Spyware, Viruses, & Security forum

General discussion

Do you have the right weapons to deal with spam and phishing?

by Lee Koo (ADMIN) CNET staff/forum admin / October 28, 2011 9:01 AM PDT
Question: Do you have the right weapons to deal with spam and phishing scams?

Those of us, myself included, who are aware of what is happening in our world, realize that we are subjected to information overload that is increasing with each passing day. This occurs daily on our computers as we receive unsolicited e-mails, all of which use marketing techniques and deceptive psychology to seduce us into reading and responding to messages sent to us. The cleverness seems to defeat our spam filters and the like. The situation is really terrible, and we need weapons to fight back. What methods appear to hold the most promise for dealing with this unique and ubiquitous cancer?

-Submitted by member: Lnarth

If you have an answer for member Lnarth, click the "reply" to submit your advice,
suggestions/opinions, or tips. Thanks!
Post a reply
Discussion is locked
You are posting a reply to: Do you have the right weapons to deal with spam and phishing?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Do you have the right weapons to deal with spam and phishing?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Common Sense
by Rijswijk / October 28, 2011 12:13 PM PDT

Best thing is common sense, If you don't know em don't open them.
Other than that make sure you use a good email service (Gmail has an excellent junk mail filter)
Never use your primary email for signing up for News letters, blogs,etc unless you trust the source and even then be careful..Always have a separate email account for this purpose.

Collapse -
Common Sense: What a Concept!
by mavericke / November 5, 2011 4:57 AM PDT
In reply to: Common Sense

I don't use admuncher, so I can't comment on it. But I gotta comment on your "common sense" statement. What an idea!! I have a general rule that I violate only VERY rarely: if I don't recognize the sender's name, and it doesn't have a subject line--I kick the email into the spam folder WITHOUT OPENING IT. As I'm sure you know, Rijswijk, it's no longer necessary to open an attachment to get an infection from an email. If someone I know has actually sent me something, I'd rather miss out on the email than risk a virus infection. I haven't gotten a virus from an email in at least six years, and that one was from a friend who sent a legitimate email but didn't know her computer had been infected.

Collapse -
weapon to deal with spam and phishing
by jjcpa / October 28, 2011 12:22 PM PDT

i use yahoo.com mail. they do a very good job but i still get spam of which 99% is in the spam file or some of it goes into trash. i sent 100% of my spam to www.spamcop.net. they forward it to the isp that sent it. there is minimal charge and if do not pay there may be some advertising. i am not sure because i haved always paid. you have to remember that even though they send it they cannot force the isp to do anything. i do not know what goes on at spamcop.net but i only get about 10 or 15 spams a day. i think i owe it all to spamcop.net. many years ago i got a lot more. one thing i do to stay out of trouble is to NEVER click any link unless it comes from someone i know. if in doubt, send it to www.spamcop.net. you can either forward the email headers and part of the mail to them, then they send it back to you and you click a link and it is send to the isp. i prefer to copy the headers and some of the body and copy and paste it and put it in the box at spamcop.net and send it myself. it may sound complicated but its not.

Collapse -
To forward the header to spamcop
by ssnsusbb / November 5, 2011 1:59 AM PDT

Is it safe to open up a spam email in order to see and forward the header??

Collapse -
Try this...
by porsche10x / November 7, 2011 4:57 AM PST

My email is set to open messages from unapproved senders as text-only, with links disabled.

Collapse -
There is a solution, so what.
by Luhng / October 28, 2011 1:35 PM PDT

Yes, as a matter of fact I do, however, don't kid yourself, that means nothing in the cyber ware or computing world.

I have a system where all e-mail spam is eliminated, you can still make new contacts, it is possible to send official circulars without having them blocked and, with the full system, you can chose to receive no spam or only spam of your desired type. (And of course this would impact the creation of botnets and zombies)

And it would work, unlike the failed attempts such as Microsoft's cash for e-mail and challenge systems. And it can't be defeated by botnets or zombies or hiring Indian cheap labour to input for you.

Sounds good doesn't it? Here's a list of people who didn't reply to me to over 70 e-mails, faxes and registered letters (multiple correspondence to each):

Microsoft,
Bill Gates,
Hotmail,
Google,
Gmail,
Yahoo,
Symantec,
The President,
The White House,
FBI,
Federal Trade Commission,
Department Of Justice,
Homeland Security,
White Collar Crime Centre
Every person on the public cyber awareness video produced on behalf of the president,
2 Senators attempting to pass e-mail spam bills,
4 Computer News and Magazine reporters,
The Chairman of the Annual e-mail spam conference.
And others.

