FReeper Rule!
DUers Drool.
I'm a DUer.
Posted on 07/26/2004 1:17:35 PM PDT by Graybeard58
f you don't hit the delete button too fast, you may have noticed that your spam messages are changing. Big time.
What was once ludicrous come-ons for penis enlargements or lascivious offers for a peek at pornography is now a hotbed for financial scams and a black market for fake pharmaceuticals and software. The BBC News Online reports that spam is subtly shifting from nuisance to illegality, according to the British security firm Clearswift that has measured spam message topics for the past year. "Spam is now being used as a channel for a plethora of malicious and illegal activity," technical director Alyn Hockey told the BBC.
This is what makes up the spam pie: Finance: 39 percent Healthcare: 30.6 percent Other: 15 percent Direct Products: 9.6 percent Porn/Profanity: 4.8 percent Scams: 1 percent
Why are you now seeing more spam e-mail hawking a miracle diet rather than porn? Hockey says porn has been drastically reduced thanks to improved filtering technology. While porn has dropped to 4.8 percent of spam, compared with 21.8 percent a year ago, financial and pharmaceutical spam messages (read: Viagra) now make up nearly 70 percent of these annoying e-mails.
The dirty little secret of spam is that it works. Enough people respond to it to make it a viable business model. Hockey estimates that spammers have a one in 40,000 hit rate for the products they sell online. One reason for their success is that spammers pay attention to what's going on in the real world. "When Arnold Schwarzenegger was campaigning to be governor of California, there was lots of spam about offering Schwarzenegger memorabilia," Hockey told the BBC. Just watch. Toys and games will dominate before Christmas, and miracle diets will land in your e-mail box after the new year.
The scariest spam messages of all are those that try to steal information from you, including your Social Security number and credit card numbers. Click on these messages, and you'll go to what looks like a legitimate site, but the personal data you enter is stolen from you--something called phishing.
Hackers and spammers are joining forces, trying to infect home PCs with Trojan horse viruses that turn them into zombie PCs that can be remotely controlled without the owner's knowledge. Hockey predicts all this illegal activity will get worse before it gets better, but like pornography, it will eventually decline. "Pornography was offensive so there was a real push to try and stop it, and the same will become true of phishing once people become aware of it," Hockey told the BBC News.
Hard to believe that even one person in 40,000 would respond. Of course there are a lot of democrats in the world.
I'm surprised it's that high.
I'd have guessed 1 in 10,000 or lower.
I wonder what the hit rate is for the Nigerian scammers. They've taken in Harvard Professors and other "smart" people (can you believe that they get to cast votes too?).
The old line has never been more true: You can't cheat an honest man.
There are a lot of subject lines like:
Re: overdue payment
I've been trying to get you on the phone
Hey, we talked last week
ALL of these are illegal come ons as they use deceptive trade practices.
I also recently got one (purportedly from ebay):
Your eBay account has been suspended
(inside it says how some suspicious activity has been noticed on your account and so it "has" been frozen pending further communication...).
Just as there is a "postal inspector", someone in the Federal Trade Commission should be positioned over email fraud complaints. It is ILLEGAL to send porn ads to minors, period. In the postal realm, it is illegal to send porn ads to someone who has not approved such mail.
This is technically fraud over wires (phones/telegraph/etc.) and does fall under government oversight.
There has been no will to do anything about this issue for 20 years. The telemarketers lobby congress well.
I have been receiving a lot of spam with gibberish in the leading paragraphs. Just nonsense words strung together. This has been happening for several months. It may be spam for insurance or mortgage or even pharmacy products. What is this all about? Anyone have any info?
The gibberish is to get it past your spam filters.
The strung together jibberish is a way to foil spam filters. Fortunately we can customize our spam filters on our mail server to get rid of it...
Basically, messages with a lot of random words in the body content are designed to fool spam filters by containing terms that make them appear to be legitimate.
As filtering becomes more sophisticated, so do the spammers.
Unfortunately.
FReeper Rule!
DUers Drool.
I'm a DUer.
If you have HTML rendering turned off, you will see the gibberish.
You should have HTML rendering turned off. Otherwise the HTML could exploit a security vulnerability in your email program and access your system. At the very least, it could have you downloading content from a page you did not wish to hit.
If you turn off HTML rendering, the HTML will be delivered as an attachment. If you really need to read it (sent from someone who formats their outgoing email in HTML) you can always read it when disconnected from the internet. That way there is no possibility it will hit a Web page without your permission.
If you have the option, you should format your outgoing mail in plain text rather than HTML so others can read your email with HTML rendering turned off.
Just my $.02.
Shalom.
Did you mean 1 in 100,000?
I reported them to the FBI.
--Boris
In many cases, the URL will also contain encoded information to tell the spammer that your email address is "live" (i.e., someone is reading it and doesn't have a particularly good spam filter).
MailWasher: Good for pre-screening & bouncing SPAM
How did i get infected in the first place?
