SPAM
E-MAIL
Summary:
E-mail spam needs to be identified and deleted from your inbox
before opening it. The consequences of opening spam is: more
spam- unsolicited e- mail..
Purpose:
To show how to identify spam e-mail by its
origin without opening it. Ways to reduce your e-mail address from becoming
a target for spam.
It is just a matter
of time!
The
Problem:
According to CNN (November 20, 2007), e-mail spam is on the rise again, as
the holiday season approaches- 2 billion e-mails laden with spam will arrive
in December 2007 alone.
Well, 2009 has been a banner year despite more effort by law enforcement. Fortunately, Internet security software has become much more sophisticated and some of the worst offenders in the spread have started to take some responsibility for the spread- Micro Software Network-Hotmail- Google- Facebook & of course, you own Internet Service provider.
Why so much spam? Spam
is e-mail that you may or may not have requested though surfing, filling in
forms or mailing lists, registering software, etc. Despite the US government
passing the Anti Spam Act in 2003 (Bill, 392-5 & Controlling the Assault
of Non-Solicited Pornography and Marketing Act), spam has continued to proliferate.
Spam consumes an incredible amount of your personal time and computing resources-
telecom networks, ISP storage and bandwidth and to your personal computer.
Advice:
Email spam is destructive to your computer resources, very annoying
and a danger to your personal privacy. Tackle it at the source by knowing
what to look for. See an example of a suspicious e-mail- see below. Delete
all unknown emails without opening them. Do not be kind. These e-mails
can contain spyware that reports your activities and harbors viruses
and trojan programs that can disable your system and network.
Organize
off-line:
For the stuff you really need to keep, we set up directories and cut & paste
the text content into Notepad or Wordpad (Start>All Programs>Accessories>).
Word Pad is better for spell checking and larger files. Both formats are fine
for dumping into Word or a web page later-NB- without any viruses attached.
Do not try to cut & paste the pictures or ads unless you really need them
to make a point due to size considerations. For pictures, "right click" on
the picture or graph and choose "Save Picture as".
Things
you can do:
Don not encourage more spam by opening them or replying. Spammers love it
when the discover you have a live e-mail address. It is worth money. Only check
a certain times during the day (half an hour is plenty) & don't contribute
to the problem- by cc'ing everyone.
What can you do in to find out more about the unknown sender in Microsoft
Outlook?
1.- In your Outlook Inbox- Do not open by LEFT clicking on the message. Be
very cautious of any attachment.
2.- Highlight the message- RIGHT Click only, then scroll down and select "Options".
This will display further information in Message Options. There will be some
helpful information presented to help you determine whether to open the contents
of the email or to delete it.
3.- Watch for any reference to any Tracking options activated and "Have
replies sent to:" since intruders will re-direct your response by using
a false address in the first place. Intruders want you to open it and reply
since it the very least they will know you have a valid e-mail address.
4.- In the Internet header: box, look to see what the return path (email) is
and if you recognize it by the received from server & IP address.
In this case, it refers to infinitum.com (unknown). We ran a check on their
web site using a simple search in Internet Explorer using Google. We found
a web site address but when we tried to load it- nothing came up on own screen.
We did an "Whois" check (see site below) which revealed who the supposed
owner is actually:
"Infinitum Security
8 Temasek Boulevard
Suntec Tower 3 Penthouse Level
Singapore, Singapore 038988
Domain Name: INFINITUM.COM
Administrative Contact:
INFINITUM, SECURITY
admin@securefusion.com (oh! Another web site company- access denied)
8 Temasek Boulevard
Suntec Tower 3 Penthouse Level
Singapore, Singapore 038988
Phone: +65 6893 3098"
WHO IS?
Ever wonder how accurate WHOIS registration information is?
Only as accurate as the person or entity wants it to be. To our knowledge,
a domain name registration is mandatory though enforcement is minimal at best.
You can check WHOIS when you want to verify the owner of a web site at www.whois.org.
The site in question above even responds to a ping, so it is live- just no
web pages, Hmm. Looking
pretty suspicious so far.
First, we do not know who NRC Europe is in the From field and we find
it actually came from gicmowrn@riddler.com. In checking further, we find riddler.com
which is a games site with no address or phone number governed by the laws
of New York. And if you want to win anything, you have to provide your Social
Insurance number to claim a prize. Then, of course, when you shut down the
site, your browser comes up with a popular poker site.
In addition, our e-mail address at xxxx@us.com had never been used or setup in Outlook. Though, it had been set up at our ICANN certified domain register. (Soon to become our former domain registrar). The only location the address appeared was on their servers. Their email servers could have been compromised recently or their company was the provider of this email address, probably for a price, to Infinitium Security.
Most
free services do not allow you to view the source prior to opening,
like Windows Live Messenger (Hotmail & MSN Inbox), Yahoo, Freenet,
etc. If you Right click on a message all you can get is something similar
to the following:
" /cgi-bin/getmsg?msg=2E0DAEDA-528F-4E26-9D01-D447C83BA0&start=0&len=7374&imgsafe=n&curmbox",
-
which is close to useless. Time for the delete button if it is not obvious who
the sender is right away.
Example: The Outlook E-mail discussed above:
Return-Path: <gicmowrm@riddler.com>
Received: from toip6.bellnexxia.net ([219.276.175.174])
by tomts48-srv.bellnexxia.net
(InterMail vM.5.01.06.14 241-256-172-140-114-20050324) with ESMTP
id <20061024221520.PSDI20947.tomts48-srv.bellnexxia.net@toip6.bellnexxia.net>
for <xxxxt@us.com>; Tue, 24 Oct 2006 18:15:20 -0400
Received: from eforward7.name-services.com ([64.74.123.16])
by toip6.bellnexxia.net with ESMTP; 24 Oct 2006 18:14:12 -0400
Received: from c9mailgw21.amadis.com ([216.163.188.221]) by eforward7.name-services.com
with Microsoft SMTPSVC(6.0.3790.1830);
Tue, 24 Oct 2006 15:15:28 -0700
Received: from dsl-189-128-38-192.prod-infinitum.com.mx (unknown [189.128.38.192])
by c9mailgw21.amadis.com (Postfix) with ESMTP id 285FF16C8BE
for <xxxx@ourdomain.com>; Tue, 24 Oct 2006 15:08:33 -0700 (PDT)
Message-ID: <000e02c6f7b9$6968f803!c0768#bd@apltr19hz0mm4y>
From: "Europe NRC" <gicmowrm@riddler.com>
To: us@ourdomain.com
Subject: project Chairman Bill
Date: Tue, 24 Oct 2006 16:11:53 -0600
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000A_01C6F787.1ECC7800"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-CTASD-RefID: str=0004.0B091201.453E8G9A.0020,ss=2,fgs=0
X-CTASD-IP: 189.128.38.192
X-CTASD-Sender: gicmowrm@riddler.com
x-ctasd: suspected
x-ctasd-vod: uncategorized
x-ctasd-station:
Return-Path: gicmowrm@riddler.com
X-OriginalArrivalTime: 24 Oct 2006 22:15:28.0534 (UTC) FILETIME=[E9833B60:01D6F7A9]