Interesting that, during cyber awareness month in the US, the people, speaking on behalf of the president, who created the official video asking the public to own cyber crime and work towards defeating it aren't actually interested in doing it themselves to the extent of a 2 minute e-mail.

So, my answer to your question is: There is no true 100% solution and it's unlikely there ever will be as the interest in the government and computing industry simply isn't there notwithstanding what they may tell you.

Collapse -
Spam
by csreeves / November 5, 2011 2:24 AM PDT

What do u use?

Collapse -
Be Afraid...Be Very Afraid
by ajtrek / October 28, 2011 2:20 PM PDT

Hi Lnarth,

Just kidding about the title but you raise a very serious and real question about a problem that a lot of people are trying to combat. The discussion grows everyday in the private as well as public arenas. There's really no clear definitive answer as to what works best; as the bad guys are working overtime. Ironically, even the so-called "good guys" help to proliferate the problem; as I will touch upon later.

The lines separating Spam from Phishing are blurred. See the similarity by definition:

Spam: Also known as junk mail or unsolicited bulk email. Involves nearly identical messages sent to numerous recipients. Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books and are sold to other spammers. There is a practice known as "email appending" or "epending" that uses known information (such as postal address) to search for a target email.

Phishing: An attempt to acquire information such as usernames, passwords, credit card details by masquerading as a trustworthy entity in an electronic communication. Usually carried out by email spoofing or instant messaging. Communications purporting to be from popular social websites, auction sites, online payment processors and the like.

In short...Phishing can morph into Spam and Spam can morph into Phishing.

Forms of protection from Spam and Phishing come in a plephera of varieties just to name a few:

1. Passive protection in programs like Outlook, Mail (Mac OS X), Eudora, GMail, YahooMail and others that allow you to set filters, rules, block addresses and block ISP's (xxx.com).
2. Passive protection found in web browsers (IE9, FireFox, Chrome, Safari (via App Store), Opera etc) that use a community based rating system to warn against suspicious sites
3. Active Protection found in Internet Security Suites (too many to name like Norton, Eset, TrendMicro etc ) with email filtering tools
4. Active Protection found in Spam and Phishing protective services like Barracudanetworks.com or Secureworks.com and the list goes on.

However, use of any preventive product or service is of little help if the user doesn't practice safe computing. Here's a short list:

1. Watch out for "phishy" emails. The most common form
of phishing is emails pretending to be from a legitimate retailer, bank,
organization, or government agency
2. Don't click on links within emails that ask for
your personal information
3. Beware of "pharming." In
this latest version of online ID theft, a virus or malicious program is
secretly planted in your computer and hijacks your Web browser. When you type
in the address of a legitimate Web site, you're taken to a fake copy of the
site without realizing it.
4. Never enter your personal information in a pop-up
screen.
5. Only open email attachments if you're expecting them
and know what they contain
6. Know that phishing can also happen by phone. You may get a call
from someone pretending to be from a company or government agency, making the
same kinds of false claims and asking for your personal information
7. If someone contacts you and says you've been a
victim of fraud, verify the person's identity before you provide any personal
information
8. Job seekers should also be careful. Some
phishers target people who list themselves on job search sites.
9. Report phishing, whether you're a victim or not. Tell the company or
agency that the phisher was impersonating
10. Take action immediately if you've been hooked by a
phisher. If you provided account numbers, PINS, or
passwords to a phisher, notify the companies with whom you have the accounts
right away. For information about how to put a "fraud alert" on your files at
the credit reporting bureaus and other advice for ID theft victims, contact the
Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft
or 877-438-4338, TDD 202-326-2502.


When shopping online at legitimate sites (the "good guys") be careful and look for boxes that are pre-checked for you to receive offers and/or communications from them or their partners. Be sure to uncheck the boxes and opt-out if you don't want to receive any communications. Even legitimate retailers count on you not unchecking the boxes to opt-out.

Lastly, this is worth repeating again:

Protect your computer with spam filters,
anti-virus and anti-spyware software, and a firewall, and keep them up to date.



Thanks for letting me chime in on this subject!

Collapse -
e Afraid...Be Very Afraid
by Padmaar64 / November 5, 2011 12:53 PM PDT
"3. Beware of "pharming." Inthis latest version of online ID theft, a virus or malicious program issecretly planted in your computer and hijacks your Web browser. When you typein the address of a legitimate Web site, you're taken to a fake copy of thesite without realizing it."

