At first glance, most spam looks a lot like the advertising that fills our inboxes from our banks, clothing stores and political parties. The differences lie in three basic areas:

1. Spam is sent out in bulk. Advertisements from legitimate retailers are usually sent to people who have already done business with the company either in person or online. Because spammers make their money on a tiny percent of recipients who respond, they send out a large amount of these unwanted emails at a time. Although there is no way to accurately count the number of email recipients, it is estimated that the average spam mailing contains over one million addresses.
2. Spam is anonymous. The actual sender is either concealed or intentionally masked. Many spammers make up names so that the recipients won’t know who the emails are from before they are opened. Legitimate advertisers will have their company name on the email so that you can see at a glance where the email is from.
3. Spam is unwanted. When you do business with an online company or order from an online store, there is often a box within that order form that you can check to ‘opt out’ of receiving further emails from that company or companies that they might give your address to. While an overwhelming amount of spam is either for goods or services that you would never be interested in, some spam can actually harm your computer if it is opened. Many spam emails contain ‘phishing’ schemes that try to obtain your personal information, spread malware that can harm your computer and those of people in your address book or simply clog up your inbox with emails that take valuable time to sort through.

Even though an email is unsolicited, it is not necessarily spam. Although you may not have knowingly signed up to get information from familiar companies, you may welcome emails that contain coupons good toward future purchases, notice of sales or free shipping offers or fundraising drives for your favorite charities. This is why you need to get spam blocking software that isn’t too aggressive, or you may miss opportunities that even though you didn’t ask for them, would be particularly welcome.

Many companies such as Paretologic and Symantec offer software with Bayesian filters that rely on distinct spam patterns so that your wanted emails will filter through, or be tagged as ‘possible spam’ for your review. Because spam can rob you of time as well as cause dramatic computer problems, having some protection in place is a necessity.

Phishing is a practice used by unscrupulous people in an attempt to obtain sensitive, personal data from unsuspecting individuals. The type of information that these thieves try to get includes social security numbers, credit card account numbers, bank account numbers and more. They might even attempt to steal usernames and passwords so that they can gain access to various online accounts. Phishing scams generally steal this information so that they can use it to create new credit accounts or take out loans.

Phishing scams often take on the appearance of emails or pop up windows that are quite similar in appearance to some of the trusted websites that you visit. Any links included within the email will direct the individual to a fake website. The best opportunity you have to protect yourself from phishing scams is to understand the signs and to guard against them.

ADVERTISEMENT

Wow - Have you heard of the Lifelock yet? The CEO is so proud of his service that he’s shouting his SSN from the rooftops! That’s right

His name is Todd Davis

and his REAL social security number is 457-55-5462

Click the banner below to learn more …

Most phishing emails will not include either your first or last name. Usually these emails are sent out in bulk so it is much easier to exclude names.

Another tip off is that many phishing scams ask the individual to verify their account. In order to do this, you will be asked to submit certain sensitive data such as your log in, password, account number, or social security number.

Many phishing emails will also include a “threat” that your account will be closed immediately or you will lose all of your assets if you do not respond within a specified amount of time. These messages are designed to get people to react quickly and without thinking.

Plus, some phishing emails direct you to click the links within them. If you hover over the link instead of clicking it, you should be able to see the true web address. In the case of a phishing scam, you will see a string of numbers or words that do not resemble the true company’s name.

To protect yourself even more fully, purchase and install up-to-date antispyware and antivirus applications. Each of these is designed to recognize and do away with malicious programs. Filetonic offers a number of programs that can scan and protect your computer from the unwanted spyware, adware, and viruses that sometimes come along with phishing scams. Install one of these programs to provide yourself with the protection you need.

If you use Internet Explorer as your browser, make sure that you install the latest version to get the best level of protection against phishing scams. In fact, you can use a particular feature of Internet Explorer,Phishing Filter (found in the Tools menu), to protect yourself against phishing scams. This program is designed with a built in filter to scan web addresses in order to identify potentially harmful ones. These websites will be blocked from your browser. It also includes an online service that provides hourly updates on newly developed phishing websites. Plus, you can report any suspicious websites or emails directly to Microsoft. You can also report phishing scams to the DTC helpline at 1-877-FTC-HELP.

… This morning all my outgoing messages came back to me. My Norton virus checker results stated that all is clean. The message:

“Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554. The message was rejected because it contains prohibited virus or spam content (state 18).”

