It has become increasingly common for spam to contain malicious programs or software that can be harmful to both your computer. The purpose of these small, malicious is to perform unauthorized, usually harmful, actions, when they self-install into your computer system, and infect your programs and files. They are commonly spread by e-mail, in the form of cleverly disguised attachments that trick you into clicking on them.

The most common of these programs are: Viruses, Trojan Horses, Malware and Adware. Knowing what they are and how they work will help you better protect yourself from malicious spam.

Viruses

A is a computer program that is specifically created to replicate itself and to infect a computer system without permission or even knowledge of the user. Viruses come in several varieties including:

The Boot Sector Virus

This virus will infect the root-most part of your computer hard drive, called the boot sector. This is what is used to start up your computer.

This type virus can prevent your computer from starting and may even force a hard drive format, causing you to lose all of the information on your computer in one fell swoop.

The Program Virus

This is an executable file. It becomes active when the program it has infected is run. When it is activated, it will infect other programs on your hard drive, disabling them.

The Macro Virus

The third type of virus specifically targets documents such as Microsoft word. It is activated when the infected document it has infected is run. One action it may perform, for example, is to erase dates in your documents as well as other areas of the computer.

Malware

The term “malware” is short for malicious software. It is a type of program that propagates on your hard drive and can create untold problems when it does so. Malware may install a program that you did not want, or ask for. When it does so, it will use up many of your computer’s system resources, effectively slowing it to a near standstill.

Trojan Horse

Much like its Greek namesake, the Trojan horse program is a seemingly harmless and innocuous application or file, but it contains harmful, malicious code and, when installed, can wreak havoc on your computer system. This program often runs undetected, giving the hacker access to your computer system and, for example, your personal information such as saved passwords and bank account numbers. The hacker is also able to display messages on your computer screen.

Adware

While not necessarily malware, but adware can be used for malicious purposes. Adware goes above and beyond what is reasonable advertising. It is adware, in fact what has given a bad name to some otherwise incredible free software that may actually be very beneficial to you.

It generates popups or other annoying advertising that can in fact freeze or lock your computer. In many cases, the adware is difficult if not impossible for the regular user to remove, disable or even detect.

In addition to displaying ads for the original advertiser, adware may log your whereabouts on the internet and send user information back to the spammy ad company about your computer use without asking for your permission to do so.

Spam is not always the most harmful thing you will find in your inbox; it is the attachments that come with spam that can really devastate your computer system. It is crucial that you do not open attachments in unsolicited email.

Tweet This Post

The spammer’s most fervent hope is that you are ignorant of the tricks and tactics used to spam your inbox. Learning the spammer’s nefarious ways is your best protection against spam.

Manipulating Text:

This is one of the most commonly used spamming techniques. Spammers will manipulate the text in the email, to foil the anti-spam filters. They may, for example, deliberately misspell some words: “M0rtg4ge” for example. They may add characters or spaces to words in the email header, to make the email seem unique from other email. Like this: X_A_N_A_X Here’s an example, . They may also insert random strings of text within the email.

Chain Letters:

Spammers may send out chain letter instructing you to forward the email to your friends and family. To entice you to do so, it may claim that forwarding it will bring good luck. This spam may carry viruses or a Trojan horse, which is sent along to anyone you forward the email to.

Image-based Spam:

The spammer sends out spam that contains an image in GIF format. This image bears the spammy message. Image-based spam is effective in by-passing spam filters because they are generally text-based.

Dictionary attacks:

This is a technique used by the spammers to find email addresses that they can spam. It involves trying random combinations of common names and words, and using these to making up email addresses, e.g. JaneDoe@YourISP.com, JDoe@YourISP.com, JaneDoe1@YourISP.com. The spammer will then send out junk email to the different variations of these addresses in the hope that some of it will go through,

Spammers tend to direct the dictionary attacks at the large email companies, which have a large number of customers.

Email spoofing:

Email spoofing involves the use of a fake email header that is written to make it look like someone other than the spammer sent the email. Very often, the spammer will make it look like the email came from a credible source such as your bank or yahoo, and try to get you to reply with personal information such as a password, social security number or credit card number. This technique is widely used because it is easy to do, and tends to catch the recipients off guard.

