What is spam? Spam, aka UCE (Unsolicited Commercial Email), is unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. In other words electronic "junk mail." It can also be an attempt to extract personal information such as credit card numbers, bank account numbers, your Social Security Number, mother’s maiden name, etc. In this case the spam is also know as phishing. Is it bad? In a word: YES!

 

Spam Statistics for 2003 Email considered Spam 60% of all email Daily Spam emails sent 12.4 billion Daily Spam received per person 6 Annual Spam received per person 2,200 Spam cost to all non-corp Internet users $255 million Spam cost to all U.S. Corporations in 2002 $8.9 billion States with Anti-Spam Laws 26 Email address changes due to Spam 16% Estimated Spam increase by 2007 63% Annual Spam in 1,000 employee company 2.1 million Users who reply to Spam email 28% Users who purchased from Spam email 8% (Source: http://www.spamrival.com/spamstats.html)

 

Varieties of spam •Plain spam Selling low rate mortgages, prescription medication, items to enhance physical attributes (wink! wink!) •Pump-and-Dump spam Touting a stock - usually penny-stock • Malicious spam Nonsensical email containing an attachment that is a virus, spyware, a trojan horse or other malware - not a serious threat to Macintosh-users… yet • The Nigerian scam/spam, aka as "Advance Fee Fraud", "419 Fraud" (Four-One-Nine) after the relevant section of the Criminal Code of Nigeria The typical Nigerian letter claims to come from a person needing to transfer large sums of money ($20-$35 million) out of the country. It need NOT come from Nigeria. In fact, one recent varient claims to come from a GI serving in Iraq! For more information of this widespread fraud see: <http://www.snopes.com/crime/fraud/nigeria.asp>

 

How to reduce the spam you receive Do not post to any newsgroups, rather extreme - if you don’t know what newsgroups are, ignore this advice Establish throw-away email accounts at yahoo.com, hotmail.com, mail.com or any other of the many free email sites. (Hint: Type free email in Google) If you must display an email address in a web site or newsgroup, spell out your email address. For example, john at hotmail dot com or munge your email address (frowned upon by some people) as john@hotmailnospam.com

 

How to fight spam Use your email spam filter(s) - if you have one Learn how to display full Headers of the spam (the following may be helpful) <http://sos.its.psu.edu/header.html> <http://tis.tulane.edu/How_To/E-mail_Tools/Display_Headers.cfm> <http://www.claws-and-paws.com/spam-l/tracking.html#headers> Report all spam to <spam@uce.gov> and <http://www.spamcop.net> Note the .net in the latter address. There are other sites with similar names. Report the following categories as indicated: Phishing: reportphishing@antiphishing.org Pump-and-Dump spam: enforcement@sec.gov Prescription medication spam: webcomplaints@ora.fda.gov PayPal phishing: spoof@paypal.com eBay phishing: spoof@ebay.com Bootleg Microsoft software: piracy@microsoft.com plus many, many more

 

References The advanced course in spam analysis - used to determine the origin of the spam: <http://www.samspade.org/> <http://www.geektools.com/whois.php> <http://www.betterwhois.com/> <http://www.allwhois.com/> <http://www.dnsstuff.com/> For further information (knowledge is the best tool to fight spam!): <http://www.ftc.gov/bcp/conline/edcams/spam/consumer.htm> <http://spam.abuse.net/> <http://www.spampause.com/

 

