Understanding Spam

Anyone who has an email address needs no introduction to this pesky phenomenon
of electronic communication. Spam is unwanted, unsolicited commercial email
that is mailed in bulk to thousands, even millions of recipients simultaneously.

Much of the confusion regarding spam comes from a lack of understanding the
everyday email user may have regarding the ways and motivations of the spammers.

Whether a given email is spam or not spam can be said to be in the eye of the
beholder. There are legitimate email marketers out there, who comply with all
applicable laws when they do their bulk emailing. They will, for example, only
send their advertising to recipients who have subscribed to their emailing
list. In fact, in formal studies have shown that currently, only about half of
all spam is deceptive or fraudulent; roughly half of all spam contains genuine
marketing messages. Thanks to spammers, all email marketing is tainted with a
bad name.

The nature of spam has less to do with its commercial content than with the
fact that it is unsolicited and sent out in bulk. There are two categories of
spam: unsolicited bulk email and unsolicited commercial email.

Unsolicited bulk email is mass-mailed to recipients who have not given their
consent to receive it. This category of spam encompasses jokes, chain letters,
virus alerts, etc. unsolicited commercial email targets your wallet. This
subset of spam includes get-rich- quick and pyramid schemes, stock offerings
for pennystocks, spamming software and fake pharmaceuticals.

While most spam is generally mailed out to advertise a product or service, some
is malicious in content and intent. It runs the gamut from jokes and ads, to
stock-market scams and virus-laden emails. Spammers, those obnoxious folks who
send you spam, will target you because:

* They want you to buy something

* They defraud you out of your hard-earned money

* They want to confirm that your email address is a real live one (and then add
  you to a spam mailing list)

* They just want to shock and offend

The huge volume of spam has created big problems. While it is free for the
spammer to send out his millions of spam emails, the cost of the bandwidth that
this junk mail takes up borne by the internet service provider (ISP). The ISP,
not one to bear this expensive burden on its own, will pass on some of the cost
to you in the form of price increases. You also pay the price for spam in the
time wasted sorting through and deleting junk mail, the loss in productivity
and the pure aggravation of having to deal with it. It also raises security
issues because it may contain viruses that are harmful to your computer.

How do you spot spam when it lands in your inbox?

Here are a few things you can look for that are a dead give-away

- Email from someone you do not know
- Nonsensical subject lines
- Outlandish promises of money, exotic cruises and lonely housewives
- Adult or pornographic content
- Unsubscribe links in unsolicited email
- Very brief emails -- a line or two

You should be aware that spammers often send you email that is designed to look
like it came from an acquaintance of yours, a reputable company or a reply to an
email from you.

The Costs of Spam

The volume of spam that is sent out every minute of the day has reached
pandemic proportions. The simple reason for this is because the cost to a
spammer ranges from zero to negligible. In fact, anyone with a list of email
addresses and Internet access can spam thousands, even millions of people with
a single click of the mouse. The cost of spam, however, now runs in the
millions.

Bandwidth

Spam takes up valuable Internet bandwidth that would otherwise be used for
legitimate business and personal use. Bandwidth refers to rate at which data is
transmitted; it is the amount of data that can be transmitted within a fixed
amount of time. The lower the bandwidth, the slower the transmission.

When spam uses up valuable bandwidth, and clogs up the system, it causes costly
delays in the transmission of important, legitimate information. It forces the
Internet Service Providers (ISPs) to increase bandwidth just to handle the
increased volume. This costs money, and this cost is passed on to the consumer.

Viruses, Worms and Malware

It is becoming an increasingly common menace. Spammers will attach viruses to
the email they send out for purely criminal or malicious purposes. Some
viruses, for example, are programmed to self-install and give the spammer
access to all the vital information stored on your computer. This information
is often be used for identity theft purposes.

Other viruses simply do great harm to computers the world over. A Consuner
Reports study estimates that the cost of repairs and replacement parts for
damage done to computer systems by viruses was over 8 billion over the past two
years. This does ot take into account the billions spent on anti-spam and
anti-virus software.

Productivity

Spam is not only annoying, it also takes up valuable time just to go through it
and figure out sort out the spam from the valid mail. For businesses that
receives hundreds of emails a day, the cost in time and productivity really
adds up. The "cost of spam calculator" that is available at cmsconnect.com
estimates the that spam costs almost $1000 per employee each year, with over 50
hours of lost productivity for each one.