JavaScript:

The spammer can use Javascript that will ensure that the spam is only visible when the email is loaded. This type of spam can only be prevented using anti-spam software that decodes or blocks the java script.

Social engineering:

This spammer ploy attempts to fool the recipient into reading the junk email by pretending to be an acquaintance. It involves a junk email that has a “personal” subject line, such as “I’m leaving tomorrow,” “I got your message” or “Let’s meet again”.

Mining message boards and chat rooms:

When you post a message to a message board or chat room and leave your email address, automated programs called spambots will find your address and add it to the spammer’s mailing list. Much like a listed phone number in the telephone directory, leaving your email at these types of websites makes it public information.

Web beacons:

A web beacon, also called an “invisible GIF,” is an image sent out with spam that is invisible to the recipient. When the email is opened, the spammer will be alerted that your email address is “live.”

Open proxy, 3rd-party servers:

An open proxy is a third-party server that enables the spammers to camouflage their real identities as well as their Internet locations, when they send out their junk mail. Many spammers use these open proxy servers to help maintain their anonymity.

Tweet This Post

Phishing is an email spam scam that is specifically used to commit identity theft. Its sole purpose is to scam you into divulging personal information, which they can use to perpetrate identity theft. This includes passwords, card numbers, birth dates, PINs and other vital personal data. The term came into use to denote the way phishers bait to lure their victims into divulging private data. Industry experts define this devious practice as a form of “social engineering.”

Typically, a phishing attack will be executed in combination with a massive spam mailing. Phishing spam is sent out to millions of recipients, often with a subject line that is exciting or upsetting. It is calculated to trigger an immediate reaction from the recipient, and get them to respond without further thought.

The phishing email will often have phrases such as:

-Dear Valued Customer.
-Click the link below to access to your account.
-If you don’t respond within 24 hours, your account shall be closed.

The phishing spam is typically a fraudulent but very official-looking e-mail. It is cleverly designed to replicate the website and email messages of a business you know and trust such as your bank or mortgage company. The email will even sport official logos and graphics of the legitimate company.

It will instruct you to click on a link in the email to go to the company’s website, where you can “update” your personal information. The link will usually be “masked,” which means that when you click on it, it will take you to a phony web address. Clicking on the link will take you to a website that appears to be that of the real financial institution’s website. It is, however, just a copycat spoof, set up to give the spammer access to your personal and financial data. You may give your information thinking you are at the real website. Instead, any information you enter here will go directly to the identity thieves.

What are the Consequences?

If you fall prey to the scam and unwittingly divulge private information, you will be left vulnerable to identity theft, credit card fraud and other financial mishaps.

These identity thieves will either sell the information to fellow criminals, or use it for their own financial gain. This vital personal data will be used, for example, to set up fraudulent online bill pay, with payments made out to the phisher. They may use it to access funds from your bank accounts and credit cards and transfer them to their own checking accounts. They may even use a copy of your bank or credit card along with the phished PIN to withdraw cash from your accounts at any ATM.

Phishing is a numbers game for these criminal spammers. They will send out their phishing email to millions of recipients. They count on just a few falling for the scam and volunteering their information: if a mere 1% of recipients volunteer their personal information, the phishing expedition will be a hughly lucrative. It is these few who make their scam worthwhile.

Tweet This Post

Phishing Scams:

“Phishing” is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or any other kind of confidential personal information. Identity theft is the goal of this scam.

The phisher sends you a fraudulent email that is designed to look like it was sent from a reputable company. The email directs you to a website that looks like it belongs to the reputable company, but is actually a spoof. You are asked to “update” your information here, and if you do, all that personal information goes straight to the phisher. uses this information for identity theft purposes such as making withdrawals from your bank and credit card accounts, ordering new credit cards which they promptly max out, etc.

Some of the most recent phishing attacks have spoofed the email and websites of well known companies, including eBa, Paypal, Yahoo, Pfizer, Bank of America, among others.

