Spyware, viruses, & security forum: Do you have the right weapons to deal with spam and phishing?

I don't use admuncher, so I can't comment on it. But I gotta comment on your "common sense" statement. What an idea!! I have a general rule that I violate only VERY rarely: if I don't recognize the sender's name, and it doesn't have a subject line--I kick the email into the spam folder WITHOUT OPENING IT. As I'm sure you know, Rijswijk, it's no longer necessary to open an attachment to get an infection from an email. If someone I know has actually sent me something, I'd rather miss out on the email than risk a virus infection. I haven't gotten a virus from an email in at least six years, and that one was from a friend who sent a legitimate email but didn't know her computer had been infected.

Is it safe to open up a spam email in order to see and forward the header??

Yes, as a matter of fact I do, however, don't kid yourself, that means nothing in the cyber ware or computing world.

I have a system where all e-mail spam is eliminated, you can still make new contacts, it is possible to send official circulars without having them blocked and, with the full system, you can chose to receive no spam or only spam of your desired type. (And of course this would impact the creation of botnets and zombies)

And it would work, unlike the failed attempts such as Microsoft's cash for e-mail and challenge systems. And it can't be defeated by botnets or zombies or hiring Indian cheap labour to input for you.

Sounds good doesn't it? Here's a list of people who didn't reply to me to over 70 e-mails, faxes and registered letters (multiple correspondence to each):

Microsoft,
Bill Gates,
Hotmail,
Google,
Gmail,
Yahoo,
Symantec,
The President,
The White House,
FBI,
Federal Trade Commission,
Department Of Justice,
Homeland Security,
White Collar Crime Centre
Every person on the public cyber awareness video produced on behalf of the president,
2 Senators attempting to pass e-mail spam bills,
4 Computer News and Magazine reporters,
The Chairman of the Annual e-mail spam conference.
And others.

Interesting that, during cyber awareness month in the US, the people, speaking on behalf of the president, who created the official video asking the public to own cyber crime and work towards defeating it aren't actually interested in doing it themselves to the extent of a 2 minute e-mail.

So, my answer to your question is: There is no true 100% solution and it's unlikely there ever will be as the interest in the government and computing industry simply isn't there notwithstanding what they may tell you.

Hi Lnarth,

Just kidding about the title but you raise a very serious and real question about a problem that a lot of people are trying to combat. The discussion grows everyday in the private as well as public arenas. There's really no clear definitive answer as to what works best; as the bad guys are working overtime. Ironically, even the so-called "good guys" help to proliferate the problem; as I will touch upon later.

The lines separating Spam from Phishing are blurred. See the similarity by definition:

Spam: Also known as junk mail or unsolicited bulk email. Involves nearly identical messages sent to numerous recipients. Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books and are sold to other spammers. There is a practice known as "email appending" or "epending" that uses known information (such as postal address) to search for a target email.

Phishing: An attempt to acquire information such as usernames, passwords, credit card details by masquerading as a trustworthy entity in an electronic communication. Usually carried out by email spoofing or instant messaging. Communications purporting to be from popular social websites, auction sites, online payment processors and the like.

In short...Phishing can morph into Spam and Spam can morph into Phishing.

Forms of protection from Spam and Phishing come in a plephera of varieties just to name a few:

1. Passive protection in programs like Outlook, Mail (Mac OS X), Eudora, GMail, YahooMail and others that allow you to set filters, rules, block addresses and block ISP's (xxx.com).
2. Passive protection found in web browsers (IE9, FireFox, Chrome, Safari (via App Store), Opera etc) that use a community based rating system to warn against suspicious sites
3. Active Protection found in Internet Security Suites (too many to name like Norton, Eset, TrendMicro etc ) with email filtering tools
4. Active Protection found in Spam and Phishing protective services like Barracudanetworks.com or Secureworks.com and the list goes on.

However, use of any preventive product or service is of little help if the user doesn't practice safe computing. Here's a short list:

1. Watch out for "phishy" emails. The most common form
of phishing is emails pretending to be from a legitimate retailer, bank,
organization, or government agency
2. Don't click on links within emails that ask for
your personal information
3. Beware of "pharming." In
this latest version of online ID theft, a virus or malicious program is
secretly planted in your computer and hijacks your Web browser. When you type
in the address of a legitimate Web site, you're taken to a fake copy of the
site without realizing it.
4. Never enter your personal information in a pop-up
screen.
5. Only open email attachments if you're expecting them
and know what they contain
6. Know that phishing can also happen by phone. You may get a call
from someone pretending to be from a company or government agency, making the
same kinds of false claims and asking for your personal information
7. If someone contacts you and says you've been a
victim of fraud, verify the person's identity before you provide any personal
information
8. Job seekers should also be careful. Some
phishers target people who list themselves on job search sites.
9. Report phishing, whether you're a victim or not. Tell the company or
agency that the phisher was impersonating
10. Take action immediately if you've been hooked by a
phisher. If you provided account numbers, PINS, or
passwords to a phisher, notify the companies with whom you have the accounts
right away. For information about how to put a "fraud alert" on your files at
the credit reporting bureaus and other advice for ID theft victims, contact the
Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft
or 877-438-4338, TDD 202-326-2502.