Lost Messages and Data

As we try to battle the spammers by installing spam filters and blockers, these
programs often weed out legitimate businesss correspondence. Lost correspondence
from a client or supplier can easily cost businesses money, clients and goodwill

Identity Theft

The phenomenon of phishing has become more prevalent as spammers think up new
ways to make a buck at your expense. Phishing involves the use of email that is
designed to look like a legitimate company has sent it. It is sent out to
millions of people in the hope of scamming them into revealing personal
information that the scammer can use for identity theft. The cost of Phishing
and identity theft to their victims now also runs in the billions.

The cost of spam is a financial drain on the economy. We pay a high price for
the spammer to scam his victims. The spammer pays nothing.

A Brief History of Spam

In the early days of the Internet, spammers primarily targeted newsgroups on
USENET, the online conferencing system. These are newsgroups that are organized
as forums to discuss particular topics. As electronic messaging systems
advanced, it made possible the practice of crossposting -- posting the exact
same message to multiple newsgroups and other online forums.

Spammers were quick to adopt crossposting as a tool of their trade. Now, they
could send the same electronic message to thousands of newsgroup members at the
one time. Not only could they target a larger audience with one posting, but
they also did not have to differentiate between the interests and focus of the
individual forums that they targeted. What's more it cost them next to nothing
to spam these newsgroups.

As email became an increasingly widespread mode of communication, the spammers
shifted their focus the massive audience that it made available to them. Mass
emailing software soon became another essential tool of their trade, as they
begun to use this application to send junk email to thousands upon thousands of
unwilling recipients.

The spam industry also adapted the available Internet technology to create the
"spambot". A spambot is an automated program that will rove the Internet,
"harvesting" email addresses from newsgroup postings and from other websites.
It literally gathers thousands of email addresses in a single hour. These are
compiled into bulk mailing lists with which the spammers can thousands of
victims at a time.

The practice of sending out unsolicited, unwanted junk email and junk postings
came to be called "spam." The term is commonly believed to have been derived
from a British comedy skit by Monty Python, in which a restaurant serves each
meal with a side of spam. As a waitress emphasizes to a couple the availability
of spam with every dish, a group of Viking patrons break out in song, singing
"SPAM, SPAM, SPAM... lovely SPAM! wonderful SPAM!" in a loud chorus. In the
80's, the term was adopted to refer to the junk emails and postings, and the
name stuck.

The earliest, most widely known incident of commercial spamming dates back to
1994. It involved two lawyers who spammed USENET to advertise their services as
immigration lawyers. They later expanded their marketing efforts to include
email spam. The incident is commonly referred to as the "Green Card Spam."

This nefarious industry has since grown in leaps and bounds. Today, more than
half of the trillion-plus emails that are sent and received are spam.
Initially, spam was generally advertising-related email. In more recent years,
however, a particularly nasty crop of spammers has emerged, who send out their
spam with nothing less than malicious and/or criminal intent. Some send out
spam that contains viruses or malicious code. Others devise scams intended to
defraud you of your money. And then there are those whose focus is identity
theft.

Benign or malicious, commercial or criminal -- spam has transformed the way we
communicate electronically, and will continue to do so well into the near
future and very likely beyond. Spam has become a regular, albeit unwanted, fact
of online life.

Top Ten Tricks of the Spammer

The spammer's most fervent hope is that you are ignorant of the tricks and
tactics used to spam your inbox. Learning the spammer's nefarious ways is your
best protection against spam.

Manipulating Text:

This is one of the most commonly used spamming techniques. Spammers will
manipulate the text in the email, to foil the anti-spam filters. They may, for
example, deliberately misspell some words: "M0rtg4ge" for example. They may add
characters or spaces to words in the email header, to make the email seem unique
from other email. Like this: X_A_N_A_X Here's an example, . They may also insert
random strings of text within the email.

Chain Letters:

Spammers may send out chain letter instructing you to forward the email to your
friends and family. To entice you to do so, it may claim that forwarding it will
bring good luck. This spam may carry viruses or a Trojan horse, which is sent
along to anyone you forward the email to.