Work-At-Home Scams:

These are some of the more tempting spam scams. They offer those who need to make extra money the opportunity to do so, and invariably the email will state: “no experience necessary.” The scammer often claims to have “inside information,” and tries to bait you with the lure of quick money for next to no effort. More often than not, you are asked to pay anywhere from $35 to several hundred dollars to purchase the kits or materials that will not earn you a dime.

This scam often offers opportunities involving handicrafts, stuffing envelopes or medical billing on your home PC. If you fall for this scam, pay the fees for the handicraft or envelop-stuffing “kit,” and complete the assembly of the crafts as instructed, you will be informed that your work is of poor quality and not worth paying for.

If you sign up for the medical billing “opportunity,” you will be asked to purchase a list of doctors. These doctors are either fictional or do not want or need your services and never did.

Credit Repair Scams:

These scams tell promise to erase real and usually correct negative information that has been added to you credit report, so that you can qualify for loans, mortgages, unsecured credit cards, etc.

These services rarely deliver on their promise, and more often than not, will create a great many more problems in the long run. They have even been know to suggest that you commit fraud e.g. falsifying your social security number.

Guaranteed loans on easy terms:

Some email scams offer guaranteed, unsecured credit, such as a home-equity loans that does not require equity in your home, or credit cards regardless of your credit history.
This offer of credit is often extended by an off-shore bank.

This scam is often executed in conjunction with a pyramid scheme, which will encourage you to make earn money by signing up friends and family to participate in the scheme.

The promised offer of a home equity loans turns out to be a useless list of
lenders who will turn you down if you don’t meet their qualifications. The promised credit cards never come through, and the pyramid money-making schemes invariably collapse.

Chain letters:

The spam email directs you to send a small amount of money to each of 4 or 5 names on a list, add your name to the top of the list and remove the last name on it, and then forward the updated list via bulk mail. Typically, the letter will claim the scheme is legal, and may refer to sections of US law as supporting proof of this. Not true.

These chain letters are almost always illegal, and nearly all those who participate in them lose their money.

Tweet This Post

Each minute of each day, there are literally thousands upon thousands of spam email messages flooding inboxes the world over. Some of that email even goes out from what appears to be your very own email address! Where on earth do spammers get your email address? There are various ways – some are legitimate, and most are not.
Typically, spammers will “harvest” email addresses from legitimate web sites, such as USENET groups, chat rooms, message boards, AOL profile pages and special interest group postings. These are sites you have visited and requested more information from, or corporate sites where you may have placed an order.

The spammers collect these addresses using automated programs called spambots. Spambots are designed to harvest the email addresses from these web sites. They scan every page on the site, collecting any text containing the symbol “@” they find. The email addresses they collect are compiled into a database, loaded into a bulk-emailing program and out goes the spam. Often, these harvested email addresses are also sold to other spammers ; once you email address makes it to a spammer’s mailing list, it will make it onto their fellow spammer’s lists.

Some websites require you to register before you can place an order or access certain parts of the site. Not all these websites will be as protective of your email address as you may wish. Newsgroups are particularly notorious for exposing their users’ email addresses to the spam gatherers. Most newsgroups do not take a great deal of care to hide the email of their users, and each and every email member email address is exposed and up for grabs by spammers. Some of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply guess or make up every possible variation of email address based on the domain name, for example @yourDomain.com . They create a mailing list of these addresses and then spam them. Corporate emails are especially vulnerable, as their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers because they can and do send out millions of this type of junk mail a day. A small proportion of the emails will actually be legitimate and will receive the spam – that is good enough for the spammer. This method of gathering email addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to harvest your email. When you place your email address on a web site, remove the @ symbol and replace it with the word “at.” This makes it far more difficult for the spam harvester to gather your address, because it cannot be gathered mechanically; it can only by read by a human who is actually reading the site. Alternatively, you should display your email address as an image rather than as text.

Tweet This Post

Spam is as prolific as the leaves on the trees and because there are so many kinds of it, it is a challenge to find the right site or organization to report spam to.
Each type of spam will violate the law in one way or another and each can be prosecuted if it can be proven.