Samples of Types of spam (Full Headers are not shown) Nigerian scam/spam (419 Fraud): From: <cisse77@universia.net.mx> Reply-To: johnsonkelvin@sify.com Date: Mon, 10 Jul 2006 03:10:42 -0700 Subject: Expecting to hear from you soon. X-Accept-Language: en Priority: normal To: undisclosed-recipients:; Hello, Re: collection of fund ($35.5) under special arrangement. Pardon me if I have offended you by contacting you for such a big transaction through an ordinary letter which makes it suspicious considering the type of fraud proposals moving around the world today. However, I was advised to explain this transaction to you on face to face meeting. I could not do this because of the situation in the world today not being sure of your reaction. I am Mr Johnson Kelvin, a consultant and broker from Bahamas but presently, i am residing in London. I was hired by a Japanese business man to broker an investment deal between himself and oil company in Venezuela. This deal was executed in January 1997 and matured for termination in 2001. On maturity, the Japanese businessman and the oil firm decided to terminate the investment in cash to avoid payment of investment tax which amounted to several millions of U.S dollars to the America internal revenue service (IRS). A special arrangement was made between a top Japanese banker working with Japanese bank in New York, the oil company and the businessman to terminate the investment in cash payment under a fictitious name with an arrangement to change it latter with a power of attorney which they prepared and handed over to the top banker. I was directly involved, well paid and mandated to organize and carry out the deal. All the cash was withdrawn in august 2001 and transported to Europe by direct bank vault to vault delivering to a private diplomatic storage in Europe for safe keeping pending the collection. The real content of the boxes were not declared to the storage as it was delivered as personal family treasure and diamonds. The code for the storage, secret codes for the opening of the boxes and its keys were all handed over to me. Mr. Takashi the New York business man was planning to go to Europe by mid of November 2001 with me for the collection when the unexpected happened in September 11th attack on the twin tower which claim his life and that of the top banker. This left me devastated and confused as I have not yet handed over the deposit details to the owner and the power of attorney prepared for the change which was signed was still with the banker in his office which was also lost. It was agreed with the storage that the consignment would be collect on or before 12 months from the date of delivery. Since due date the diplomatic storage manager has been calling me to bring or tell the owner to come over for collection. My friend, since then I have been looking for any reliable person to collect these consignment under special and well negotiated arrangement until I got your email contact. All the needed secret code and identification and collection are all with me. Be rest assured that this transaction has been well organized, 100% safe, legal, risk free and should be kept very confidential. Please, contact me for the way forward in this transaction. If you think we can do this together in trust. Reach me with your personal data as follows. 1. Your phone aand fax numbers. 2. Your physical address both corperate and residential 3. Age, sex and marital status. 4. Position and name of office. Expecting to hear from you soon. Regards, Mr. Johnson Kelvin Mortgage spam: From: "Lylesx" <DGabriela7@aics.net> To: "Basedog16" <basedog16@bellsouth.net> Subject: Wilfredo Eastman on too legs Date: Fri, 14 Jul 2006 11:20:59 -0800 One of our agents has been trying to contact you regarding your home. An unique situation has come to our attention regarding-rates and we strongly feel you will be interested in hearing about it. Even a lowcredit history will not be an issue if you confirm with us today. www.wwwww<.gracklewaist>.insouciant}{{metabole.gyty3.net Sincerely, Foster Landry SNM Bank Of peaceful days portends than those two past Now if nature had much make way beak clear a full grown pigeon ursuline oust inorganic conditions says life will generally be almost uniform so that natural Prescription Medication spam: X-Apparently-To: Barajasjss@cyberis.fr via 174.216.226.217; Fri, 14 Jul 2006 22:33:04 +0100 X-Originating-IP: [144.164.127.184] Date: Sat, 15 Jul 2006 03:38:04 +0600 From: "Ruben Belcher" <Barajasjss@cyberis.fr > To: kwbear@bellsouth.net, kwbeck@bellsouth.net, kwbell@bellsouth.net X-Sender: Barajasjss@cyberis.fr X-Originating-Email: [Barajasjss@cyberis.fr ] X-Mozilla-Status: 6 Subject: Just passing this along Do you need a doctor Don't bother, you know what you need Choose Here http://www.geocities.com/lauri8081 We have all types for everyone Great prices and US quality Get your V's and X's Make your selection http://www.geocities.com/lauri8081 slow Banana may Crusty read a try cut Strudel fall who on An Example of a Pump-and-Dump as received - when Headers are displayed graphics "disappear" making it difficult for the anti-spam groups to determine which stock is being touted. Therefore stock symbols should always be reported along with the email. In this case the stock has the symbol GDKI.pk The .PK suffix means the company is quoted on the Pink Sheets Electronic Quotation service. The pink sheets is a loosely regulated over-the-counter, decentralized market. There are few requirements to being listed on this network, as companies do not have to file with the SEC nor keep updated financial information. The only major requirement to being listed is to have at least one market maker, who must be registered with the SEC and a member of the NASD. The market maker is responsible for quoting the latest trading price of the stock on the pink sheets network. This is a highly speculative and risky place to invest. Invest only what you are willing to lose. Pump-And-Dump spam without headers: The latest threat: pharming * First came phishing scams, in which con artists hooked unwary Internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims. Actual North Carolina citizen's stories <http://noscamnc.gov/stories.html> More phishing information <http://www.antiphishing.org/> * Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals. * "Phishing is to pharming what a guy with a rod and a reel is to a Russian trawler. Phishers have to approach their targets one by one. Pharmers can scoop up many victims in a single pass," said Chris Risley, president and chief executive officer of Nominum, a provider of IP address infrastructure technology for businesses. * Experts say pharming could be combated if browsers would authenticate websites' identities. Web browser toolbars like one offered by Netcraft can alert users by displaying the true physical location of a Web site's host. U.S. customers, for example, would likely pause before typing in their passwords when a Web site that looks like their local bank's site is reported to be hosted in Russia. See also "SiteAdvisor" offered free by McAfee at<http://www.siteadvisor.com>. It is compatible with the Firefox Browser. <http://www.wired.com/news/infostructure/0,1377,66853,00.html> Consumer Reports on Cyber Crimes * Just off the press! The September 2006 issue of Consumer Reports has a good article on "Cyber Insecurity" Unfortunately, it dwells on PC machines and the Microsoft operating system. So far, Macintosh and OS X is relatively immune to spyware, viruses and other "nasties" of that nature. Mac users are, however, not immune from spam, phishing and pharming. It's only a matter of time before the Macintosh OS is also target for the other stuff too, so don't gloat or feel smug. * Included in the article is a link that is well worth exploring. It points out that Cyber Crimes are more than just a mere annoyance. See: <http://www.ConsumerReports.org/security>. (Note: This link is currently [early August]. There is no guarantee that it remain accessible, so read it while you can!)