Image-based Spam:

The spammer sends out spam that contains an image in GIF format. This image
bears the spammy message. Image-based spam is effective in by-passing spam
filters because they are generally text-based.

Dictionary attacks:

This is a technique used by the spammers to find email addresses that they can
spam. It involves trying random combinations of common names and words, and
using these to making up email addresses, e.g. JaneDoe@YourISP.com,
JDoe@YourISP.com, JaneDoe1@YourISP.com. The spammer will then send out junk
email to the different variations of these addresses in the hope that some of
it will go through,

Spammers tend to direct the dictionary attacks at the large email companies,
which have a large number of customers.

Email spoofing:

Email spoofing involves the use of a fake email header that is written to make
it look like someone other than the spammer sent the email. Very often, the
spammer will make it look like the email came from a credible source such as
your bank or yahoo, and try to get you to reply with personal information such
as a password, social security number or credit card number. This technique is
widely used because it is easy to do, and tends to catch the recipients off
guard.

JavaScript:

The spammer can use Javascript that will ensure that the spam is only visible
when the email is loaded. This type of spam can only be prevented using
anti-spam software that decodes or blocks the java script.

Social engineering:

This spammer ploy attempts to fool the recipient into reading the junk email by
pretending to be an acquaintance. It involves a junk email that has a "personal"
subject line, such as "I'm leaving tomorrow," "I got your message" or "Let's
meet again".

Mining message boards and chat rooms:

When you post a message to a message board or chat room and leave your email
address, automated programs called spambots will find your address and add it
to the spammer's mailing list. Much like a listed phone number in the telephone
directory, leaving your email at these types of websites makes it public
information.

Web beacons:

A web beacon, also called an "invisible GIF," is an image sent out with spam
that is invisible to the recipient. When the email is opened, the spammer will
be alerted that your email address is "live."

Open proxy, 3rd-party servers:

An open proxy is a third-party server that enables the spammers to camouflage
their real identities as well as their Internet locations, when they send out
their junk mail. Many spammers use these open proxy servers to help maintain
their anonymity.

The What, Who, Where and Why of Spam

Spam was once just clutter in your inbox; now it is a commonly used vehicle for
fraud, electronic crime and even corporate espionage. The 4 Ws of spam answer
the most commonly asked questions about spam.

What is Spam?

Spam, also called junk email, is generally defined in the Internet industry as
unsolicited commercial email (UCE). It is email that is sent out in bulk to a
huge number of recipients who did not request it. The contents of spam range
from benign advertising to malicious programs that can literally hijack your
computer system do grave damage.

The most common commercial spam advertises pyramid schemes, pornographic web
sites, mortgage loans, chain letters, credit repair, fraudulent pharmaceuticals
and illegally pirated software. The more dangerous spam will often contain
viruses that can infect your computer, Trojan horses that can hijack your email
program and use it to send out spam to your friends and family, and phishing
scams that attempt to get your personal and financial information.

Who Spams?

"Spammer" is the term used to refer to those responsible for spam. In the Spam
world, there are two types of spammers. There are the honest spammers who
comply with the anti-spam laws, and have the consent of the spam recipients.
These willing recipients usually join the honest spammer's "opt-in" mailing
list by signing up at a website, for example to enter a lottery, or to be
notified of future promotions. Then there are the dishonest spammers, who will
get your email addresses by any means possible. They use their spam for
criminal or malicious purposes and have zero regard for the law. Spammers range
from the lone, home-based individual to multi-million dollar companies with
several employees. Most of the spam companies are increasingly relocating to
offshore locations to evade US laws and law enforcement.

Where do the Spammers Get your Email Address From?

Spammers get their victim's email addresses from just about anywhere you can
imagine. Primarily, they use Newsgroup harvesters and Spambots, which are
automated programs designed to "harvest" (extract) email addresses from online
sites. Newsgroup harvesters target newsgroup postings and other unprotected
web-based forums, which tend to have low security. Spambots troll the Internet,
scanning websites and "harvesting" (extracting) email addresses. It typically
searches for the "@" sign that denotes an email address.

The average spambot can harvest over 30,000 email addresses in just one hour.
And this goes on 24/7, year and year out. There are also companies that sell
CDs that are packed with valid email addresses. These can sell for as little as
$25, and they are a goldmine for any spammer.

Why do Spammers Spam?