Saving and sending the entire email header is an important step in reporting spam. The header of every email you receive will contain information on the full chain of computers through which the email passed in order to get to you. Generally, most email will pass through at least four computers: The spammer’s computer, the spammer’s ISP, your ISP and finally your computer. This is the most reliable way for an anti-spam service to track down the spammer’s ISP because the spammer will camouflage the “from” address.

As the email passes through each computer, information is added to the header indicating who the mail came from, as well as where they are sending it. While this header information will seem complicated, you just need to make note of the originating ISP, which will be easy to recognize. For example, if you receive your mail through AOL and you note “yahoo” in the string of information, then you will know to report the spam to yahoo.

To read the information in the email header, just right click on the email, choose properties and then either “options” or “header” depending on your email program. Then cut and paste the header path in its entirety, into the body of the email. Finally, forward the spam email first, to the spammer’s ISP, and then next to spam reporting agencies

You should also forward the spam to the Federal Trade Commission (FTC). You can do this at the website: uce@ftc.gov. While the FTC will not take action on individual incidents, they will add the spam to a database reffered to as UCE (unsolicited commercial email)

A common spam scam you may come across is called a “419 Scam”, or the Nigerian Advance Fee Fraud. These spam emails generally relates a tale of woe – a death in the family and a huge inheritance that the sender needs your (financial) help to claim. As improbable as it sounds, many people have fallen for this scam and millions of dollars have been defrauded from them. Fax a copy of this spam along with the header information to the United States Secret Service.

Here is a list of the agencies you may report spam to, along with the type of email they can handle or will deal with.

The Federal Trade Commission (FTC).
www.ftc.gov/bcp/conline/edcams/spam/ – This site offers you information about the law enforcement actions that have been taken against deceptive mailers and companies and those who do not honor opt-out requests from email recipients..

www.spamabuse.org
This is a third party reporting agency.

www.spamcop.net
Another third party agency which will report spam on your behalf to the relevant anti-spam agency.

For stock fraud, email the Securities and Exchange Commission (SEC) at enforcement@sec.gov . They are prosecuting however they are only able to deal with fraud in email that has to do with stocks and bonds.

Tweet This Post

Phishing Scams:

“Phishing” is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or any other kind of confidential personal information. Identity theft is the goal of this scam.

The phisher sends you a fraudulent email that is designed to look like it was sent from a reputable company. The email directs you to a website that looks like it belongs to the reputable company, but is actually a spoof. You are asked to “update” your information here, and if you do, all that personal information goes straight to the phisher. uses this information for identity theft purposes such as making withdrawals from your bank and credit card accounts, ordering new credit cards which they promptly max out, etc.

Some of the most recent phishing attacks have spoofed the email and websites of well known companies, including eBa, Paypal, Yahoo, Pfizer, Bank of America, among others.

Work-At-Home Scams:

These are some of the more tempting spam scams. They offer those who need to make extra money the opportunity to do so, and invariably the email will state: “no experience necessary.” The scammer often claims to have “inside information,” and tries to bait you with the lure of quick money for next to no effort. More often than not, you are asked to pay anywhere from $35 to several hundred dollars to purchase the kits or materials that will not earn you a dime.

This scam often offers opportunities involving handicrafts, stuffing envelopes or medical billing on your home PC. If you fall for this scam, pay the fees for the handicraft or envelop-stuffing “kit,” and complete the assembly of the crafts as instructed, you will be informed that your work is of poor quality and not worth paying for.

If you sign up for the medical billing “opportunity,” you will be asked to purchase a list of doctors. These doctors are either fictional or do not want or need your services and never did.

Credit Repair Scams:

These scams tell promise to erase real and usually correct negative information that has been added to you credit report, so that you can qualify for loans, mortgages, unsecured credit cards, etc.

These services rarely deliver on their promise, and more often than not, will create a great many more problems in the long run. They have even been know to suggest that you commit fraud e.g. falsifying your social security number.

Guaranteed loans on easy terms:

Some email scams offer guaranteed, unsecured credit, such as a home-equity loans that does not require equity in your home, or credit cards regardless of your credit history.
This offer of credit is often extended by an off-shore bank.