How to prevent this ,and how to find out whether such program is planted on the PC?
Collapse -
Click On The Link
by ajtrek / November 6, 2011 8:53 AM PST

Hi,
The link below will take you to a tutorial on how to protect yourself...err...your computer. The emphasis is on the word "protect" as nothing is 100%. The article is a little dated but the basics still hold true. Also, ( as a disclaimer) any mention of security programs and the like are those of the author. I hope this helps. Good luck and safe computing.

http://www.pcstats.com/articleview.cfm?articleID=1579

Collapse -
Protect from hijackers
by webweazel / November 6, 2011 9:38 PM PST

There's a great little FREE program I found quite a few years ago and have used ever since- WinPatrol:

http://www.winpatrol.com/

It is a small program, not a resource hog, and simply monitors specific files/resources on your computer. It keeps an eye on your startup folder, HOSTS file, lets you know if your browser homepage is attempting to be changed, filters your cookies according to what you want to keep or trash automatically, lets you know about browser toolbars trying to load (or already loaded), watches your file associations, shows hidden files and active tasks. It also has an installed program similar to "hijack this".

It won't scan or remove something that has invaded your computer already by itself, that's what anti-virus and anti-spyware programs are made for, but if you have it installed all the time, it will watch over your computer and alert you immediately if something nasty tries to get inside. Some of the functions will help you to get rid of scumware if you know what to look for. Most of the time, it just sits there quietly and you won't even notice
it's there. But, if the Scotty barks, you need to pay close attention to what he says. Something is happening you need to deal with. The best way to deal with hijackers and scumware is to not let it gain a foothold at all. Scotty will help you to effectively "neuter" these threats before they take over.

Collapse -
There is an alternative for WinPatrol...
by JCitizen / December 29, 2011 3:56 AM PST
In reply to: Protect from hijackers

And that is Emisoft's Anti-malware. They have a separate product with just the HIPS called Mamutu, but one might as well get the works. You don't get the real time protection without paying for it, unfortunately.

Collapse -
(NT) Simple method
by Eliean / October 28, 2011 4:33 PM PDT
Collapse -
Write your congress person
by someolboy / October 28, 2011 4:53 PM PDT

Suggestions...

Collapse -
Sweet revenge - maybe not...
by coelius / November 1, 2011 7:02 AM PDT

The problem with that is that most spam comes from 'zombie' computers, that is, from ordinary people whose machines have been taken over by the criminals. The originators of the spam have their tracks well covered.

Perhaps the owner of the spamming machine shares some culpability through negligence. Most of the computers that I have been asked to 'fix', often repeatedly, were security train-wrecks. I gave up trying to help people because they would quickly undo any measures I took to improve security, and yet they would blame me for subsequent crashes. No act of kindness goes unpunished.

Even so, what you suggest is strictly illegal.

Collapse -
Can you tell me more about that zombies?
by DJEVEREST / November 4, 2011 4:38 PM PDT

Hello coelius, i think i'm being victim of those attacks and my PC or at least my e-mail is being used by those delincuents to send spam to my contacts. But i don't know how, i just changed my password, i'm using hotmail.com and i set up to connect with https since i first realised i was being attacked by spammers.

I did what i read in the security help section of hotmail and for some time i had no problems but this week i was attacked again. I saw lots of spam tha was sent to my entire mailling list and hotmail was returning a message saying that some emails couldn't be delivered.

So i am now understanding my email is like a "zombie" but i don't know how to fix it. Can you please tell me where can i get more info about this topic?

I'll really apreciate any help to stop this situation. Thanks in advance.

Collapse -
You may be getting Joe Jobbed
by MightyDrakeC / November 4, 2011 5:57 PM PDT

Since the "From:" and "Reply-to:" fields are not verified in any way, it's trivial for spammers to put your address in those fields.

It may seem like they're using your address book because the spam programs running on zombie computers use the email addresses they find in emails stored on those computers. Most people have many emails that have been forwarded to mutual friends. So, your email address is mixed in among many people that are also in your address book. The zombie program grabs one at random to stick in the "To:" field and another nearby to stick in the "From:" field.

http://en.wikipedia.org/wiki/Joe_job

Collapse -
I never use my real name on the internet...
by JCitizen / December 29, 2011 4:05 AM PST

but the phishers and spammers found out anyway. How do they do it? They break into online vendors and equate your email address to your profile in the customer data base. All of this is done automatically after your vendor is compromised. This happens all the time, and I've even had a local brick and mortar store, that had a local data base compromised for this same information!!

