The Sydney Morning Herald reported yesterday that a new scam is making the rounds in the land down under. A perpetrator of a phishing scam has created an email scam, claiming to be the Australian Tax Office (ATO). The email promises Aussie taxpayers a $250 bonus with their tax return, and sends them to an online form that asks for their tax information, along with their bank account data.

The web site containing the form then asks the victim to mail a printed copy of the form to an address. The print-and-send is just a ruse though, the data is actually captured through a hack when the victim presses the “print” button. The email, like many such scams, attempts to create a sense of false security, by claiming the print-and-send routine is being done for the victim’s safety.

Officials still have not been able to trace the source of the fraudulent email sender, who is using a bot network to send the emails. The ATO recommends that people delete emails like this immediately, and advises that they do not ask people to provide personal information by email. The same holds true for most, if not all, tax collecting agencies in other countries.

Just hours after Michael Jackson died yesterday, spam with subject lines claiming to have “exclusive information” on his death began flooding the net. The emails don’t contain any malicious links or attachments but seem to be an attempt to collect emails for a future attack. Researchers say anyone that replies to the spam will likely have their address harvested and that it wouldn’t be surprising to see future spams containing links to malicious payloads masquerading as exclusive video of Jackson’s last moments or autopsy photos.

News of the pop icon’s tragic death from what appears to be a sudden cardiac arrest caused an overwhelming spike in traffic that crashed Google, Wikipedia, AIM and Twitter for short periods and caused Facebook to slow to a crawl. Spammers and scammers are jumping at the chance to take advantage of all that traffic. Exploiting headlines and holidays is one of their favorite tricks. The last big headline they used was the Swine Flu outbreak, and before that President Obama’s inauguration.

Security experts are advising people to get their news only from reputable sources, and it goes without saying that you should never ever reply to a spam message. At best it will just bounce back due to a faked header, at worst it’ll just get you put on a list of people that respond to spam, meaning you’ll become a prime target for spammers.

British furniture retailer Habitat has apologized for exploiting the Iran conflict in an attempt to promote its Twitter feed. The company came under fire after it began using keywords related to the current conflict in its tweets, which otherwise had nothing to do with the subject. This is referred to as hashtag spam and is widely frowned upon by Twitter users. The company also used other high trending keywords such as #Apple and #iPhone.

          Sky News Online has reported a Habitat spokesman as saying: “This was a mistake and it is important to us that we always listen, take on board observations and welcome constructive criticism. We will do our utmost to ensure any mistakes are never repeated.”

The company has not issued an apology on Twitter but did quietly delete all the spam tweets it posted. It’s not clear why they felt hashtag spamming was okay to do, although they told a blog that it was done without their knowledge. That sounds a little hard to believe but it wouldn’t be the first time a rouge employee was blamed for a blunder that became a PR nightmare.

The moral of the story? Twitter can be a valuable tool to help you reach out to customers and potential customers, but tread carefully and follow the rules. Spam is no more acceptable there than it is anywhere else.

There is no question that spam is a problem for businesses who must deal with thousands or even millions of unsolicited advertising, phishing, and hoax emails every year.  But the problem of spam becomes more than just how to deal with the incoming junk.  Spam also hinders the ability of businesses to engage in effective email marketing.

What is Email Marketing?

Email marketing is quite simply the legitimate use of email for communicating with customers.  The problem today is that many people cannot tell the difference between email marketing and email spam.  In fact some spammers can’t even tell the difference, branding themselves as “internet marketers” and operating with no regard for the problems that they cause.

Continue reading Using Email Marketing the Right Way»

A Michigan man faces up to 3.5 years in prison for his part in a penny stock spam scheme that involved the sending of millions of emails.  63-year-old Alan Ralsky and his son-in-law Scott Bradley faced a 41 count indictent under the CAN-SPAM Act. Ralsky also pleaded guilty to stock fraud and money laundering.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

A phish is a phish. We think we know one when we see one, and we wonder how people get away with such obvious attempts. I mean, come on! Sending me an email designed to look like it’s from Paypal, asking me to log into my account–but the URL you’re sending me to is from Russia. Not today, pal. Better luck next time.

But they do get away with it, and they do fool people. Apparently, a fairly high percentage. A recent survey showed that a shocking number of Web users can’t identify different types of phishing. The survey asked over 1,000 respondents to identify fraudulent phishing sites, by showing two Web sites side by side. One of the sites had obvious give-aways, and the other was legitimate–but a shocking number of people couldn’t tell the difference. Eighty-eight percent were fooled by a web site with obvious spelling errors. Sixty-eight percent were fooled by a bogus Web site that didn’t have the characteristic padlock symbol common to sites using the https protocol, and 42 percent were fooled by sites that had strange numerical domain names, and 33 percent were fooled by sites that asked for account information that should not be necessary.

