and conduct business with. In fact, according to many sources, there are
many more email users than there are Web users.
Surprisingly, Email is still technically an unreliable service. In fact,
Information Week conducted its own study and found that almost 40% of all
emails are not getting to their destinations. Personally, I think this stat
is a bit high... Regardless, many business models heavily depend on it.
Reliable or not, its wide-spread use and dependence cannot be disputed.
Unfortunately, with the good comes the bad. Spam, Email Spoofing, Phishing,
Zombies, Viruses and Spyware continue to plague its usefulness.
So what can be done? More legislation? I'm afraid not. In 2003 the CAN-SPAM
Act was adopted, but since then there has been more spam than ever.
This is a global problem. Given this, we need a global solution which isn't
likely in the near term. Awareness and countermeasures are our only defense
right now I'm afraid.
I think it's safe to say that spam has become an epidemic. More than 50% of
all email is spam! This is a huge number considering that millions of
messages float around the Internet every day. And before you start
complaining that you probably get your unfair share of spam, Bill Gates gets
4 million emails a day and most of it is spam. Of course, I would never say
that he deserves it. ;-)
Most people know what spam is by now, but if you were wondering, the simple
definition is junk mail. It's mail that you did not ask for---well, not
intentionally anyway.
Not too many years ago, email was the epitome of the Internet (perhaps it
still is); you could send someone a message several thousand miles away
without it costing you a dime.
Of course, email has never been completely free, but today it's getting
quite expensive, especially for big corporations. To the home user spam is
more of a nuisance. However, if you consider your time money, then email is
getting more and more expensive for everyone.
So how do we fight spam?
No, these are not dead bodies that have been brought back to life by a
supernatural force. However; Zombies are one of the Internet's worst
nightmares.
Your PC can become a zombie when it gets infected by a virus or worm. This
worm copies itself to the Windows system directory under a random name, and
registers this file in the system registry auto-run key. It then begins to
randomly scan for further machines to attack on TCP port 445. It also
listens on TCP ports 113, 3067, and other random ports allowing hackers
backdoor access to infected (zombie) machines. Compromised machines also
attempt to connect to several IRC servers to receive commands and transmit
data to their controllers.
Hackers use the vulnerabilities of your Operating System (Windows) to launch
many different forms of attack on the Web without you ever knowing it. Yes,
your PC could be spamming the world this very moment. Smart Computing
magazine reported that more than 33% of all spam messages go through zombie
PCs.
I don't believe the home user intentionally wants to be a part of the spam
problem, but the reality is that many are. In fact, if you do have a zombie
running on your computer, don't be surprised if your ISP (Internet Service
Provider) disconnects you from the Internet. Comcast and others are dealing
with the spam zombie problem this way.
Help the Internet community by protecting yourself and avoid getting
shutdown. Here are a few ways you can do this:
If you have a broadband connection (Cable or DSL) to the Internet, make sure
you install a router/firewall.
Keep your Windows Operating System updated with the latest patches and
fixes.
Install anti-virus software and keep it current.
Try to keep your system free of spyware.
Install a software firewall to prevent malicious traffic from leaving your
computer.
Power-off your pc at night.
So you get an email from your friend who tells you to stop sending her spam,
or worse, viruses. You insist you never sent out an email on the day in
question. In fact, you've been on vacation all week and your computer's been
powered down.
Welcome to the concept of spoofing. This is a cleaver practice by
unscrupulous people who use your "reply to" email address to spam the world,
including your friends and family.
You might be asking yourself what good spoofing does if a spammer wants to
hear back from you? After all, the reply address doesn't point back to the
spammer...
The truth is they don't want to hear back from you via email. They want you
to open the message and accidentally or intentionally click on a
conveniently large blue hyperlink.
You have just fulfilled the spammer's objective: use social engineering to
persuade you to open their message, and worse, click on a hyperlink that
takes you to an unknown website.
Unfortunately, it doesn't stop there... that unknown website might not even
be a website at all---it might be a malicious application you just
downloaded: a spam zombie or a keylogger (applications that capture your
confidential information by recording each key you type and transmitting
this information to a third party via your Internet connection) perhaps.
The only way to avoid spoofing is by keeping your email address completely
private... And what is the point of that? Just don't automatically assume,
if you get a virus or spam from a friend via email, that it came from them.
You just signed-up with eBay because you want to sell that old 17lb 35mm
camera you took to Europe with you once before you were married with
children.
Shortly after your account is finalized on eBay, you get a message from
PayPal warning you that an unauthorized email account was setup, and to
correct the problem, you need to resubmit your account info... Concerned,
you correct the problem by filling in a very legitimate looking form.
Bam! Part of your identity has just been stolen. Like spoofing, it's social
engineering at work once again. Phishing is a way to entice you to provide
thieves your financial info. For a "phisherman", it only takes one good
catch in a sea of millions to satisfy his appetite for the day.
Follow this link for an example.
Here are two ways to defend against this sort of practice:
Never respond to emails that ask you for financial info or point you to a
website that does.
Verify the domain address in your web browser. Make sure that you are at a
legitimate website address, and that it is securely "locked" with the tiny
lock icon in the lower right corner of your browser window.
Unfortunately, there is no sure-fire way to avoid spam all together unless
you are Bill Gates and form an entire department to filter it for you. Much
like spyware and viruses, spam is something we have to live with. However,
we aren't completely powerless. Here are some things we can do to minimize
spam:
Protect your primary email address - do this as you would your social
security number. Even the IRS doesn't need to know your email address.
NEVER reply to unsolicited email - by replying, you are essentially telling
the spammer that you exist. Don't fall for the "opt-out" ploy.
Create more than one - with all the free email accounts available these
days, why not create one for those times when you need to provide one on the
Internet: travel reservations, shopping, filling out forms, subscribing to
news groups, etc.
Filter out spam - find out if your ISP (Internet Service Provider) can
filter spam at the server level. Personally, I don't believe in adding
additional software to my computer to fight spam, but for some, adding an
anti-spam application might be the best solution.
Avoid e-greeting cards - Tell your friends and family not to send you
e-greeting cards. Nobody should be posting your email address on the
Internet without your approval.
Use defensive behavior - Don't open suspicious looking email. If the subject
field has a mix of incoherent letters and numbers, just delete it.
Change your email address - obviously, the least appealing thing to do, but
if you are getting more spam than legitimate email, it's time to pull out
and get relocated.
Hide and wait - Sometimes it's possible to deactivate your primary email
address for a period of time. This will cause the spammer to realize that
your address doesn't work anymore. You will eventually be removed from their
list. After a month, reactivate your primary account and start over.
No comments:
Post a Comment