This scam is often executed in conjunction with a pyramid scheme, which will encourage you to make earn money by signing up friends and family to participate in the scheme.

The promised offer of a home equity loans turns out to be a useless list of
lenders who will turn you down if you don’t meet their qualifications. The promised credit cards never come through, and the pyramid money-making schemes invariably collapse.

Chain letters:

The spam email directs you to send a small amount of money to each of 4 or 5 names on a list, add your name to the top of the list and remove the last name on it, and then forward the updated list via bulk mail. Typically, the letter will claim the scheme is legal, and may refer to sections of US law as supporting proof of this. Not true.

These chain letters are almost always illegal, and nearly all those who participate in them lose their money.

Tweet This Post

As spam filters get increasingly effective, spammers are changing their tactics to foil anti-spam software and get through to your inbox. Recently, this has involved a shift from the use of text-based spam to the use of embedded images and PDF file attachments as the preffered delivery method for their spammy intrusions.

Image Spam

The prevalence of this form of spam increased in 2006, primarily as a means for advertising penny stocks. It involved the use of a picture or graphic embedded in the body of the junk email. The junk email’s message is displayed as an image.

Because most anti-spam filters are text-based, image spam was relatively successful. This led to its use in advertising everything from sexual enhancement to fake pharmaceuticals.

One serious effect of image spam has had is to further clog up Internet bandwidth, and drive up costs to businesses. This is because the average size of each junk email almost doubled. In fact, this increased size and the sheer volume of image spam forced many businesses to block all emails that contained embedded or attached images.

By early 2007, image spam reached an all-time high, accounting for almost two-thirds of all junk email. However, as spam filter technology has adapted to detect image spam, its use has since declined to less than 15% of all junk email. Instead, spammers are turning to PDF spam

PDF Spam

Spammers are increasingly using PDF files to bear their spam messages. The practice begun in mid-2007, primarily as a scam to fool recipients into investing their money in the stock of a particular company.

With this type of spam, the junk email is sent out with a PDF file attachment, which most anti-spam filters cannot or do not read. These attachments range from rudimentary to professional-looking documents. The text in the body of the email is usually nonsensical gobbledygook that the spam-filter does not recognize as junk mail.

For the spammer, the use of PDF files is advantageous because PDF files are so commonly used in the business world. In fact, several companies allow or even require their business email systems to deliver these documents to the recipient. This makes it very likely that this PDF spam will reach the user’s inbox.

The use of junk mail with PDF attachments takes up even more Internet bandwidth. This is because PDF files are generally much larger than the embedded pictures and graphics used in image spam. Image spam is typically in GIF format; PDF files are upto 3 times the size of these files.

The upside to the use of image and PDF spam is that so far, there is no hard evidence that either one can be used to embed malicious software on the recipient’s computer. The only harm is done to those who do what the message says. Spammers have also begun to experiment with attachments in different file types such as excel and zip files.

The advent and decline of the different types of spam attest to the cat-and-mouse game that goes on between the spammers and the security experts. As anti-spam technology catches up to their techniques, they continue to innovate and change tactics to deliver their spam messages.

Tweet This Post

It is virtually impossible to avoid having your email address end up on a spammer’s mailing list. You can, however, take steps to minimize the amount of spam that you receive. Here are to top five:

Address Munging

Never, ever post your permanent email address publicly online. Posting it on a website, on USENET, or in a guest book, for example, virtually guarantees that it will end up on a spammer’s emailing list.

If you absolutely have to supply an address, or regularly participate in online forums but do not want further communication, camouflage your address in some way. You can, for example, disguise your address by writing it in such a way that humans can read it, but the spammers automated programs cannot.

Example: instead of JaneDoe@ISP.com, add a blank space before and after the “@” sign, or use characters e.g. JaneDoe at ISP dot com.

This is reffered to as “address munging”. While address munging does not allow for a regular, clickable email link, anyone who really wants to contact you will figure it out the proper address.

If you have a website, provide a feedback form instead of giving your email address.

