ARTICLES

LATEST RELEASE

More information ...

Registered Office:
NotsoSoftware Ltd.
Westfield House
Bratton Road
Westbury
Wiltshire
BA13 3EP
United Kingdom
+44 (0)117 907 7037

Phishing, scamming & reject spamming!

Spam is email you haven't requested and didn't expect to get. Spam emails may be lucrative for some, but they're a nuisance to others and a positive disaster for quite a few. This year has again seen a threefold increase in spam. While there's a good chunk of mail posted to advertise products and services, and these could be considered a nuisance, there's another more sinister and criminal aspect to much of the junk mail. "Phishing" i.e. fishing for passwords via fake e-mails that target those who use online banking services for example.

Internet security firm Symantec recorded over 8 million phishing attempts way back in 2005 and when this type of scam first appeared, the German Interior Minister at the time (Wolfgang Schaeuble), noted its success rate with recipients was as high as 5%. He's worth quoting because his BKA federal crime office had successfully shut down a "phishing" ring and, as a result, was able to get accurate statistics. Law enforcement successes for these types of scams are sadly all too rare.

This particular phishing scam was especially dangerous because it didn't even rely on the active interaction of the recipient. According to the BKA, the gang stole the user names and passwords of on-line banking customers (and other sensitive data) directly from their victims' computers by means of a "Trojan horse" - a self-circulating, virus-like program that's spread by e-mail and sends data from the infected computer back to the "phisher". Those interested can refer to the 'nasties' article on anti-virus and anti-spyware protection for suggestions to help protect against attacks of this nature.

There are some simple and healthy rules for handling spam. Firstly, never reply to it, even to try to opt out of receiving further mail. While legitimate emailers will usually honor opt-out requests, when we communicate with spammers all we are doing is confirming that our address is a real one and increasing its value to them.

Secondly, never open any file attachments that we don't know for sure we can trust. This is the primary means by which malicious software infects computers. Even if we have anti-virus and anti-spyware programs installed, we can still be at risk from an the content of an attachment, especially if its a new threat.

Third, don't click on any links in the message. Not only does this let spammers know they've found a 'live' email account, but if a browser doesn't have the latest security patches or settings, clicking on a link can risk damage to the computer from malicious software.

Last but not least, if the mail client is set to display HTML mail, the moment we download the graphics from the spammer's server, they know we're a 'live' account, even if we didn't click a link!

There are settings we can adjust on our email software which can help dramatically reduce the risk from malicious emails. Most email clients work in a similar way, but these are the ones to look for in Outlook Express. <Tools> <Options> <Security> then under 'virus protection' make sure the box is checked that says “Warn me when other applications try to send mail as me”, which helps prevent any secret emailer trojans from using your computer. Also make sure “Do not allow attachments to be saved or opened that could potentially contain a virus” is checked.
Next, under the section titled “Download images”, check the box that says “Block images and other external content in HTML email”. Finally, if we keep the preview pane turned off, this will ensure only those messages we deliberately open are displayed. <View> <Layout> and un-check the “Show preview pane” box.

But we don't need to be passive victims of spam either. Currently, the most accurate spam removal products use 'Bayesian' filter technology. This works by breaking down email messages into word elements and then compares these elements to determine the likelihood that they're included in a spam email. Over time, as more mail is received, Bayesian filter based software learns from the emails the user accepts or rejects. After a few hundred emails, the software should have an accuracy rate of over 90%. A particularly good 'Bayesian' product is the one provided by Spamihilator and more information is available at http://www.spamihilator.com .

Alternatively, Spamfighter seems to rate particularly well with users. One major advantage is that it integrates seamlessly into Outlook and Outlook Express, the most commonly used email clients and this means people can stay with the product they're familiar with. Also, because Spamfighter doesn't require training in the same way as Spamihilator, it starts producing results from the moment it's installed. Details at (http://www.spamfighter.com).

While many users consider spam to be an irritation, inevitably it will consume more and more of our time. And when we consider that clicking on the wrong piece of mail could turn an irritation into a real problem, it makes good sense to put some sort of spam filtering in place.