When shopping online at legitimate sites (the "good guys") be careful and look for boxes that are pre-checked for you to receive offers and/or communications from them or their partners. Be sure to uncheck the boxes and opt-out if you don't want to receive any communications. Even legitimate retailers count on you not unchecking the boxes to opt-out.

Lastly, this is worth repeating again:

Protect your computer with spam filters,
anti-virus and anti-spyware software, and a firewall, and keep them up to date.


Thanks for letting me chime in on this subject!

Hi,
The link below will take you to a tutorial on how to protect yourself...err...your computer. The emphasis is on the word "protect" as nothing is 100%. The article is a little dated but the basics still hold true. Also, ( as a disclaimer) any mention of security programs and the like are those of the author. I hope this helps. Good luck and safe computing.

http://www.pcstats.com/articleview.cfm?articleID=1579

And that is Emisoft's Anti-malware. They have a separate product with just the HIPS called Mamutu, but one might as well get the works. You don't get the real time protection without paying for it, unfortunately.

Emisoft will actually block startups from happening and shutdown spys that it very quickly detects with its behavioral heuristics. It only updates for security reasons, and to modify its white list. It has been highly effective for me. The console gives you complete granular and intuitive control.

I still run good ol' Scotty though, just to double check!

I only work for I and my clients, and not for any company - FYI.

Suggestions...


Make it illegal ....
Create an IP address capture & trace route destructive virus that would automatically reply, crawl back to the point of origin, confirm the IP address, launch a batch file to lock down the computer and permanently destroy the equipment ... oh, sweet revenge.... (oh well, we didn't want what you sent us either....) ...

Hello coelius, i think i'm being victim of those attacks and my PC or at least my e-mail is being used by those delincuents to send spam to my contacts. But i don't know how, i just changed my password, i'm using hotmail.com and i set up to connect with https since i first realised i was being attacked by spammers.

I did what i read in the security help section of hotmail and for some time i had no problems but this week i was attacked again. I saw lots of spam tha was sent to my entire mailling list and hotmail was returning a message saying that some emails couldn't be delivered.

So i am now understanding my email is like a "zombie" but i don't know how to fix it. Can you please tell me where can i get more info about this topic?

I'll really apreciate any help to stop this situation. Thanks in advance.

but the phishers and spammers found out anyway. How do they do it? They break into online vendors and equate your email address to your profile in the customer data base. All of this is done automatically after your vendor is compromised. This happens all the time, and I've even had a local brick and mortar store, that had a local data base compromised for this same information!!

Fortunately I use Hotmail, and as long as I mark all spam as junk, I get very little of it. Beware of PayPal phishing emails - they are the most realistic of them all - I never follow or click on them - I just check the header to see if the source address is legitimate, and it not, I mark it as phishing.

The best and most infallible weapon in this fight is......you yourself. The problem with many "technical" solutions is that it might catch emails from organisations that you deal with and have no concerns about.

With regards to scams - If the FBI send you an email saying that they want your details to authorise the release of funds from Nigeria........well, have you got any links with Nigeria.....With lotteries etc it is simple - if you didn't join you can't win.

Another feature of many of these emails is that they contain many spelling mistakes and grammar is very poor.
These are just some things that I have picked up when faced with a packed inbox.

Use the WOT (Web of Trust) extension. It even evaluates links in emails and warns you if its unsafe to open (Red circle) or safe (Green circle). Sometimes it doesn't recognize the site, so you get a Grey circle with a question mark.

Once you become a part of the WOT community, do spare a few seconds to rate the sites/webpages you visit. Your effort goes towards fighting spam/viruses etc.

Causing non-emergency calls to 911 is both illegal and a drain on very limited resources. On the other hand, dial-a-prayer/joke/sermon/slogan, the local TV station's weather number, and apply for a credit-card phone numbers would welcome another phone call. You can probably think of some others.

Hi Chuck,

I disagree strongly to your idea to avoid online banking.

Remember that these threads get read by people all over the world. I live in Germany & sometimes in New Zealand. Here in Germany one can safely use online banking as we have a lot better system (okay nothing is going to be perfect). It all comes down to how you personally defend your computer. There is some good advice in this thread, basically it comes down to what precautions the individual takes personally. I use a very good program (Bit Defender) for my firewall, spam filter & viruses etc. Plus a healthy portion of common sense.

In N.Z. & Aussieland online banking is a must due to the vast areas that are not populated or as in my case in Germany the banks out in the wilds have either bad opening times & or no cash machine/Terminal to do anything.

As I stated at the start of my reply, you are giving some very questionable advice by suggesting people do not use onlione banking. I live alone & have difficulties moving around, so it is for me extremely useful. Before you ask, yes I get out as much as I can. Think about what you write before you post something.

Use common sense & a reliable program to keep your computer (as far is possible) protected. Otherwise just get rid of your computer.

1. However much I'd hate to be charged for e-mail, if this worked, then it would be worth the cost.
2. You don't always have a choice of not banking online (living abroad, online statements, etc.)