A blog entry on EWeek by Larry Seltzer highlights how spammers are sidestepping SMTP to continue their malicious activity. According to some reports, an increasing percentage of spam emanates from public Webmail accounts, such as Gmail, Hotmail, and Yahoo, which makes the spam more difficult to detect. The older technique was to spoof legitimate private email addresses to send spam.

The attraction to spammers here is that using the public webmail systems, once they break the CAPTCHA system (which is easier than you might think), they gain the positive reputation of these systems. Reputation-based anti-spam security analyzes the reputation of the email sender’s domain. In the case of these large webmail systems, the reputation is considered good, and so spammers using them can piggyback on that positive reputation.

Read the rest of this entry »

The FBI has issued a warning about a new wave of holiday greeting card spam. Scammers are sending emails claiming the recipent has recieved a holiday greeting card from a friend or family member and asks them to click on a link to view it. The link leads to a malicious website made to look like the  page of a popular electronic greeting card site like Hallmark. The site downloads malware on to the recipents computer. It also directs all network traffic between their browser and the fake page, allowing the scammers to steal their personal information. They offer the following tips to help protect yourself from this and other malicious spam attacks:

Read the rest of this entry »

As an email administrator I’m constantly asked by email users “I don’t understand why people send spam. How do they make money selling watches or viagra , if they have no reply email address? I only see web site link”.  Therein lies the answer, which we can continue to educate our email users.  In his article “How Viagra spam works” Stuart Brown provides great insight with details on exactly how the underground market of spamming works. All it takes is a few emails for spammers to get paid from millions of spam emails sent out daily.

Stuart starts off by explaining that even with the best Bayesian filters, blacklists and other filtering techniques, most of us are still plagued with an endless stream of invitations for all sorts of weird and wonderful products and services. One of the most common forms of spam is advertising for pharmaceutical products - and perhaps the most notorious form is for the ‘men’s health’ variety- notably Sildenafil citrate, more commonly known as Viagra. But how do spammers make their money?

Read the rest of this entry »

Ars Technica is reporting that a customer of Classmates.com, a people finding and social networking service, is suing them for sending deceptive emails that trick people into signing up for their paid service. Here’s an excerpt:

          “Your former classmates are trying to contact you! Upgrade now to see their messages!” That’s the pitch many of us have seen from Classmates.com as a lure to pony up for a subscription. At least one former customer says that the claims are fraudulent and has filed a class-action lawsuit against the company. Depending on how the case moves forward, it could have an impact on how Classmates.com, and other sites, advertise their services.

Read the rest of this entry »

Posted in anti spam, phishing No Comments Tags: spam email

As the economic crisis appears to peak, more banks will fail. This has experts predicting that new phishing scams will arise targeted at the customers of those banks, and the agencies helping those customers may be actually encouraging such attacks. For example, IceSave, the British arm of an Icelandic bank, failed last week, cutting off over 200,000 customers from their deposits. The UK Financial Services Compensation Scheme is coordinating refunds for those affected. Amazingly, they announced that they will send two emails to all IceSave customers. The first tells them how to claim their refunds and the second will direct them to an website where they can apply for them. The details being publically announced by the FSCS along with their plans on doing everything via email make their customers ripe for a phishing scam. They’ve more or less given phishers everything they need!

Read the rest of this entry »