Collapse -
Your real name is probably on thousands of computers
by MightyDrakeC / December 29, 2011 5:50 AM PST

You don't have to use your real name. Some of your friends have it in their addressbook. Then, when they send an email to you and several other people at the same time, your real name is now on several computers. It'll be in the To: field as "Real name" <email@hotmail.com>

If that email is a joke email, then some of those people may forward it to several of their friends. Now your name is on dozens of computers. Repeat a few times and your name is on thousands of computers. Some of those are going to be zombie computers running spam software.

And that's all they have on you, your name and email address. The vast majority of spam and phishing is annoying, but harmless. As long as you don't click on the links you're safe.

Drake

Collapse -
Dealing with spams, scams and all those annoying email
by HakanPet / October 28, 2011 7:05 PM PDT

The best and most infallible weapon in this fight is......you yourself. The problem with many "technical" solutions is that it might catch emails from organisations that you deal with and have no concerns about.

With regards to scams - If the FBI send you an email saying that they want your details to authorise the release of funds from Nigeria........well, have you got any links with Nigeria.....With lotteries etc it is simple - if you didn't join you can't win.

Another feature of many of these emails is that they contain many spelling mistakes and grammar is very poor.
These are just some things that I have picked up when faced with a packed inbox.

Collapse -
dealing with phishing and spam

To me, the ideal way to deal with Spam and phishing is to shift ti GMail From the day I shifted to.GMail, I am not receiving any phishing or spam mail. The unwanted mails are sent direct to SPAM and deleted by Google itself. I do not open the spam mails at all.Rarely I go through SPAM only to see any Mail intended to me was sent to spam by mistake.

Collapse -
Use WOT
by rogermumbai / October 28, 2011 10:47 PM PDT

Use the WOT (Web of Trust) extension. It even evaluates links in emails and warns you if its unsafe to open (Red circle) or safe (Green circle). Sometimes it doesn't recognize the site, so you get a Grey circle with a question mark.

Collapse -
I dont know but I've been told,
by duckluva1 / October 29, 2011 3:36 AM PDT

Of course I wouldnt do this ,but,...(R R R) It really ticks off phishing scammers when you reply with a callback number that dirests them to the police department. AS it goes, reply with your own area code (212) + 911 +any four digits. (ex: 212-9110762) The call will be directed to 911 as the area code doesnt matter, all the phone recognizes is the 911 after the area code (the last 4 digits dont matter either)
Ergo, they call- they get 911, (Police) and we all know you cant hang up on 911 calls as they are traced and locked immediately after reaching the operator. Warning, Phishers get REALLY ticked off when the police trace them back and May try to retaliate.

Collapse -
I do know, and I've been told
by griswolf / November 4, 2011 4:29 PM PDT

Causing non-emergency calls to 911 is both illegal and a drain on very limited resources. On the other hand, dial-a-prayer/joke/sermon/slogan, the local TV station's weather number, and apply for a credit-card phone numbers would welcome another phone call. You can probably think of some others.

Collapse -
Don't let other people solicit you
Don't let other people solicit you: You can't see the other person on the other end so you don't know who they are. Don't accept free offers because its usually a trick and there is no such thing as a free lunch. We googled a couple of addresses in the free offers and they were "near" the actual address but not a match which led me to believe that if something is too good to be true, it probably is. What grief am I going to get if I decline a free offer and go out and buy a digital camera myself?

I got a couple of emails claiming to be from my retirement fund. I called my own retirement fund up and they said they didn't send them. The rule of thumb is to not respond to emergencies through email because you can't see the other person on the other end of the email. Just because people create emergencies doesn't mean that I have to respond in their way or on their timetable. People make a living on the other end of the world sitting in an internet shop sending out fraudulent emails and you can't do anything to them because their countries don't have diplomatic relations with the free world or your country. The key is to be proactive and not reactive.

I open my email up online before I download it. If you don't know the person, hit delete. If there is a link in there from someone you don't know, don't click on it. Just delete the message.

Use a seperate email address for business and use a different email address to personal.

Don't get involved in chain emails or forwards. Always use BCC (Blind Carbon Copy) to forward things to people.

Tell congress to charge five cents per email as a tax to help the post office. That will cut down on unwanted email because it then becomes costly for bulk spammers to do business.

