Summary:
E-mail spam needs to be identified and deleted from your inbox
before opening it. The consequences of opening spam is: more
spam- unsolicited e- mail.
Purpose:
To show how to identify spam e-mail by its
origin without opening it. Ways to reduce your e-mail address from becoming
a target for spam.
The
Problem:
According to CNN, e-mail spam is on the rise again...2
billion e-mails laden with spam will arrive each month alone. Why
so much spam? Spam
is e-mail that you may or may not have requested though surfing, filling in
forms or mailing lists, registering software, etc. Despite the US government
passing the Anti Spam Act in 2003 (Bill, 392-5 & Controlling the Assault
of Non-Solicited Pornography and Marketing Act), spam has continued to proliferate.
Spam consumes an incredible amount of your personal time and computing resources-
telecom networks, ISP storage and personal bandwidth to your personal computer.
Advice:
Email spam is destructive to your computer resources, very annoying
and a danger to your personal privacy. Tackle it at the source by knowing
what to look for. See an example of a suspicious e-mail- see below.
When you receive a suspicious email:
1.- Delete
all unknown emails without opening them.
2.- Block the sender (Windows Mail) under Message> Junk E-mail
3.- Set your preferred level of protection under Tools> Junk Mail Options.
4.- Run your Internet Security program on any attachments.
Do not be kind. These e-mails
can contain spyware that reports your activities and harbors viruses
and trojan programs that can disable your system and network.
Organize
off-line:
For the stuff you really need to keep, we set up directories and cut & paste
the text content into Notepad or Wordpad (Start> All Programs> Accessories>).
Word Pad is better for spell checking and larger files. Both formats are fine
for dumping into Word or a web page later-NB- without any viruses attached.
Do not try to cut & paste the pictures or ads unless you really need them
to make a point due to size considerations. For pictures, "right click" on
the picture or graph and choose "Save Picture as".
Things
you can do:
Don't encourage more spam by even opening them or especially replying to them.
Spammers love it when the discover you have a live e-mail address. It is worth
money to them. Only check your mail at certain times during the day (half an hour is plenty) since an open email program can be targeted and harvested. Do not
contribute to the problem- by cc'ing everyone.
What can you do in to find out more about the unknown sender in Microsoft mail?
1.- In your Inbox- Do not open by LEFT clicking on the message. Be
very cautious of any attachment.
2.- Highlight the message- RIGHT Click only, then scroll down and select "Options".
This will display further information in Message Options. There will be some
helpful information presented to help you determine whether to open the contents
of the email or to delete it.
3.- Watch for any reference to any Tracking options activated and "Have
replies sent to:" since intruders will re-direct your response by using
a false address in the first place. Intruders want you to open it and reply
to confirm have you have a valid e-mail address.
4.- In the Internet header: box, look to see what the return path (email) is
and if you recognize it by the received from server & IP address. See Example- below.
In this case, it refers to infinitum.com (unknown). We ran a check on their
web site using a simple search in Internet Explorer using Google. We found
a web site address but when we tried to load it- nothing came up on own screen.
We did an Whois check which revealed the owner is actually:
"Infinitum Security
8 Temasek Boulevard
Suntec Tower 3 Penthouse Level
Singapore, Singapore 038988
Domain Name: INFINITUM.COM
Administrative Contact:
INFINITUM, SECURITY
admin@securefusion.com (oh! Another web site company- access denied)
8 Temasek Boulevard
Suntec Tower 3 Penthouse Level
Singapore, Singapore 038988
Phone: +65 6893 3098"
A recent
sneaky virus has been infiltrating Facebook users by
posing as a Friend's email that invites you to view a video. Once downloaded
to your computer, it asks you to download a plug-in (a new Flash player)
to view it. You may feel this is reasonable since the Friend's email
even has their Facebook photo attached. Once you agree and download
to the bogus Flash player, the virus is entrenched on your system.
Note- Watch for a .cz domain name which is a sure give away.
Windows 7,
Vista™ & XP users need to confront
these issues since the operating system software does not contain antivirus
software.
Windows Defender is geared to spyware prevention. It does not seem
to work in concert with the
OneCare service consistently
and especially not with non-Internet Explorer based email. See more
Norton Antivirus and Internet free security training and in particular Windows and Apple OS needs.
