Spam is Bad

You may have heard the phrase phishing, where scammers try to get personal information from you through electronic means such as email. (we first posted about phishing back in 2004)

Smishing is very similar, the method of delivery however is through your cell phone.  Spammers have started sending fraudulent cell phone text messages, trying to trick people into revealing personal information, financial account numbers, and passwords.  The spammer usually tries to threaten the receipient with account cancelation or charges on their account if they do not comply.

Do not be fooled.  Just like with email, if it doesn’t smell right, it probably is a scam.  You should not respond to the sender. Do not call any telephone numbers provided in the text message – also don’t click on any links.

Computer users are being warned about a growing problem with e-mail messages that takes you to counterfeit Web sites.

They are called phisher sites, and they look legitimate. So does the e-mail, which claims to come from a company you do business with and tells you to click on a link to go to the site and update your personal information.

It’s all a scam, aimed at draining your bank account or stealing your identity.

The Federal Trade Commission said it has just brought a case against the 17-year-old creator of one of the sites, which claimed to be for the AOL Billing Center. Officials said he has agreed to give up ,500 in ill-gotten gains and is now barred from sending e-mail spam for life.

Dear Client,

We’d like to provide you with an update on recent spam attacks.

Our message security vendor has advised us on high volumes of bogus CNN and MSNBC messages that contain links to download malware. Spammers have copied the contents of CNN and MSNBC alerts and substituted a link that prompts users to upgrade to a new version of a fake Adobe Flash player.

The security service has detected and blocked the vast majority of these attacks, and continues to release protections to stop the new mutations. Their capture rate is over 99%; however, the attack volumes are so large (in the hundreds of millions of messages) that a 1% passthrough rate means that a few messages may end up in your inbox.

For best security practices, if you see any CNN, MSNBC, or suspicious news alert messages:

• Do not deliver these messages from your Message Center or Quarantine Summary.
• Delete these messages from your inbox.
• Do not click on any links in the messages.

If you need to access CNN or MSNBC content, visit the website directly.

Please be assured that our security service considers virus and spam protection as their highest priority, and continues to be on the cutting edge against new spam attacks and tactics.

“Completely rids your in-box of spam”? “Eliminate almost all junk e-mail messages”? Those sound like the kind of too-good-to-be-true claims you might expect to see in, say, a new piece of junk e-mail.

But several Internet providers are making this pitch in all seriousness. They might even succeed, but not without forcing major changes in how e-mail works.

This “challenge-response” spam protection departs from previous spam blocking. Instead of assuming that most e-mail is benign, then trying to screen the junk, challenge-response assumes mail from strangers is probably spam. Unknown senders then have to prove that they’re not automated spam relays by passing a simple test on a Web page.

Think of it as the difference between traveling within the United States, unless you’re on a wanted list, the odds are nobody will stop you, and traveling overseas, where you may not necessarily clear passport control. Challenge-response is the “your papers, please” approach to mail reception.

But it works. Spam sent from throwaway or bogus return addresses automatically disappears into the challenge-response trap, since there’s no return address to answer the “prove you’re human” challenge. Even if an actual person sent out the junk mail, only an exceptionally dedicated spammer would fill out a separate challenge-response form for every recipient.

Human senders who authenticate themselves, however, see their messages go through as before.

We tested the offerings of two of the best-known challenge-response systems, and found many kinks left in the system, especially with user-friendliness.

Mailblocks charges $9.95 a year for its mail service, and EarthLink this month began offering challenge-response filtering to its roughly 5 million subscribers.

There were difficulties in start-up, but when sent mail from each test account to the other, both systems worked well: Mailblocks and EarthLink obligingly fired off challenge replies to these test messages.

Several things can go awry in this process. People without Web access can’t reach a challenge Web page, and blind or visually impaired senders can’t get past one.

The stickiest situations involve mail sent by automated programs to willing recipients: mailing lists and legitimate, marketing e-mail.

There have never been any easy cures for spam, and challenge-response isn’t going to be one, either.

For a review on Mailwasher see Dot Com Norteast Wisconsin’s Internet Monthly