Yes, there are swine flu email phishing scams. Unsolicited email messages are being sent with subject lines related to swine flu so recipients will open and click on harmful links or malicious attachments aimed at infecting computers. To be safe, please be sure you take the following measures of protection:
• Beware of swine flu related emails and subject lines
• Do not click on unsolicited web links or attachments in email messages
• Maintain up-to-date antivirus and antispyware software
Here’s a list of current Hotmail scams making their rounds:
1. Verify your Hotmail account before it is closed.
They are looking for your user name and password.
2. Your friend is asking you to wire money to a foreign country.
This one again. It is generally signed by someone you know so watch out.
3. A friend invites you to the grand opening of a new online store.
Of course, when you go and purchase something all the credit card information is now stolen.
4. Your account will expire in so many days.
They are trying for your Hotmail username and password.
5. Look who deleted you from MSN.
You are supposed to go to a (bogus) website and enter your credentials to find this information, which by the way, cannot be known (according to MSN).
6. You just won the lottery.
Egad. Doesn’t anyone learn?
7. Fake MSN featured offer.
You are supposed to buy this with your credit card. You know the rest.
What if you get a phishing email?
Click on Report phishing scam to report it. Do not reply to them or click on any links in the email. Period.
Doug
You may get an email soon with an airline ticket invoice attached. The email states the tickets are attached. Unfortunately, the attachment is not a document but an executable file which installs a worm on the hapless user’s computer which downloads more malicious software. The email infers the recipient’s credit card has been charged for the tickets…scaring some to open the attachment. The attachment is named e-tickets.doc.exe. For many computers, the .exe will not show up if it is saved since the default of Windows explorer is to hide well-known extensions.
Doug
Spammers have several ways of getting legitimate email addresses – including yours. Some of the common ways are:
1. the error page (invoked when an incorrect aspx or web page is referenced) shows myemail@mydomain dot com
- this can be fixed by putting in a way to automatically send an email (thus hiding) rather than relying on the user to do it.
2. an old copy of the contact us page was found. It had myemail@mydomain.com on it.
- the cached copies of the old program containing myemail@ will eventually disappear.
3. has myemail@mydomain.com been used to register at any websites? If so they could have sold or given away email addresses.
4. Since info@ is very common email address to use for domains the spammer could have guessed that info@ existed. Spammers usually try common email addresses such as info@, test@, etc hoping for a hit.
Read the entire article about how spammers get your email address.
Doug
I got a message
Remote host said: 553 sorry, relaying denied from your location [123.147.64.166] (#5.7.1)
[RCPT_TO]
Since I was not getting email from yahoo groups my first inclination was that yahoo groups was the problem. It turns out that my host was bouncing email. My guess is that it thinks yahoo groups is a spammer so its remediation was to reject emails.
I use Thunderbird (Outlook clone) to manage my email. Putting the yahoo group’s names in the white list did not solve the problem. I added each group to allowed list on my email account -on the host server-. So far (over a week) this has solved the problem.
Doug
I, too, received an email claiming I may get several thousand dollars from Microsoft for participating in an email test. From a friend, no less! Microsoft is not going to give someone several thousand dollars for forwarding a few emails. Besides, the email had several poorly constructed sentences and many misspellings. Other friends have received emails claiming they won the Microsoft lottery.
Fortunately Microsoft has a few ways of recognizing email scams. If you are using Outlook a digital signature may be attached to a genuine Microsoft email. Read about the digital signature from Microsoft.
To summarize:
- Microsoft does not send software updates as attachments.
- Legitimate updates have a valid Microsoft Web address
- Legitimate updates are also on the Microsoft web site
- Be wary of clicking on links from an email
- The best way to mitigate problems is to visit the Microsoft web site home and from there find what you need
Doug
If you own a domain, you have a great anti-spam tool at hand: your email server. All email to an address at your domain that does not already exist (such as “abc@mydomain.com”) is probably forwarded to your main account by default or a catch-all account.