Report spam to your ISP because some of them have good filters and know how to deal with getting it off of their servers.

Beware of even calling companies to even do business with because they will put you on the marketing list and I was receiving calls even though I was on the "Do Not Call List". I reported the calls to the appropriate people but doesn't seem to do a lot of good.

And don't do online banking. I don't believe it is secure and I don't believe it will ever be secure. Until Congress catches up and makes email fraud a crime, you will continue to see email scams.

My solution to spam is to not live online. There is a whole world outside so go outside.

Chuck
Collapse -
And don't do online banking
by Nebelb / November 4, 2011 6:39 PM PDT

Hi Chuck,

I disagree strongly to your idea to avoid online banking.

Remember that these threads get read by people all over the world. I live in Germany & sometimes in New Zealand. Here in Germany one can safely use online banking as we have a lot better system (okay nothing is going to be perfect). It all comes down to how you personally defend your computer. There is some good advice in this thread, basically it comes down to what precautions the individual takes personally. I use a very good program (Bit Defender) for my firewall, spam filter & viruses etc. Plus a healthy portion of common sense.

In N.Z. & Aussieland online banking is a must due to the vast areas that are not populated or as in my case in Germany the banks out in the wilds have either bad opening times & or no cash machine/Terminal to do anything.

As I stated at the start of my reply, you are giving some very questionable advice by suggesting people do not use onlione banking. I live alone & have difficulties moving around, so it is for me extremely useful. Before you ask, yes I get out as much as I can. Think about what you write before you post something.

Use common sense & a reliable program to keep your computer (as far is possible) protected. Otherwise just get rid of your computer.

Collapse -
RE: SPAM...Don't Let Other People Solicit You
by catdoc54 / November 5, 2011 8:17 AM PDT

A great idea.....charge a nominal fee per email. to support snail mail!! If this were coupled with a reduction in the rates for 1st class letters under one ounce, there would probbably be a lot more folks sending non-time critical correspondence through USPS.
One potential problem: how to keep the rates from creeping, or even skyrocketing?? unless there was a legislated structure to limit compensation for the business entity collecting/managing this fee, we might end up paying a quarter or even a half-dollar before too many years pass.
As a fellow non-online banker, I feel that this is an important part of protecting identity. I switched to a local credit union years ago, but keep a credit card from a national bank to use in case of emergency while traveling.

Collapse -
RE: 1. 5¢ per e-mail; 2. banking online
by Piercan / November 12, 2011 2:58 AM PST

1. However much I'd hate to be charged for e-mail, if this worked, then it would be worth the cost.
2. You don't always have a choice of not banking online (living abroad, online statements, etc.)

Collapse -
Online Banking
by rosshiuk / February 6, 2012 8:12 PM PST

Online Banking,
just to inform you.... Install Trusteer Rapport this app. creates a virtual private network (VPN) this makes a tunnel between you and your bank, it also protects your bank ID and password
http://www.trusteer.com/webform/download-rapport <- Its FREE also and 100% safe
HSBC, Bank of America,PayPal & eBay, just four of 144 vendors who recommend their customers use Rapport, you can also add sites to the protected list yourself, e-mail login's etc.
Another great FREE app. is AVG LinkScanner, if you are sent a link in an e-mail ir from facebook then you are safe to click, LinkScanner will check out the link before you get to the page, if its phishing or malisious in any way it will be blocked and you will be shown a dialog box that will tell you why the site was blocked....
http://majorgeeks.com/AVG_LinkScanner_d5970.html ,_ Download from MajorGeeks
Stay Safe Online Wink

Collapse -
I have reduced my spam and phishing emails significantly
by ozark123 / October 31, 2011 8:27 AM PDT

I use Firefox & Hotmail.

Hotmail has a good junk filter. Simply mark a message as junk and you never hear from that address again. Phishing emails get marked as Phishing scam and get the same treatment.

I receive phishing attempts disguised as eBay communications. They get forwarded to Spoof@ebay or Spoof@paypal and get marked as Phishing scams in Hotmail. In theory Hotmail / Microsoft, eBay and PayPal are working to identify and stop the crooks.

Use a throwaway email address for signing up for forums etc.

Back this up with lot's of common sense. No hot chicks / dudes are dying to meet you. No one in Nigeria wants to give you millions of dollars. Your bank / credit card companies are not going to ask you to verify your info via email.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

CNET Forums

Looking for tech help?

Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.