On Spam and Viruses, part two

Don’t Open Junk Mail

(If you do, a lascivious gorilla wearing a diver's helmet will come for you.)

Some spam comes in the form of html code. When you open the email, it sends a message to the spammer’s server telling it your email address is a working address. When you open the email, you become a qualified prospect and your email is ripe for selling. You can also trigger this response by using the preview pane in your email program.

Unsubscribing is another trick of the trade. By clicking on the unsubscribing link, you’re also let the spammer know your email is an active address.

On Spoofing

You get an email from somebody saying a message was undeliverable. Yet you never sent an email to that person. What happened?

Most likely somebody is spoofing your email address. Just as anyone can put a return address on an envelope that says, for example, “George W. Bush, 1600 Pennsylvania Ave, Washington DC 12345”, you can make up any address you want as a return address in email (this is not true with your corporate email account by the way – if you want to try it, do so from your home account).

So, if I pretend to be John.Doe@acme.com and send an email to Jane.Doe@bricks.com, if there is a Jane Doe in that organization she will get that email. If there isn’t, a reply will be sent back to the real John Doe, saying his message was undeliverable. Since John Doe never sent that email in the first place, he will understandably be confused at getting the undeliverable message.

Unfortunately you can’t stop someone from spoofing your email address. Your best bet is to figure out where the email is really being generated from, and complain to the originator’s ISP. If you get a lot of undeliverable responses to messages that you never sent out, contact your administrator.


Phishing
Spam is the medium of choice for scam artists. Phishing is where a scam artist sends you an email pretending to be from a company you already do business with or other legitimate source. The official looking email asks you confirm your personal information on one pretense or another. The email can even have a link to what appears to be the company’s site, complete with logo and graphics. The information requested can range from account information, account balances, pin numbers, mother’s maiden name, or passwords. Once received, they use your information for identity theft or direct embezzlement.

Police Departments report that older Americans are more likely to fall prey to this method, as they tend to have more savings, larger credit-lines, and are less likely to be computer adroit.

This makes sense to me. Who wants to target scam 16-year-old-computer-nerds with no money?

Common Sense
There is an FTC complaint form to report spam and spam related fraud to, but in the end, it really comes to common sense and controlled usage of your machine and email. I actually have multiple email addresses.

I have an employer provided email address which I use for company related communications. In my case it’s cumbersome as it’s on Lotus Notes and requires a VPN.

I have a professional email address off my outlook, which I use for convenience as no VPN connection is required. I also use it for my efax account. I tend to monitor this address through out the day and use it for business. No friends or relatives have this address.

Both of my professional email addresses have remained spam free for over two years now.

Then I have personal accounts. These are “throw-away” accounts on yahoo. The advantage here is that I can discard them easily without undue trouble should I suddenly become overwhelmed with offers to view Britney Spears’ breasts or chemical help for some sort of “male-enhancement” issue. (I don’t know about the rest of you guys, but I find the latter particularly insulting.)

Because this can prove cumbersome, I limit it to one “active” personal email account at a time. This personal account is not consistently monitored by me on a day to day basis, but, looked at as curiosity or need for a distraction from work arises. Should spam become an issue, as it did for several of my personal email addresses over the past five years, I simply move on to another disposable email address.

You might also consider having a “junk” email address. Say you want to read a newspaper article, but the site makes you register before you can read it. This is the address you provide, ditto for any other web junk activity.

Lastly, I won’t cover the forwarding articles/graphics using the web pages “forward to a friend” button; the down-side there is self evident. I also won’t cover the dangers of irresponsible web browsing, or not automatically stopping pop-ups on your browser. A person who falls into either of these traps is just proving Darwin right.

JP