Even though I've shown that bigger companies don't leak data (or didn't used to anyway), that doesn't stop smaller sites/companies. An easier way to see if someone is sharing your e-mail address when you don't want to is to use variations of your own e-mail address for each site. Google's e-mail service allows you to add data to your e-mail address and have it still successfully reach your inbox as described at this Makeuseof.com article. As of today, this tip does NOT work with Hotmail.

With help of a friend that uses Gmail, I was able to confirm that it works exactly as described in the article. I will definitely be using Gmail for all further account signups.

Some good news for today. Once known as the 8th largest spammer in the world, now facing prison and forfiture of all his earnings.

Like Phishing, Vishing entices you with a false e-mail but the difference is that they try to get you to call a phone number where you can be fleeced personally by one of their people.

Even if you think an e-mail is legitimate, never call the number provided. Look it up by some other means such as the phone book or from the given company's actual website.

To make a phishing e-mail seem more legitimate, scammers are now using common language from banks such as:

Please remember that we will never ask for personal account information via email or web pages.

This gets you to lower your guard. Instead of having a web address to click on, they set up a phone number for you to call. If you call the number a savvy scammer will get you to provide as much information as they can get.

Don't fall for this stuff. If you ever recieve something that sounds like there's a problem with your accounts or credit cards, go to their website directly or call their regular phone number. Never depend on links, phone numbers, or any other information sent to you in an e-mail.

This is amazing. I'll have to explain a few things before this will make sense though:

A CAPTCHA is an image used to protect comment forms from spammer's programs. You might have seen them, they look like scrambled letters and you have to type what you see in the image before you can enter the site. In theory, only humans can read the text so it prevents spammers getting in (because the last thing a spammer wants to do is actually enter Spam messages one at a time by hand).

Rather than figure out how to write sophisticated programs to decode the Captchas, spammers would hire people to type Captchas for them one after another. All the spammer had to do was re-write their Spam program to feed Captchas to the hired flunkies as they went around leaving Spam messages on the Internet.

But wait! Someone thought of a better idea. Now the spammers have created a free online porn game where users have to type Captchas to reveal the photo. By combining games and sex, spammers are getting for free what they used to pay for. Worst of all, they're circumventing a security control that wasn't very invasive that will now have to be upgraded making trouble for all of us.

As annoying as this is, it's also quite brilliant! I wonder what other applications we could use this for…

(H/T to Schneier's Blog for the link)

Leaving comments that are short and irrelevant to the conversation is a spammer trick for getting bloggers to approve their comment (which usually has a link attached to a site they want to drive traffic to). However, I got three such comments with no links so I wasn't sure if they were spam or not at first. However, I solved that pretty fast.

Do a simple google search for "Dakota Bolkestein" and you'll see that everywhere there is a commenter with this name, the comment is the same; "Thank you".

Yesterday, I got two more ambiguous comments so I looked them up too:

It's clear that these are not comments by real people, but I wonder what the point is if there's no link associated with them. Either way, I've now deleted those comments and will be watching the given article for more of the same.

Beware of the new scam that spammers have thought up. Now they're sending fake e-cards which can trick a recipient into opening a website or even downloading a virus without realizing it. The problem with e-cards is that people are already used to receiving these randomly (since you never know when you might get an e-card) and they have always required that you click the link in the e-mail to get your actual card.

It looks like e-card companies are going to need to address this by only putting the card reference number in the e-mail and making people come to their site directly and enter it instead of using in-email links. Chances are that the e-card companies will be reluctant to do so since any added steps or difficulty will reduce the number of users willing to look at the cards, but they may not have a choice if this scam gets out of hand.

I haven't talked about this before, but it's a problem that's been around a while. A lot of spammers will send full images containing their message instead of HTML or text because a spam filter can't recognize what's in a picture. Now that spammers have been seeing the results of advanced spam filters, they are moving more and more to image spam.

From the article I linked to, this is the most important piece of advice:

Disable graphics in e-mails you receive. Most e-mail services such as Microsoft Outlook 2007 and Mozilla Thunderbird automatically prevent graphics from showing in e-mails you receive unless you click on them or enable the graphics yourself. While this can slow things down a bit, it also reduces the chances that you will be caught clicking on a piece of image spam. You can also configure your e-mail account to only receive plain text, blocking rich text and graphics altogether.

The key is that if the image loads at all, even if you don't click it, the spammer can know you opened their e-mail which will encourage more spam.