ICANN, the organization charged with overseeing the address system of the internet, has revoked the right of notorious registrar EstDomains to sell domain names. EstDomains is known as a registrar that caters to phishers, spammers, and other cybercriminals. ICANN handed down its decision after the company’s president was convicted of fraud.

          “This termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction,” Stacy Burnette, ICANN’s director of contractual compliance, wrote. ICANN rules permit the group to terminate registrars who have officers or directors convicted of a crime related to financial activities, she said.

Read the rest of this entry »

Posted in Fighting spam, Spam news No Comments Tags: phishing, spam

The reports are in and the news is not good. Malicious spam rose sharply in the third quarter. From July to September 2008, one in every 416 emails was malicious spam - compared to one in every 3,333 emails in the second quarter of the year. The rise is blamed on several large attacks such as the “Penguin Panic” attack. What was made to look like an innocent game for the iPhone was actually a nasty Trojan. This attack was responsible for nearly 27% of malicious spam. A similar attack pretending to be a Microsoft security patch was second, accounting for 12% of malicious spam sent.

Read the rest of this entry »

 MillerSmiles.co.uk is one of the internet’s leading anti-phishing sites, maintaining a massive archive of phishing and identity theft email scams.  This organizations provides the latest information on phishing scams.  MillerSmiles.co.uk actually keeps its phishing database updated from contributions from people around the world, including email administrators.

Read the rest of this entry »

Security experts say that the current financial crisis even has scammers worried. The recent rollercoaster on Wall Street has cybercriminals scrambling to find other sources of income believing their pool of targets is shrinking. Instead of going after banking information, passwords and credit card numbers, new spam campaigns are focusing on tricking people into purchasing fake antivirus programs and downloading ransomware.

Read the rest of this entry »

Every day, millions of people receive dozens of unsolicited commercial emails, known popularly as “spam.” Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch email addresses. This leads many email users to submit helpdesk requests to email administrators with the question “How did these people get my email address?”.

The Center for Democracy & Technology (CDT) embarked on a project to attempt to determine the source of spam. They set up hundreds of different email addresses.  Then the CDT waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most email users that many of the addresses the CDT created for this study attracted spam.  What is very interesting is the different ways the email addresses attracted spam. There were also the different volumes, depending on where the email addresses were used.

Read the rest of this entry »

This story is near and dear to me.  One day I went into a frenzy, because a good friend sent me an email that she was stranded in Ghana and needed me to send her some money.  She never mentioned she was going to Ghana.  I was taken off guard at first, because I had a couple of other friends who had gone to Ghana to work, about the same time. Common sense came to my rescue again. I finally collected my thoughts and called my friend’s boyfriend. He confirmed my friend’s Gmail account was hijacked and she was safe at home in New Jersey.  It only goes to show email administrators must constantly remind our email users not to open email from unknown people.

Read the rest of this entry »

Escaping: This technique uses legal URL formatting to hide the address.  Escaping encodes the URL with a percent sign followed by a hexidecimal code. An escaped URL can look like “http://%2E%2E%2E%48%20%18%32%2F%48…”. You can easily decode this by copying it into the location bar of your browser and hitting return. The status area of your browser will usually show you the translated address. If you don’t want to make your browser go the the URL, then you can decode the URL with a good old ASCII translation table. Many of these have decimal, hex, and octal codes for each character.

Read the rest of this entry »

French president Nicolas Sarkozy is a victim of a phishing scam. French officials confirmed yesterday that he had money stolen from his bank account after inadvertently giving scammers his username and password through what was later found to be a phishing email.

           “[This] proves the system of Internet checking is not infallible,” French secretary of state for consumer affairs Luc Chatel said. “These cases are sufficiently rare that we haven’t had to really organize ourselves, but [are] sufficiently serious for us to reflect on how to improve the system.”

President Sarkozy filed a complaint with police and an investigation is ongoing. The specifics of the attack haven’t been released and officials say the president’s bank could face sanctions if it’s found their security procedures, or lack thereof, contributed to the hacker’s attack. 

Continental Airlines is the latest company to be exploited by scammers. A new wave of spam claiming to be from the airline attempts to trick the recipient into downloading malware. The messages come with an attachment that look like ticket invoices and boarding passes and thank the recipient for buying their tickets online. A username and password are provided as well as the confirmation of a $900 charge to their credit card. The attachment, called “e-ticket.doc.exe” is actually a worm that downloads additional malware to the user’s PC.

Read the rest of this entry »

One of the main issues with the original development of email is that it was never designed to be secure. The focus of email was mainly to be functional and easy to use. Today these core functions, which made the invention of email successful, are now the root cause of the problem.   Spammers can send millions of messages for a minimal cost.  At the same time spammers can hide or falsify their identity information. For this reason the prohibition to send commercial electronic messages disguising or concealing identity information is included in all the anti spam legislative instruments currently implemented.

Read the rest of this entry »