In a word? Money. Spammers literally make millions from their illicit trade.
Studies show that for every million junk emails sent out, a spammer will
average about 100 sales. Add to this the fact that they make $50-$100 in
commission for each sale, and you can see how the numbers add up to incomes in
excess of $100,000 a year! What's more, spamming can cost next to nothing.

But why does spamming continue despite its cost in time, effort and money?
Because there are people out there who respond to spam. Even with a minimal
response rate of one sale from every 10,000 emails, it can be highly
profitable. If no one responded to spam, the spammer's cash cow would starve
and the practice would end. It is these few who keep the spammers in business.
They make the cost of spamming worthwhile.

Top 5 Techniques to Protect Yourself From Spam

It is virtually impossible to avoid having your email address end up on a
spammer's mailing list. You can, however, take steps to minimize the amount of
spam that you receive. Here are to top five:

Address Munging

Never, ever post your permanent email address publicly online. Posting it on a
website, on USENET, or in a guest book, for example, virtually guarantees that
it will end up on a spammer's emailing list.

If you absolutely have to supply an address, or regularly participate in online
forums but do not want further communication, camouflage your address in some
way. You can, for example, disguise your address by writing it in such a way
that humans can read it, but the spammers automated programs cannot.

Example: instead of JaneDoe@ISP.com, add a blank space before and after the "@"
sign, or use characters e.g. JaneDoe at ISP dot com.

This is reffered to as "address munging". While address munging does not allow
for a regular, clickable email link, anyone who really wants to contact you
will figure it out the proper address.

If you have a website, provide a feedback form instead of giving your email
address.

Sign up for an Alternative Email Addresses

Do not use your primary email address when placing an online order, getting a
free download, or want to sign up for a newsletter or free service Get a
secondary email address that you can use in these instances. You can open a
free email account for this purpose. Email providers such as GMail and yahoo
offer this free email service.

Reserve this email address specifically for this online activity -- do not
offer it to people from whom you want to receive email, as this will likely be
lost in the deluge of junk mail.

Also, be sure to log into this account on a regular basis to delete the junk
mail and avoid having the account closed. If you get over-spammed, just close
this account and open a new one.

Choose an email address that cannot be easily guessed at. One method used by
spammers to get email address is to generate a list of likely email addresses
based on a combination of first names, last names and commonly used words. They
may, for example build an emailing list that has variations of an address like
JoelDoe1@hotmail.com, JoelDoe2@hotmail.com etc. You can foil this spammer's
tactic by using a relatively long email address, for example 8 or more
characters long. You should also avoid choosing email addresses that include
either of your names. Use your initials instead, in combination with numbers,
e.g. jtd1509@yahoo.com.

Beware the Phisher Spam

Phishing is a tactic used by spammers to scam you into giving up vital personal
and financial information. Its sole purpose is identity theft.

Never divulge any personal or financial information that is requested in an
email. Your bank or credit card company would never ask you to confirm or
update your personal information via an email or a link in an email. Any such
emails should be reported to the bank or credit card company. Never, ever click
on any links in this type of spam.

Get a spam filter or spam blocker

Stop the spam dead in its tracks before it ever makes it into your inbox. Well,
most of it at least. Though they are not 100% effective, anti-spam software will
keep most of it out. Even if you only use the internet a spam filter will help
protect you from spam.

How Spammers Get Your Email Address

Each minute of each day, there are literally thousands upon thousands of spam
email messages flooding inboxes the world over. Some of that email even goes
out from what appears to be your very own email address! Where on earth do
spammers get your email address? There are various ways -- some are legitimate,
and most are not. Typically, spammers will "harvest" email addresses from
legitimate web sites, such as USENET groups, chat rooms, message boards, AOL
profile pages and special interest group postings. These are sites you have
visited and requested more information from, or corporate sites where you may
have placed an order.

The spammers collect these addresses using automated programs called spambots.
Spambots are designed to harvest the email addresses from these web sites. They
scan every page on the site, collecting any text containing the symbol "@" they
find. The email addresses they collect are compiled into a database, loaded
into a bulk-emailing program and out goes the spam. Often, these harvested
email addresses are also sold to other spammers ; once you email address makes
it to a spammer's mailing list, it will make it onto their fellow spammer's
lists.

