Spammers have begun using the World Trade Center disaster as an excuse to defraud generous people of money. Spammers can't be eliminated, but companies and people can protect themselves.
Spammers present a moving target. They often open an account with an Internet service provider, send out their e-mail and then shut down the account so that they can't be traced or receive replies. Sometimes they relay e-mail via a third party's machine to make it seem as though the spam has come from a legitimate source and to cloak the spammer's real point of origin. The e-mail messages include requests to send money to a postal address or to click on a URL and donate money by credit card. Spammers can thus collect money without being identified.
The terrorist attacks will likely ignite a flurry of Internet hoaxes and chain letters. People should suspect any message that asks them to forward the e-mail to others or that does a lot of name-dropping--a favorite ploy of scam artists to gain credibility. Such hoaxes live for a long time on the Internet because unsuspecting people forward them to large lists while those who suspect fraud just quietly delete them.
By itself, the use of spam blacklists, which highlight the latest victims of relay attacks, is inadequate. By the time the site appears on the blacklist, the spammer has moved on to the next victim.
See news story:
Spam, misinformation in wake of tragedy
Check the validity of e-mail offers through Web sites that track Internet hoaxes and chain letters. Suspect messages may carry subject lines such as "Express Relief Fund" or "Victims Survivor Fund."
Protect mail routers against unauthorized relay so that the company's Internet domain does not wind up on a blacklist.
Advise employees to reply to those who have forwarded fraudulent messages and ask for their help to stop its spread.
Warn employees to double-check legitimate-sounding groups by phoning them for verification. A list of legitimate charities appears on Forbes magazine's Web site. People should use great caution when giving out credit card numbers.
Advise employees to treat spam as they would viruses. People should be suspicious of e-mail they didn't expect to get. If people don't know the person or group sending e-mail asking for money, it is probably fraudulent because most legitimate charitable organizations do not solicit people with whom they do not already have a relationship.
The following are individuals or organizations that publish information online about e-mail hoaxes:
The SpamCon Foundation.
The Coalition Against Unsolicited Commercial Email (CAUCE).
The U.S. Department of Energy, through the Hoaxbusters section of its Computer Incident Advisory Capability (CIAC) site.
Don't Spread That Hoax!.
Break the Chain.
(For a related commentary on spammers, see Gartner.com.)
Entire contents, Copyright ? 2001 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.