Earthlink aware of this and now is adding a scam protector as well as a spam protector to their website offerings.
I've noticed alot of that too and was wondering the same thing. I've been getting alot of phishing emails claiming to be from e-bay or paypal. Just remember, no matter how real it looks, if they ask you to click there link to log in it's a fraud.
I got one from Citi Bank last week asking me to verify my credit card info. The scary part is how did they know I have a Citi Bank credit card?
Nope.
I'd really have figured it would be around 1 in ten thousand.
They didn't. If you didn't have one, you'd just ignore the email.
WTF? There must be a story behing that photo. Care to share it?
I have been trying to get those Nigerian scammers to front me $2500 to help me arrange things to fly over to meet them!
;)
Those are great programs, but beware of ZoneAlarm. It does what it is supposed to, but it has some bugs. One of which - it will screw up your FTP server if you have one. I had to reinstall my system to fix it. I now use Norton Personal Firewall.
This is to fool spam filters, but not necessarily for that particular message.
Spam filters often try to "learn" what is spam. So they send these messages through with hundreds of words and later on you will receive other spam that has one or a few of those words in the subject line. It's like they are priming the spam filter to allow through subsequent messages. I'm not exactly certain of the technical aspects of why this works, but they are all doing it, so it must work sometimes.
If I might offer a theory, you might have it backwards. Using the nonsense text might be an attempt to get more legitimate messages classified as spam (for the reasons you cite), which would make spam filters less effective, as people would stop using them so as to not lose messages they want to read.
They probably didn't. Citi is one of the big ones, so they just take the chance that a large number of people have a Citi card.
I get them, trying to get my Citi card number and my Wells Fargo number, and I have never used anything from Wells Fargo.
Now one thing that was very scary to me was that I wanted to buy something from Ebay, and they seller only accepted Paypal. I had a Paypal account for a few years, but I never used it and never had any money in it or connected it to a credit card.
I wanted to bid on an item on Ebay, so I connected the Paypal account to my credit card and the very next day I received a phishing e-mail from "Paypal"! Coincidence or not? Not sure.
And I can see how people would have been tricked by it. It was an HTML e-mail asking me to update some Paypal information, and it used graphics referenced right off the Paypal site (www.paypal.com).
The only piece of the e-mail that wasn't from www.paypal.com was the link to click and that went to an IP address, which I traced down to a server in Taiwan. The e-mail looked very real, and came at a time right after I enabled my Paypal account - it would have been very easy to be tricked.
Those links are hilarious! I never thought of using all the great photos from different shows. The Mad, Mad, Mad, Mad World stuff had me rolling!
I'm glad there are a lot of people now turning these scams back around on the scammers. Hopefully, the scammers get what's coming to them. I have read that they have hurt people that actually went to see them.
Too funny!
I could have gone on with countless other permutaions. What really makes me curious is; what makes these idiots think that I would be interested in their Viagra if I have filtered the actual word from my inbox?
Bet you it was U.S. Bank. Also been done on CitiBank.
I have not reported it to Citi yet, but I probably should.
Someone needs to file some class-action lawsuits as spammers. Not for any outrageously-huge amount of money--maybe even just $0.0016 each [one second of labor at $6.00/hour]. That would actually be a class-action lawsuit where I wouldn't even mind too much if lawyers swallowed up most of the winnings.
FYI, I get the Paypal scam mail regularly even though I have not used my account in quite a while.
BTW, I just got an Paypal email about my credit card expiring. However, unlike the scam mails, this email just told me to log into my Paypal account the way I usually do and update my credit card info. They did not provide any links to do so.
My credit union allows users to set a "security phrase" which will be sent in all its legitimate mails. While the security phrase is sent in the clear and would thus not prevent someone from intercepting an email message and generating a fake one, it does mean that phishing won't work.
there's a sucker born every minute and some go around more than once
Nigerians are the worst.
John
Appreciate the warning- I run a hardware firewall- just can't abide the period of educating the SW firewalls and the way they slow the computer- but you do need something to stop this garbage.
I simply click forward and send them to spoof@ebay.com or spoof@paypal.com.
I recieve responses from both ebay and paypal - they claim that they are active in pursuing the people who send these.
I use Outlook also -- beware. The preview pane means you have opened the e-mail. There's not a lot of difference between previewing it and opening it. I keep the preview turned off.
This is especially important for spam that has "beacons". These are embedded image tags that can let the spammer know that you viewed the e-mail and that your e-mail address is valid.
When the preview is off, if you are not sure about a message, you can right-click on it and choose Properties and you can see the "from" address without actually viewing the message. With a lot of spam, the e-mail address is obviously fake, or at least one that no normal person would have.
IMO, it's long past time for the Feds to do some serious anal-probing of known spam operations (even a cursory reading of spam spewings will provide probable cause for a plethora of IRS, FDA, SEC, and other three-letter-agency investigations) and check out their clients for terrorist connections.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.