cut and paste the link contained in the message into your browser. Type the address of the legitimate company in a separate browser window, so as to bypass having to click on the link in a suspected phishing email.

Always be suspicious of impersonal email. Almost all email communication from legitimate businesses will contain some specific piece of personal information that is not readily available to anyone but you. An email from your bank, for example may include part of your account number.
Always keep in mind that here are malicious people out there who do nothing more than think up creative, innovative ways to get at your personal information.

Be sure to use anti-syware and anti-virus software, and keep these regularly updated. Anti-spam filter software may help eliminate or minimize the amount of phishing spam you will receive in your inbox.

Be very cautious of opening any emailed attachments you receive, even if they seem to be from an acquaintance.

Help catch the phishers by reporting any phishing attempts. Forward the phishing email to the company that is being spoofed. Also forward it to these email addresses as well:
spam@uce.gov and reportphishing@antiphishing.org. This information will be used by the Anti-Phishing Working Group to fight phishing. This organization is a coalition between the internet industry, and financial institutions and law enforcement.

Learn more and stay informed by visiting the Federal Trade Commission’s Identity Theft website: www.consumer.gov/idtheft.

Tweet This Post