Can you help?

While it is odd that all of your messages bounced back to you, it is good that your virus checker had nothing to report. With a message of this type, one that has been generated by the intended recipient of the emails, the problem is clearly seen as one that belongs to that email server. In other words, the problem is not on your end or with your Gmail account.

By the nature of the comment that is included with the rejection, “The message was rejected because it contains prohibited virus or spam content,” the indication here is that the other mail server has an issue with some of the content in your email. Most email servers/providers maintain applications to prohibit the sending or receipt of spam.

In particular, URLs that originate from certain websites that have been blocked by the email server are classified as “undeliverable” due to the nature of their content. Emails sent with this type or URL included in either the body or signature of the email will not go through and will get bounced back to the originator or sender of the email.

Questionable attachments are also a quick trip to the “this isn’t getting delivered” bounce back dump. Today’s technology is very sophisticated and yet it has been designed and implemented by humans. Therefore, even content and URLs that have nothing to do with spam or viruses are often mistakenly flagged as belonging to this category of undesirables.

Without knowing whether your outgoing messages are similar in content or whether they are all going through the same mail server, it is difficult to get specific. However, it is more than likely that some word, link, or attachment in your emails is being recognized by the other email server as some type of signal that the emails contain spam content.

In some cases, the problem is in the subject line of the emails. Certain words have been associated as red flags that indicate that the email being issued with it is more likely than not some type of spam. A few examples of common subject lines used with spam are: re, alert, undelivered mail, and policy violation. Subject lines for spam change on a regular basis and might include bits and pieces from current headlines as well.

It is also possible that the email servers for the intended recipients of your emails have anti-spam software installed and set at a high level. In fact, this is almost a definite circumstance. This application would reject the emails and refuse to deliver any that resembled spam.

I suggest calling tech support at the other email server and asking for a clear explanation.

Wouldn’t it be great if you could register your e-mail address with an agency much like you can do with the national “Do Not Call” list? The “Do Not Call” list has been extremely effective at reducing the telemarketing calls. For example, prior to registering my phone number, I’d receive at least five telemarketing calls per day. Now, I get maybe one or two a month.

However, while the U.S.’s CAN-SPAM Act places restrictions on spam, it doesn’t actually can it. Instead, marketers have guidelines that they must follow such as providing their physical address and a means for opting out of future messages. Further, CANSPAM does not have a “Do Not E-mail” provision.

The Direct Marketing Association (DMA) offers an E-Mail Preference Service they call the “eMPS” that appears to be a voluntary effort by the marketing industry to give consumers options. You can register your e-mail addresses with the eMPS and, theoretically, reduce the amount of unsolicited e-mail messages that arrive in your inbox. I say theoretically because not all spammers clean their e-mail lists using the eMPS system. What good is registering if none of the spammers use the registry? Registering your e-mail address may reduce some e-mail but I doubt it will make a dramatic impact. Instead, this should be part of a larger strategy.

If you want to register your e-mail address with this service, it’s fairly easy to do. Simply enter your e-mail address in the E-Mail Preference Service form, click the confirmation link in the confirmation e-mail that you receive and wait and see. They say that you should expect to see a decrease in e-mail volume in about two months. I just registered a “disposable” e-mail address as a test and will report back in a few months to let you know if any spammers managed to get a hold of this unpublished address.

So, if there’s no legitimate “Do Not Call” list for spam, how can you reduce the amount of spam that arrives in your inbox? Be stingy with your e-mail address, use disposable e-mail addresses, and use a good spam filter.

Don’t freely give away your main e-mail address or you will be spammed. This includes filling out entry forms at special events, posting your e-mail on Web pages and forums, and signing up for freebies online. When an e-mail address is required, use a disposable one such as a Yahoo e-mail address that is used strictly for such purposes. I use SpamGourmet. To date, nearly 52,000 spam messages that would have landed in my inbox have been gobbled up by this free service!

Finally, a good anti-spam program, such as ParetoLogic Spam Controls, can identify and trap spam messages that manage to come your way despite your precautions.   

I love my disposable email address and highly recommend that you get one too. You know how Web sites are - they always want your e-mail address. Sometimes, I find a site and want to demo their software or read a few of their newsletters. Guess what? They want my e-mail address before they’ll let me go any further.