You can use this feature to create throwaway email addresses on the fly:
* If you need to give an email address to sign up for something, make one up.
For example, if you sign up for a newsletter at ebb, enter “ebb@mydomain.com” as your email address.
If you get spam, have a look at the junk email’s headers. If ebb@mydomain.com shows up as the original recipient, you know who to blame: ebb. Nobody else even knew the address existed. Be aware, though, that spammers sometimes make up email addresses, and sometimes one they create can match one you created.
If the spam continues to arrive at the ebb@mydomain.com address, get rid of both the address and the spam by making any mail to ebb@mydomain.com bounce back to the sender.
The one downside of creating a catch-all account is that -any- email sent to your domain will be accepted and put in the ‘catch-all’ account.
Doug
In a recent story, the SANS institute has pointed out that people are the worst security risk. Even after hours of security training, people still fall for the same old ruses. Phishing, or sending nefarious links through email hoping someone will click on them, is the most popular. Users are easily duped into thinking an email comes from a credible source when in reality it does not. Clicking on links can lead to all sorts of problems.
Most of these attacks are from Eastern Europe and Asia.
Doug
There are several types of spam to deal with regarding blogging: comments, backtracks, and email harvest.
Comment spamming occurs when a comment is left in response to an article with a link to a spam site.
Backtrack spam occurs when spam links are left as backtracks.
Email harvest occurs when an embedded email is taken off the blog’s page and used for spamming.
How do we prevent this?
CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) shows convoluted alphanumeric characters and has the user type them in. This method has become very popular recently in order to stop automated programs from creating accounts though some people will not deal with sites that use CAPTCHA.
Several suggestions are available for comment spam.
Some blogs have black word lists that you can add your own words so if they appear in a comment the comment is rejected.
Authors can be preapproved so their comments do not have to be moderated.
Backtrack ideas:
An email address can be embedded using JavaScript to hide the fact that it is an email address.URL blacklists, where any URL left in a comment is checked against a blacklist, is effective but difficult to maintain. There are several public ones available. For example, Wordpress has the akismet plugin which checks the spamminess of a comment anonymously.
A proposal to reduce spam, backed by Google, Yahoo, and Microsoft, is add an attribute “rel=nofollow” to any embedded links in a comment or trackback. The search engines, upon encountering this, will not use the link in calculating ranking. Some blogs automatically default to adding the nofollow attribute to links.
Doug
Recently I read about someone who sent their credit card information over email to purchase something. Naturally, I was shocked. Come to find out he thought email was secure…and in talking to online store vendors many people think email is secure.
It is not.
Logging onto email programs such as Yahoo! is somewhat secure. The login page is unsecure (http: not https: ) which means there is no guarantee that the Yahoo page is really from Yahoo; but if it is, the user name and password are submitted to Yahoo using SSL security (provided your browser is equipped to use SSL – IE, Opera, and Firefox are). BUT, once logged in, sending and receiving emails is not secure.
There are ways of sending and receiving encrypted emails.
A hushmail (free or paid web-based email like gmail or yahoo) user, for example, can send/receive encrypted email to another hushmail user (or PGP user), no problem – the login and the email itself are fully secured. If the recipient’s email is unsecure and you wish to send a secured email, hushmail has an option to ask a question and give an answer for the recipient. If answered correctly the recipient can view the email.
There are add-on programs for email programs such as Outlook that have encryption capability. For example, PGP (pretty good privacy – an encryption technique) can be added on to Outlook so anyone else with PGP (or hushmail user) can send/receive encrypted email.
Large companies use a private network and their own mail servers so intercompany email can be encrypted – but if it leaves the company’s network it is either unencrypted or would require the recipient to have an encryption scheme (like PGP).
One of the benefits of using a totally secure email is you can use it in a public place, such as an airport or coffee shop, and not get snooped.
We use encrypted email for business and generally unencrypted for personal.
Doug
Subscribe to this site's RSS feed.