Fraud 101: Spam, spim, chain mail and other time-wasters

We recently learned that Canada's Competition Bureau (7) took the unusual step of warning the public about several hoaxes perpetrated on the Internet and not only (9). This is a good opportunity for this article, since after getting for the nth time a chain email from a friend, I had already decided it's about time I write this little ditty, in the hope that if I am to receive more junk / chain mail from friends, they will at least be more interesting / innovative.

1. Chain letters

It's very tough to protect yourself from chain letters because the "enemy" is really a hapless friend. You cannot educate / lecture your friends, as that is the surest and simplest way to lose them. But when you've been using and abusing the Internet since the early 90's, like I did, you've seen the same chain letters several times, sometimes translated in the various languages you and your friends have in common. It's hard to understand what and who invents these. Although we have a few theories, we will not indulge in this silly sport. Rather, we will try to explain why they are bad and how to deal with them. Such chain emails are, fortunately, easy to spot. The tell-tale sign is usually a statement to the effect:
"please send this to as many people as you can" "for every email you send you (or I) will make $1000" "if you don't forward this email Viracocha will kill ye"
There are many other traits these emails have in common. If you are tempted to believe them, try to google at least the most significant phrase in the email. Alternatively, try to go to one of the sites listed in 10-20 and see if the email has not already been indexed as a hoax. Hoaxes are bad because they waste time and clutter our mailboxes. They are very frustrating especially when received for the 10th time. When a friend forwards you a hoax, the implicit message is "I could spend 1 minute verifying if this is a hoax, but I prefer to make you waste 1 minute for the 10th time today deleting my crap".

2. Spam

This is something we all hate. Luckily, things are now far better than only a few years back. Statistical analysis - more specifically, Bayesian algorithm - helped improve spam filters dramatically. This works by analyzing what you (and possibly others) have marked as spam vs. what you consider to be legit. Each word gets a score based on how often ends up in the spam folders vs how many times occurs in the legit correspondence. Together with other words and clues it allows the program to guess whether any email message is good or not. If you are using Google Mail, you must have noticed the improvement. If you are using Outlook, chances are you are still fighting an organized military with a broom. That's because the filters Microsoft has included in Outlook are not based on "live" statistical analysis, but rather on what Microsoft decides is the top monthly spam. Luckily, you can easily correct this problem with SpamBayes (5). Still, GoogleMail is far better not only than Outlook, but even than any other service, so if you have a problem with Spam, get GoogleMail - it has free spam filters (hotmail was trying to charge for it earlier), free POP, free IMAP, all the storage you want, multiple labels, unlimited filters, etc. You can use it with Outlook easily, if you would rather not store your email off-site. Google spam filters are so good that there are signs that the spammers are giving up (3).

3. SpIM

SpIM is spam for instant messaging clients and is especially prevalent on Yahoo!'s network (at least that used to be my experience). How does it work? Well, you are happily feeding your Internet addiction, when every now and then a message from a "melita" or "larissa" or who knows what other name you've never heard of pops on your screen asking you to visit some porn website. You then have to close that window manually, which is a total PITA because it interrupts your work flow. To protect yourself, you could allow messages only from people already in your contact list, but that is not what you want to do. What if an old friend has just found you and tries to message you? What if your house is on fire and your spouse can only use someone else's IM account to let you know, but can't, because you won't allow it? These are all good questions. The only solution that I know of that can intelligently allow legit messages while denying SPIM is a Trillian plugin. (Pidgin should have something like that too, but if it does, then I don't know about it.) Trillian is, as you probably know, an instant messaging client that connects to all possible networks and allows you to access them from the same interface, grouping your contacts based on their relationship to you, rather than their network of choice. You no longer need to have Windows Messenger, Yahoo Messenger, AIM and ICQ all running at the same time, taking memory and screen real estate away from you and slowing down your computer. Trillian basic is free; if you want to your plugins, you need the Pro version, which is $10 or $20, can't remember. To deal with SPIM, you need to install Trillian SPAM challenge (6). This plugin will then issue a challenge/response check to anyone trying to contact you; this eliminates robots and SpIM. Other plugins allow for a multitude of other features, including shipment checker, incoming messages forwarding to any email address or cell phone, etc.

4. Malware or phishing websites

These are websites that have been infected with some kind of virus, trojan or spyware. This malware is hidden somewhere in the webpage code and it infects you as you load the webpage in your browser. Many times, legitimate, high-traffic websites might become infected unbeknown to their rightful owners. Google might sometimes alert you when that happens and they are known to remove such sites from their index(4). Perhaps the best way to protect yourself against such malicious websites is to use a secure browser, such as Opera (the most secure browser of all) or Firefox with the NoScript extension, with Java disabled. Secondly, be very careful with what information you are giving away. In 99% of the cases, there is no reason to give away your real name, your real address or your D.O.B. even though the website might insist on it.. Use your judgment, don't be an automaton.

5. eBay, PayPal or other shopping sites

This chapter would most likely require a separate article all by itself. Suffices to say for now that the problem with PayPal as well as its parent corp, eBay, is the lack of or inadequacy of their buyer or even seller protection policies. Most credit cards offer some kind of protection, but with PayPal, you're toast. You are completely at the mercy of your vendor, who may or may not deliver your merchandise, and may or may not send you what you thought you were purchasing. Either way, you will probably end up on your own and you will have to swallow your losses. That is why, if you have an alternative (such as a credit card), avoid PayPal. There are even certain fraudulent non-Internet activities you cannot really protect yourself from. One such case involves the fraudulent use of Interac. If when you pay with your bank card the vendor makes a backup copy of your number and password, then imprints them on a card and empties your bank account, you will find that your bank will seldom reimburse you for the loss. Similarly, if somebody breaks into a shopping website that has your credit card numbers, there is again very little you can do about it. If a payment processor is dishonest, again, there isn't much you can do either (1). Credit cards used to provide some form of protection against fraudulent charges, with usually $50 or $0 deductible for fraud, but lately, some agreements have been updated to either remove or drastically reduce such protections. We will be writing more about this shortly.

Sources

  1. FTC Says Payment Processor Took Millions - /.
  2. Urban Legends repository - snopes.com
  3. spammers giving up - /.
  4. Google removes-thousands of malware sites - downloadsquad
  5. SpamBayes - sourceforge
  6. Trillian SPAM Challenge - trillian pluggins
  7. The Competition Bureau - gc.ca
  8. Phonebusters - ph
  9. Watchdog warns of several holiday scams - cbc.ca
  10. Internet Petitions - Snopes
  11. E-Mail Junkyard - Hundreds of chain letters and e-mail forwards - chainletters
  12. BreakTheChain.org - Stop Junk E-mail and Misinformation
  13. Chain letter - Wikipedia
  14. HOAXBUSTERS
  15. Chain Email
  16. Email Chain Letters -
  17. Urban Legends FAQ: What is a chain letter? - about.com
  18. Chain E-Mail - umich
  19. Symantec's Threat Explorer - symantec (DUH!)
  20. Telemarketing answering script - junkbusters
  21. Make your own search! - google

blog comments powered by Disqus
Your gift enables us to continue to provide high quality reporting with little or no advertising.