Help with Spam and Phishing

...and Other E-mail Pests
by Randy Cassingham

The basics of spam, "phishing" and other e-mail pests, how they got your address in the first place -- and what to do now that you're inundated.

Phishing, Chain Mail and More

A particularly nasty type of spam is "phishing" (fishing): messages that look like they're from your bank or other official place which tell you there's a "problem" with your account and you have to come by and "confirm" your information. Popular targets are Paypal, eBay, and large bank customers. The scammers have no idea whether you're really a customer of such places, but by choosing large financial institutions their odds are pretty good. The link may even look like it goes to the correct financial institution, but it doesn't really. For instance, take a look at this link: http://www.Google.com. It's a link to Google, right? Nope! Hover your cursor over it, or click it; you sure won't go to the Google site! It's not always quite that obvious, either. You might hover and see that the target is "http://www.paypal.com" and a bunch of other text, but if you look closely you'll see that there's another dot after the ".com", not a slash -- and that the real destination isn't Paypal at all, but rather www.paypal.com.spammer-site.com -- very, very different.

 
If you're not sure if the mail is legit, do not click on the link! If you want to check your account and make sure it's OK, then use your regular bookmark, or carefully type in the correct link address yourself. But never click a suspicious link to check your account. The risk of losing any money there is huge, and you may never get it back if a scammer gets hold of it. If you're really unsure, call your bank's service center on the phone.

The #1 Most-Important Thing to Know: If you're foolish enough to click on links in "phishing" e-mails, you'll see what looks like your bank's real web site, but it's not. You're asked to put in your banking ID and password, or your credit card number, or other private information to "confirm your account". What you're actually doing is providing your bank information to scammers who are more than happy to drain your bank account for you. Don't be an idiot: your bank does not need you to "confirm" your credit card number or password!

Again, banks never send "confirm your account" e-mails. Some will send you a notice that they have taken action to secure your account if they detect possible fraud. "Hover" the link on any notice you get: if it doesn't show the link you expect, it's a phishing attempt and you should delete it. If it does, and you think it's legit, still do not click on the link, but rather use your own browser bookmark to go check on your account.

The #2 Most-Important Thing to Know: Your bank account is not the only thing at risk if you accidentally give a scammer your personal information. Sure, they'll grab all the cash they can as quickly as they can, but what if they have your credit card number, your password, your Social Security number? They can use your account info and password to try other banks, brokerage houses, and more, and drain those accounts too! They can use the information to apply for new credit cards in your name -- identity theft -- and make life a living hell for you.

Never use the same login and password info on more than one financial account. Never make your password easy to guess. Your spouse's name is a terrible password; "XcM-4&Q" is a great password. How can you keep track of such weird passwords? Software: RoboForm is what I use. You only have to remember one password: RoboForm's. It remembers the rest for you, and types them in for you when you need it. There's a free version and a paid version that does even more.

Send This to Everyone You Know!

Another pestilent phenomenon is chain mail, "send this to everyone" mail, "virus warnings" and the like. If you get e-mail that requests -- even urgently -- that you spread the message far and wide, that's a warning sign that you should dump it. You may live to greatly regret it.

Some mass e-mail campaigns claim they are "helping" a "good cause", like the cancer- struck kid that wanted to get in the Guinness Book of Records by getting as many cards in the mail as possible. Yeah, the kid exists, and got 16 million cards the first year -- and that was 1990! But not only did he not die, he is still begging for the cards to stop. Yet the story lives. Later Internet versions of the story switched to "send the cards to the Make-A-Wish Foundation in Arizona"; they are getting so many cards that it is interfering with their very worthwhile mission to help sick kids. So, people trying to be helpful are inadvertently causing true harm (see Make-a-Wish for info on their programs and the "Craig Shergold" problem).

Most "virus warning" mails are fake too, and keep going despite being years old. The "Good Times", "Deeyenda", "Irina", "AOL For Free" and "Ghost.exe" warnings (and certainly many others) are all hoaxes, and spreading them around causes nothing but resource drains, bother, and sometimes panic to the people you send them to. For more on 'net hoaxes in general, see http://www.nonprofit.net/hoax/. For more on fake viruses, see http://hoaxbusters.org.

There are real viruses, of course. However, if you keep your e-mail program updated (especially MS Outlook: always keep an eye open for new security "patches"!), keep your Windows updated (check Microsoft's "Critical Update" service at least monthly), and never click on attached files that you don't know are safe, you'll be quite safe from viruses. For added protection, use a virus scanner and update it regularly.

This Really Happened: Urban Legends

Then there are the urban legends. You get stories in your e-mail all the time that say they're true. A ship telling a lighthouse to get out of the way. The jet-equipped car crashing in Arizona. The good-ol' Southern boys accidentally blowing up their truck while ice fishing. The lawyer who insured his cigars against fire, and then turned in a claim after he smoked them. People waking up in ice finding a kidney has been surgically removed. Spiders under toilet seats. Bill Gates (or the cancer society) will send you money for forwarding e-mail. All are urban legends and are not true. Think about it: cancer societies accept donations, they don't send money out to idiots who forward e-mails! And Bill Gates isn't rich because he does the same thing. Don't be stupid and fall for such obvious hoaxes! For details on these and many others, see Snopes.) Another excellent source for debunking information is About Urban Legends. The latter even offers an e-mail newsletter that you can subscribe to so you can get the facts, sometimes even before you start getting the hoax e-mails from others!

If you see any plea or warning floating around the net, especially if it tells you to "send this to everyone you know!", the best bet is to assume it's a gag, hoax, or urban legend unless proven otherwise by going to the source. Please delete it, and do not send it on, either to me or anyone else. To learn more about this ever-growing pest, see the Hoaxbusters site.

Conclusion: It's All Common Sense

Return to Page 1: Spam Primer
or
See Who's Behind This Site: About Us

Please pass the URL for this site to others you think could benefit from the information here. The more people that truly understand spam, the harder it will make things for spammers.

Copyright © 1996-2008 by Randy Cassingham, All Rights Reserved. All broadcast, publication, retransmission, copying or storage, including on CD-ROM, listservers, BBSs, Web sites, "FTP" archives, or anywhere else, is strictly prohibited without prior written permission (contact the author).

"This is True" is a registered trademark of ThisIsTrue.inc and is used with permission.

This page: http://www.SpamPrimer.com/5-otherpests.html
About This Site and its Author
Site Map