Protect Your PC: Spam, Phishing and Worms

Spam… we don’t want it, we don’t need it, but we can’t get rid of it. It comes from everywhere, and in all kinds of different forms: advertising, chain letters, phishing, even in chat rooms, website guest books, web groups and instant messaging programs. Cell phones, penis enlargements, free gift cards, porn sites, work from home offers, discount prescription, gambling, weight loss programs… Why so many? Because there are no running costs for advertisers to manage a mailing list.

If all that unsolicited e-mail that clutters your inbox gets in the way of your daily e-mail activities, keep on reading.

We are all able to recognize a spam message just by the header or the sender’s name. Spammers usually misspell common filter words (viagra, medication, refinance, mortgage) to the point of sometimes making their messages illegible, and in most cases, the “from” field will contain an ad message instead of a name, for example “I Won 10000 dollars”.

Another case of spam are those annoying chain letters that some of your friends insist on sending you because they don’t realize they’re actually spamming people with them. Chain letters incite you to replicate them and send them to a number of people, usually including some consequences for doing it (win money if you do or have something really bad happen if you don’t).

Many years ago even before I got a computer, I remember getting a few of these in the mail. Never once did I do what the letter said, it was an automatic “rip and dispose of” process. I do the same for their e-mail counterparts. No, the world has never ended or never I had an accident for doing it. I personally consider chains a very annoying form of spam, and usually anything in my inbox with more than one “Fwd” is automatically deleted. I’m not superstitious, so it’s easy enough for me to ignore all of this. Some people aren’t that lucky and religiously copy and send these chains to everyone they possibly know with an e-mail address.

Forwarding chain e-mail increases a user’s risk of getting worms and viruses, and it promotes easy address harvesting (see below) since sometimes half of the message body is composed of e-mail addresses. Stop sending chain e-mails. I’m sure everyone in your contact list will appreciate it.

PHISHING

Phishing is a method that people use for stealing personal data through an e-mail that at first glance may look authentic. In other words, it’s a scam that can lead to identity theft. The point is to trick the user into sending his/her personal information, such as login and password, to the scammer. Companies will never send you e-mails asking you for confidential data, be it credit card number, bank account number, social security number or login info for an account.

A very common phishing example is the fraudulent PayPal messages aying there is a problem with your account, and requiring you to follow a link and insert your username and password. If you look closely, the link may seem legit in the message, but when clicked, the address bar says something else and you end up in a copy of the original site instead. Never answer or click on a link in one of these messages. You’d be surprised as to how many people actually fall for it. The only solution is to disable your account by contacting the company and making them aware of what happened, and by then it’s usually too late.

WORMS AND VIRUSES

Worms spread through message attachments, automatically searching your address book and sending e-mails to everyone in it under your name, and attaching itself to every message sent. Basically, the spammer begins using your e-mail address and IP to mask their own. Worms also serve as transportation for viruses that can do all sorts of things to your computer. Never open any attachments from people you don’t know, and always have a virus scan handy and up to date.

PROTECT YOUR E-MAIL ADDRESS

Usually, spammers use certain software applications to scout areas of the internet looking for e-mail addresses. The most common sources are message boards, mailing lists, newsletters, chat rooms and online directories (for instant messengers, for example).

So how can you protect your e-mail from being harvested? Here are some pointers.

Alphanumeric address: Use both letters and numbers when creating your e-mail address. Some spammers use what are called “dictionary attacks” that create word combinations to find the largest amount of valid addresses possible in one host.

Alternative e-mails: Consider creating an e-mail address for public use and keeping another for private use only.

Disposable e-mails: Some email providers offer disposable e-mail addresses. A disposable e-mail service creates separate e-mail addresses and forwards messages to your primary account. Once one of the disposable addresses begins receiving spam, the service shuts it down.

Masking: When entering your e-mail address anywhere, mask it by entering something in it that a person would figure out but a bot wouldn’t. For example, if your e-mail is jen@hotmail.com type it in as jen@nospamhere.hotmail.com. Another alternative is to replace the @ with a #. However, some services may not allow e-mail masking.

Hiding: If a message board has the option to hide your e-mail from the public, do it.

Alternative username: If you use webchats quite a bit, pick a username that is not linked in any way to your email address and stick to it for chat purposes only.

Protect your friend’s e-mail addresses: Don’t copy everyone’s address into the “Send” or “CC” fields if you have to send a message to multiple recipients. Use the “BCC” field so they stay hidden and include a note at the end of a message with the names of the people you sent it to instead.

REPORTING SPAM

Usually, Internet Service Providers have their own anti-spam policy: users caught spamming will have their service suspended. Sometimes it’s not easy tracking down the spammer though. However, there are some ways to report these nuisances.

Spamcop offers a free reporting service, but you have to register on the site first. For each message you report to Spamcop, you get a confirmation message which can get a bit annoying. Spamcop reports the sender to the ISP and in some cases to the web host. The downside is that sometimes third party IP’s (usually being used without their knowledge) will be blocked as well.

Blue Frog is a free download intelligent software program. Once you report a message to Blue Security, the Blue Frog client sends out instructions for the program to visit the websites advertised by the spam messages, and leaves a complaint message in each one of those sites. It allows Hotmail, Yahoo Mail and Gmail users to report spam automatically, and it also lets desktop email users (such as Outlook or Mozilla) report spam through it. Blue Frog also has a useful “Do Not Intrude” e-mail registry where you can register several email addresses and one email domain.

Another solution for reporting spam would be forward the messages directly to the Federal Trade Comission by sending them to spam@uce.gov or find out your ISP’s abuse desk e-mail address and report it to them, always including the full email header.

Granted, it takes some free time to report the bunch of messages that you may receive a day, but in the long run it’s worth it. And if everyone does a little every day, it will be a big step in fighting back spam.