Some websites require you to register before you can place an order or access
certain parts of the site. Not all these websites will be as protective of your
email address as you may wish. Newsgroups are particularly notorious for
exposing their users' email addresses to the spam gatherers. Most newsgroups do
not take a great deal of care to hide the email of their users, and each and
every email member email address is exposed and up for grabs by spammers. Some
of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply
guess or make up every possible variation of email address based on the domain
name, for example @yourDomain.com . They create a mailing list of these
addresses and then spam them. Corporate emails are especially vulnerable, as
their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers
because they can and do send out millions of this type of junk mail a day. A
small proportion of the emails will actually be legitimate and will receive the
spam -- that is good enough for the spammer. This method of gathering email
addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to
harvest your email. When you place your email address on a web site, remove the
@ symbol and replace it with the word "at." This makes it far more difficult for
the spam harvester to gather your address, because it cannot be gathered
mechanically; it can only by read by a human who is actually reading the site.
Alternatively, you should display your email address as an image rather than as
text.

What is the Harm with Spam?

In the early days of the Internet, spam was little more than an irritating
nuisance. However, like every other aspect of the Internet, spam has evolved to
become something far more nefarious in nature.

To understand just how big a problem spam has become, it will help to realize
the sheer volume of unsolicited junk mail is sent out every day. More than 50%
of all the trillions of email that is mailed out is spam. This spam clogs up
and wastes bandwidth, especially with the recent advent of image-based spam. It
places a huge strain on servers and wastes a huge amount of time and money to
deliver millions upon millions of unsolicited emails to the inboxes of
recipients.

Mass Mailing Viruses

Aside from constantly inundating your inbox with unwanted email, spammers now
also pose grave threats to the health of your computer

One of these new dangerous aspects of spam are that illicit senders can now
manipulate your email addresses, and make it seem to the rest of the world that
the spam that is sent is coming from your personal computer or domain. This may
result in your service provider blocking your Internet connection, or
terminating your account. And all of it can be done without any knowledge on
your part. It can easily be made to seem that you are an actor in a malicious
mail campaign when in fact you are an unwitting actor at best.

AVF

Email is the most common vehicle of choice for spreading viruses, and for
hackers to get into your computer system. There is an increasing amount of this
type of spam being mailed out of late. These small programs can be used in
myriad harmful ways, including crashing your own system, crashing that of the
parties you email or keystroke logging to gather your personal information.

Another insidious tactic that the spammers employ is called "Phishing." It
involves the spammer sending out junk email that is specifically designed to
look like it is from a reputable, legitimate source such as a reputable company
like ebay or paypal. This spam utilizes the company's logo and official graphics.

The purpose of this type of spam is to get your personal and financial
information. Often it will fraudulently send you to web sites where this
information regarding email, finances, bank accounts or other personal info is
gathered and used in illegal ways. Very often, the spammers will combine
methods, spamming their victims with virus-laden software, phishing and other
schemes that take spam to a whole new level of illicit, criminal activity.

A 2006 study by Consumer Reports estimated that in two years, Americans spent
more than $7 billion on repairs and parts replacement resulting from viruses,
malware and spyware. This does not take into account the cost to the Internet
Providers who have to pay for all the bandwidth taken up by the spammers junk,
or the cost in time, money and productivity to businesses that have to sort
through all the spam.

Spam is no longer harmless, silly, or simply annoying. It is increasingly
harmful and we need to protect against it.

Spam Protection -- Know Thy Enemy: Viruses and Malware, Trojans and Adware

It has become increasingly common for spam to contain malicious programs or
software that can be harmful to both your computer. The purpose of these small,
malicious is to perform unauthorized, usually harmful, actions, when they
self-install into your computer system, and infect your programs and files.
They are commonly spread by e-mail, in the form of cleverly disguised
attachments that trick you into clicking on them.

The most common of these programs are: Viruses, Trojan Horses, Malware and
Adware. Knowing what they are and how they work will help you better protect
yourself from malicious spam.

Viruses

A is a computer program that is specifically created to replicate itself and to
infect a computer system without permission or even knowledge of the user.
Viruses come in several varieties including:

The Boot Sector Virus

This virus will infect the root-most part of your computer hard drive, called
the boot sector. This is what is used to start up your computer.