Another surprising statistic, and one that is somewhat embarrassing for us Yanks, is that out of the seven countries included (US, Germany, Sweden, Australia, India, Denmark, and UK), the US respondents were least likely to identify the give-away signs that should tell you you’re at a phishing site.

Ads for shady Internet pharmacies are partly responsible for a new spike in spam levels. The spam messages deliver the ads buried in image attachments and most of them hawk Viagra and other similar medications. The subject lines are random and not related to the contents of the messages but they all attempt to direct recipients into clicking on links that lead to various pharmacy websites-some of which could be fake ones. Such malicious sites look legit and offer a shopping cart and accept credit cards, but unlike legit sites, the orders are never sent.

The other type of spam uses a new technique-blank messages. Spammers are sending messages with no subject line or body with the sole purpose of finding out what addresses are valid, usually within specific domains and presumably to harvest those addresses for future spam and/or phishing attacks.

Additionally, malicious spam masquerading as delivery failure notices from Western Union continues to flood the net. This type of spam informs the recipient that a Western Union money transfer could not be completed and directs them to open the included attachment, print out the receipt and bring it to their local Western Union office to get the money back. The scammers are hoping to find a few greedy souls who think they’ve gotten a chance to receive some free money. The attachment actually contains a nasty Trojan.

It’s important to keep all anti-virus products up to date and make sure you have an effective spam filter installed on your network, and as always make sure your employees know to never click on links or open attachments in emails from people they don’t know.

There are a vast number of different email hygiene solutions on the market today offering protection from viruses, malware, phishing, and spam for customers of all sizes.  Typically these products are built on a combination of several prevention techniques such as content filtering, RBLs, reputation filtering, and safe lists.

Some products also support one or more of a relatively new type of prevention – email authentication.

What is Email Authentication?

When the SMTP protocol was first created all users were trustworthy and hence there was no need to include any significant level of security within the protocol.  This has lead to many of today’s problems such as address spoofing.  Several  email authentication schemes have appeared on the scene to try and authenticate that an email using different methods, each with positive and negative aspects.

Sender Policy Framework

Sender Policy Framework (SPF) allows domain owners to use DNS TXT records to specify which email servers are allowed to send email for that domain.  This technique works on the assumption that the DNS records for a domain name are correct and trustworthy.  However there are a few weaknesses with this approach.

Firstly there has not been widespread adoption of this method by domain owners.  As such it is not practical for email administrators to block emails that fail an SPF test.  For example, if the owners of the domain example.com have no SPF record in their DNS zone then spammers are free to continue forging example.com email addresses.

Continue reading Antispam Frameworks Explained»

A large scale attack on UK government websites has been discovered. Hundreds of sites for schools, government offices, universities and more have been compromised to include links and other references to porn sites or shady pharmacies. The hacks were likely carried out via SQL injection attacks or cross site scripting and the sites were obviously chosen because users would not think twice about trusting them. Visitors who click through are either redirected to sites selling drugs such as Viagra or sites displaying hardcore porn. Some of the compromised sites attempt to download malware.

The most disturbing part of the attacks is that many of the sites belong to elementary schools and are visited by students. The hackers behind the attack apparently have no problem directing children to porn sites. Even the search results for these sites have been changed to refer to porn and shady pharmacies.

It’s not known who’s behind the attack and the UK government has not yet had any comment. One thing is sure however, and that’s that they need to take a serious look at the security and software on their sites. It’s poorly designed software and careless security (such as not disabling unused FTP logins) that lead to these types of attacks. Experts warn that it’s possible that people who are infected by compromised sites may begin to file lawsuits against them for negligence.

However I’m not sure that’s the way to go-after all it is up to each of us to properly secure our computers and use up to date anti-virus software!

The recent Air France tragedy has fueled new outbreaks of spam and malware. Researchers are reporting that spam promising exclusive news on the crash is hitting the net. The new attack featured subjects such as “A-330 blackbox record” and “Last seconds of tragic plane”, but those that opened them were treated to ads for shady Canadian pharmacies pushing discounted drugs like Tamiflu and Viagra.

Another attack, said to originate from Portugal, is much more dangerous. The messages contain a link claiming to lead to exclusive video of the crash site, but instead lead to a malicious site that downloads a Trojan on to the visitor’s computer. The Trojan is designed to scan the system and steal passwords and usernames.

Continue reading Air France Crash Sparks Malware and Spam Outbreak»