Category Archives: Spam

Using Gmail to Track Companies That Leak Your Data

Even though I've shown that bigger companies don't leak data (or didn't used to anyway), that doesn't stop smaller sites/companies. An easier way to see if someone is sharing your e-mail address when you don't want to is to use variations of your own e-mail address for each site. Google's e-mail service allows you to add data to your e-mail address and have it still successfully reach your inbox as described at this Makeuseof.com article. As of today, this tip does NOT work with Hotmail.

The short of it is that if you use your gmail name add a "+" sign and then write anything you want to remember a web service's name (usually just their name), the e-mail address will still work, but you'll have a code that lets you know if the company is selling your data.

For example, if I sign up with Yahoo, I might use gmailname+yahoo@gmail.com where gmailname is my gmail account name. Now if Yahoo sells their database without modification and another company uses it, I'll get an e-mail for Canadian meds or what-have-you with a "TO" address of gmailname+yahoo@gmail.com. When I get such an e-mail, it will be blatantly obvious who sold me out.

With help of a friend that uses Gmail, I was able to confirm that it works exactly as described in the article so I will definitely be using Gmail for all further account signups.

Phishing Attacks Trick You To Calling A Phone Number

To make a phishing e-mail seem more legitimate, scammers are now using common language from banks such as:

Please remember that we will never ask for personal account information via email or web pages.

This gets you to lower your guard. Instead of having a web address to click on, they set up a phone number for you to call. If you call the number a savvy scammer will get you to provide as much information as they can get.

Don't fall for this stuff. If you ever recieve something that sounds like there's a problem with your accounts or credit cards, go to their website directly or call their regular phone number. Never depend on links, phone numbers, or any other information sent to you in an e-mail.

Using Porn to Motivate Workers

This is amazing. I'll have to explain a few things before this will make sense though:

Example Captcha
Example Captcha
A CAPTCHA is an image used to protect comment forms from spammer's programs. You might have seen them, they look like scrambled letters and you have to type what you see in the image before you can enter the site. In theory, only humans can read the text so it prevents spammers getting in (because the last thing a spammer wants to do is actually enter Spam messages one at a time by hand).

Rather than figure out how to write sophisticated programs to decode the Captchas, spammers would hire people to type Captchas for them one after another. All the spammer had to do was re-write their Spam program to feed Captchas to the hired flunkies as they went around leaving Spam messages on the Internet.

But wait! Someone thought of a better idea. Now the spammers have created a free online porn game where users have to type Captchas to reveal the photo. By combining games and sex, spammers are getting for free what they used to pay for. Worst of all, they're circumventing a security control that wasn't very invasive that will now have to be upgraded making trouble for all of us.

As annoying as this is, it's also quite brilliant! I wonder what other applications we could use this for…

(H/T to Schneier's Blog for the link)

Odd Comment Spam: “Thank You”

Leaving comments that are short and irrelevant to the conversation is a spammer trick for getting bloggers to approve their comment (which usually has a link attached to a site they want to drive traffic to). However, I got three such comments with no links so I wasn't sure if they were spam or not at first. However, I solved that pretty fast.

Do a simple google search for "Dakota Bolkestein" and you'll see that everywhere there is a commenter with this name, the comment is the same; "Thank you".

Yesterday, I got two more ambiguous comments so I looked them up too:

It's clear that these are not comments by real people, but I wonder what the point is if there's no link associated with them. Either way, I've now deleted those comments and will be watching the given article for more of the same.

New E-Card Scam

Beware of the new scam that spammers have thought up. Now they're sending fake e-cards which can trick a recipient into opening a website or even downloading a virus without realizing it. The problem with e-cards is that people are already used to receiving these randomly (since you never know when you might get an e-card) and they have always required that you click the link in the e-mail to get your actual card.

It looks like e-card companies are going to need to address this by only putting the card reference number in the e-mail and making people come to their site directly and enter it instead of using in-email links. Chances are that the e-card companies will be reluctant to do so since any added steps or difficulty will reduce the number of users willing to look at the cards, but they may not have a choice if this scam gets out of hand.

Update

It looks like Consumer Affairs has this story too.

Image Spam on the Rise

I haven't talked about this before, but it's a problem that's been around a while. A lot of spammers will send full images containing their message instead of HTML or text because a spam filter can't recognize what's in a picture. Now that spammers have been seeing the results of advanced spam filters, they are moving more and more to image spam.

From the article I linked to, this is the most important piece of advice:

Disable graphics in e-mails you receive. Most e-mail services such as Microsoft Outlook 2007 and Mozilla Thunderbird automatically prevent graphics from showing in e-mails you receive unless you click on them or enable the graphics yourself. While this can slow things down a bit, it also reduces the chances that you will be caught clicking on a piece of image spam. You can also configure your e-mail account to only receive plain text, blocking rich text and graphics altogether.

The key is that if the image loads at all, even if you don't click it, the spammer can know you opened their e-mail which will encourage more spam.