The problem with just giving them my e-mail address is that I don’t necessarily trust the Web site just yet. Will they bombard me with spam? Will they sell or share my e-mail address with others? Will I ever want to hear from them with special offers? All I want to do is see how their product works, not enter into an ongoing dialog with them.

I could sign up for a free web-based e-mail account and use that as a throwaway email address. In fact, I have done that. The problem is, some of these Web site signups require that I actually check the email in order to activate my membership or receive the messages. So, I must log in to the disposable account, check my e-mail and see a bunch of unwanted messages in my in-box. Not a big deal, but there’s a better way.

I use SpamGourmet. This service lets you sign up for a disposable e-mail address. You use this address by configuring the way you give it to others. For example, the disposable e-mail address is in the following format:

UniqueIdentifier.NumberOfEmailsYouWillAllow.Username@spamgourmet.com

For example, let’s say I want to sign up for XYZ’s newsletter and I have a username of “celeste.” I’m willing to receive a test run of five emails before I want XYZ to stop sending me e-mails. I would sign up for the newsletter using this disposable e-mail address:

XYZ.5.celeste@spamgourmet.com

The first five emails from XYZ would be forwarded to my regular e-mail address. If I enjoy these newsletters and want to continue to receive messages from this address, I can go my account at SpamGourmet and either increase the number or allow unlimited emails from this address. If I don’t want to receive any more than five, once the last e-mail arrives, any new ones are gobbled up by SpamGourmet and are never forwarded to me ever again.

I can make up e-mail addresses all day long as needed. Let’s say I want to receive news alerts from CWWNews but am not sure about their privacy policy. I’d create a disposable address using the same format, in this case: CWWNews.20.celeste@spamgourmet.com

Now, as messages begin arriving with this address in the “to” field, I can gauge whether CWWNews is sending them or if some other entity suddenly has the address. If I’m suddenly receiving offers from mortgage companies using this e-mail address, I can conclude that CWWNews has shared my e-mail address. By using a disposable email address, I can limit how compromised my address will become. These companies can share my disposable address with the entire world of spammers for all I care because I’ll never see their messages.

For starters, if the email is from a Nigerian king, it’s probably a scam. Unless you happen to regularly hang out with Nigerian royalty that is. I’ve mentioned in previous posts how my old email address had been severely compromised. Hundreds of spam messages arrived in my inbox each day. But a spam email and a scam email aren’t necessarily the same thing.

Spam emails are usually pretty easy to spot, right? You know that emails promoting Viagra are junk messages. But scam emails are often more subtle. In fact, some are nearly impossible to tell from legitimate messages. For example, I get emails from Bank of America regularly. I also occasionally receive emails from Citibank, PayPal, eBay, Wells Fargo, and Washington Mutual. All look like they are legitimate. All have the appropriate information in the “from” line. All have pretty pictures and logos. But only a fraction of these emails are from MY bank.

What’s wrong with that? Let’s say that I’m a Bank of America customer and I receive general notices from the from time to time such as “View your banking documents online” or “try ‘Keep the Change’.”  I am a Bank of America customer and I do receive these kinds of emails from them. But these emails aren’t asking me to “confirm” my account or enter my username and password.

Emails that prompt you to reveal your private information in such a manner are known as “phishing” scams. It’s fairly easy to copy the look and feel of financial institutions and enter a dummy address into the “from” line. These scams can even direct you to lookalike websites so that you think that you are logging into your own account. As you log in, guess what? You are entering your username and password. You’ve just been scammed!

So, how can I tell? A combination of common sense and a good security software suite, that’s how. I don’t have a Citibank account, so right off the bat I know that Citibank emails are either spam or scams. Anytime an email from PayPal or eBay comes in prompting me to confirm my information, it is almost always a scam. My security software also flags suspicious looking emails and warns me that it has found an email that is most likely a phishing email. 

Take everything that comes through your inbox with a grain of salt. You’ll receive tons of emails and chain letters forwarded from well meaning friends that aren’t what they appear to be. Some are scams, others are hoaxes, and others are just plain silly. You’re not going to get rich investing in stocks that you’ve heard about in a chain letter and why would a Nigerian king reach out to you for help?

Scams are aplenty. Remember that legitimate financial institutions never ask you to reveal your personal information. If you’re concerned about your account due to an alarming email, pick up the phone book, look up the phone number, call, and inquire about your account. Don’t call the number provided in the email because it could ring right to the scammer. Invest in good anti-spam filtering software and use common sense. If it’s too good to be true, then it’s probably a scam.