Sign up for an Alternative Email Addresses

Do not use your primary email address when placing an online order, getting a free download, or want to sign up for a newsletter or free service Get a secondary email address that you can use in these instances. You can open a free email account for this purpose. Email providers such as GMail and yahoo offer this free email service.

Reserve this email address specifically for this online activity – do not offer it to people from whom you want to receive email, as this will likely be lost in the deluge of junk mail.

Also, be sure to log into this account on a regular basis to delete the junk mail and avoid having the account closed. If you get over-spammed, just close this account and open a new one.

Choose an email address that cannot be easily guessed at. One method used by spammers to get email address is to generate a list of likely email addresses based on a combination of first names, last names and commonly used words. They may, for example build an emailing list that has variations of an address like JoelDoe1@hotmail.com, JoelDoe2@hotmail.com etc.
You can foil this spammer’s tactic by using a relatively long email address, for example 8 or more characters long. You should also avoid choosing email addresses that include either of your names. Use your initials instead, in combination with numbers, e.g. jtd1509@yahoo.com.

Beware the Phisher Spam

Phishing is a tactic used by spammers to scam you into giving up vital personal and financial information. Its sole purpose is identity theft.

Never divulge any personal or financial information that is requested in an email. Your bank or credit card company would never ask you to confirm or update your personal information via an email or a link in an email. Any such emails should be reported to the bank or credit card company. Never, ever click on any links in this type of spam.

Get a spam filter or spam blocker

Stop the spam dead in its tracks before it ever makes it into your inbox. Well, most of it at least. Though they are not 100% effective, anti-spam software will keep most of it out. Even if you only use the internet a spam filter will help protect you from spam.

Tweet This Post

In the early days of the Internet, spammers primarily targeted newsgroups on USENET, the online conferencing system. These are newsgroups that are organized as forums to discuss particular topics. As electronic messaging systems advanced, it made possible the practice of crossposting – posting the exact same message to multiple newsgroups and other online forums.

Spammers were quick to adopt crossposting as a tool of their trade. Now, they could send the same electronic message to thousands of newsgroup members at the one time. Not only could they target a larger audience with one posting, but they also did not have to differentiate between the interests and focus of the individual forums that they targeted. What’s more it cost them next to nothing to spam these newsgroups.

As email became an increasingly widespread mode of communication, the spammers shifted their focus the massive audience that it made available to them. Mass emailing software soon became another essential tool of their trade, as they begun to use this application to send junk email to thousands upon thousands of unwilling recipients.

The spam industry also adapted the available Internet technology to create the “spambot”. A spambot is an automated program that will rove the Internet, “harvesting” email addresses from newsgroup postings and from other websites. It literally gathers thousands of email addresses in a single hour. These are compiled into bulk mailing lists with which the spammers can thousands of victims at a time.

The practice of sending out unsolicited, unwanted junk email and junk postings came to be called “spam.” The term is commonly believed to have been derived from a British comedy skit by Monty Python, in which a restaurant serves each meal with a side of spam. As a waitress emphasizes to a couple the availability of spam with every dish, a group of Viking patrons break out in song, singing “SPAM, SPAM, SPAM… lovely SPAM! wonderful SPAM!” in a loud chorus. In the 80’s, the term was adopted to refer to the junk emails and postings, and the name stuck.

The earliest, most widely known incident of commercial spamming dates back to 1994. It involved two lawyers who spammed USENET to advertise their services as immigration lawyers. They later expanded their marketing efforts to include email spam. The incident is commonly referred to as the “Green Card Spam.”

This nefarious industry has since grown in leaps and bounds. Today, more than half of the trillion-plus emails that are sent and received are spam. Initially, spam was generally advertising-related email. In more recent years, however, a particularly nasty crop of spammers has emerged, who send out their spam with nothing less than malicious and/or criminal intent. Some send out spam that contains viruses or malicious code. Others devise scams intended to defraud you of your money. And then there are those whose focus is identity theft.

Benign or malicious, commercial or criminal – spam has transformed the way we communicate electronically, and will continue to do so well into the near future and very likely beyond. Spam has become a regular, albeit unwanted, fact of online life.

Tweet This Post