New browsers. toolbars, add-ons and free email accounts are getting in on the act, too. (Chrome- IE8- Yahoo, Live, etc.) For example, they are tunneling your surfing activities to content they want you to have since they are paid by advertisers fro views and click-throughs. Be very careful what mailing lists and feeds you must sign up for and how much information you really need to share. You have the right to say "No"!
We suggest setting up a free email account to handle non-essential email since it is becoming harder and harder to unsubscribe. Yahoo mail has a popup now that contains an invitation from a stranger. Once you accept their invitation, it can lead to the sale of your yahoo email across the Internet.
WHO IS?
Ever wonder how accurate WHOIS registration information is from "Network
Solutions"? You can check WHOIS when you want to verify the owner of a
web site at www.whois.org. The site in question even responds to a ping, so
it is live- just no web pages, Hmm. Looking
pretty suspicious so far.
First, we don't know who NRC Europe is in the From field and we find it
actually came from gicmowrn@riddler.com. In checking further, we find riddler.com
which is a games site with no address or phone number governed by the laws
of New York. And if you want to win anything, you have to provide your Social
Insurance number to claim a prize. Then, of course, when you shut down the
site, your browser comes up with a popular poker site.
Be very leery of the above
types of emails, such as a recent offer for a free download of a Internet Explorer 8. First of all, it is free for
download only from Microsoft and has continuous updates.
The email can be tricky enough to contain a fake Microsoft address. If the email
seems unusual because it does not follow the normal business practices of vendor,
it probably is fake and contains damaging viruses, such as key loggers and trojans.
Even our own e-mail address' at xxxx@us.com has never been used, you will receive emails. Since the domain name has been set up by an ICANN certified domain register. The only location the address appears is on their servers. Even with your best efforts, spam will still get in.
Most
free services do not allow you to view the source prior to opening,
like Windows Live Messenger (Hotmail & MSN Inbox), Yahoo, Freenet,
etc. If you Right click on a message all you can get is something similar
to the following:
" /cgi-bin/getmsg?msg=2E0DAEDA-528F-4E26-9D01-D447C83BA0&start=0&len=7374&imgsafe=n&curmbox"
which is close to useless. Time for the delete button if it is not obvious who
the sender is right away.
Example: E-mail spam:
Return-Path: <gicmowrm@riddler.com>
Received: from toip6.bellnexxia.net ([219.276.175.174])
by tomts48-srv.bellnexxia.net
(InterMail vM.5.01.06.14 241-256-172-140-114-20050324) with ESMTP
id <20061024221520.PSDI20947.tomts48-srv.bellnexxia.net@toip6.bellnexxia.net>
for <xxxxt@us.com>; Tue, 24 Oct 2006 18:15:20 -0400
Received: from eforward7.name-services.com ([64.74.123.16])
by toip6.bellnexxia.net with ESMTP; 24 Oct 2006 18:14:12 -0400
Received: from c9mailgw21.amadis.com ([216.163.188.221]) by eforward7.name-services.com
with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 24 Oct 2006 15:15:28 -0700
Received: from dsl-189-128-38-192.prod-infinitum.com.mx (unknown [189.128.38.192])
by c9mailgw21.amadis.com (Postfix) with ESMTP id 285FF16C8BE
for <xxxx@ourdomain.com>; Tue, 24 Oct 2006 15:08:33 -0700 (PDT)
Message-ID: <000e02c6f7b9$6968f803!c0768#bd@apltr19hz0mm4y>
From: "Europe NRC" <gicmowrm@riddler.com>
To: us@ourdomainl.com
Subject: project Chairman Bill
Date: Tue, 24 Oct 2006 16:11:53 -0600
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000A_01C6F787.1ECC7800"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-CTASD-RefID: str=0004.0B091201.453E8G9A.0020,ss=2,fgs=0
X-CTASD-IP: 189.128.38.192
X-CTASD-Sender: gicmowrm@riddler.com
x-ctasd: suspected
x-ctasd-vod: uncategorized
x-ctasd-station:
Return-Path: gicmowrm@riddler.com
X-OriginalArrivalTime: 24 Oct 2006 22:15:28.0534 (UTC) FILETIME=[E9833B60:01D6F7A9]