This type virus can prevent your computer from starting and may even force a
hard drive format, causing you to lose all of the information on your computer
in one fell swoop.

The Program Virus

This is an executable file. It becomes active when the program it has infected
is run. When it is activated, it will infect other programs on your hard drive,
disabling them.

The Macro Virus

The third type of virus specifically targets documents such as Microsoft word.
It is activated when the infected document it has infected is run. One action
it may perform, for example, is to erase dates in your documents as well as
other areas of the computer.

Malware

The term "malware" is short for malicious software. It is a type of program
that propagates on your hard drive and can create untold problems when it does
so. Malware may install a program that you did not want, or ask for. When it
does so, it will use up many of your computer's system resources, effectively
slowing it to a near standstill.

Trojan Horse

Much like its Greek namesake, the Trojan horse program is a seemingly harmless
and innocuous application or file, but it contains harmful, malicious code and,
when installed, can wreak havoc on your computer system. This program often runs
undetected, giving the hacker access to your computer system and, for example,
your personal information such as saved passwords and bank account numbers. The
hacker is also able to display messages on your computer screen.

Adware

While not necessarily malware, but adware can be used for malicious purposes.
Adware goes above and beyond what is reasonable advertising. It is adware, in
fact what has given a bad name to some otherwise incredible free software that
may actually be very beneficial to you.

It generates popups or other annoying advertising that can in fact freeze or
lock your computer. In many cases, the adware is difficult if not impossible
for the regular user to remove, disable or even detect.

In addition to displaying ads for the original advertiser, adware may log your
whereabouts on the internet and send user information back to the spammy ad
company about your computer use without asking for your permission to do so.

Spam is not always the most harmful thing you will find in your inbox; it is
the attachments that come with spam that can really devastate your computer
system. It is crucial that you do not open attachments in unsolicited email.

How Does a Spam Blocker Work?

A spam blocker is one way you can effectively cope with the deluge of spam that
is targeted at your inbox each day. This type of anti-spam software works by
blocking any unsolicited email from getting to your inbox. It is generally
about 90% effective in blocking this spam, along with any viruses and other
malicious code that may come with it.

The spam blocker differs from a spam filter in that its function is
specifically to block most of the incoming spam. The spam filter works by
organizing email that it identifies as spam into folders, and leaves it to you
to take further action on. The spam blocker, on the other hand, is specifically
programmed to prevent spam from getting through. With a spam blocker, you do not
have to deal with the spam it detects and blocks.

So How Does a Spam Blocker Work?

The spam blocker will log into your mail server email account every 10 minutes,
inspecting it for spam email. It immediately destroys any viruses, and gets rid
of any obvious spam such as email that contains adult or pornographic material.
Undesirable email is flagged and then redirected to a folder specifically for
spam. You will have an opportunity to sort through this spam folder to verify
that no legitimate email is mistakenly diverted there. Any email that it is on
your white-list or which it determines as legit will be left on the server to
be downloaded as normal.

If an email is from an unknown source and the spam blocker cannot clearly
categorize it as either legitimate or spam, it is quarantined in a specific
folder until you either move it or delete it. The quarantined spam is usually
held in this folder for up to 30 days, or until you take action on it. The spam
blocker keeps track of the particular action you take on each quarantined email
e.g. if you delete the email. It will "remember" this action and use it to
create a new filtering rule that it will apply to future incoming email.

What are the Benefits of a Spam Blocker?

- A spam blocker frees up storage space. Most mailboxes have a very limited
  capacity to store email. Spam takes up space, and a spam blocker generally
  prevents large files from making it into your main folder.

- By blocking spam rather than just filtering it, the spam blocker helps
  minimize the amount of time you have to personally sort through your spam 
  email.

- Because this anti-spam software deletes spam, it drastically lowers the risk
  of a computer virus infecting your system.

- Many spam blockers are available online for immediate download, are usually
  very easy to install and generally do not require further configuration..

Many email services offer spam blocker software. If, however, you choose to buy
your own, make sure you get one that is compatible with your service. Also take
into account the level of blockage it offers as well as flexibility it offers
in letting you customize the settings to your own preferences.

How to Choose Anti-spam Filter Software

Nowadays, spam is more than just an irritating flood unwanted email. It is also
a means by which spammers can transmit viruses, spyware and adware to your
computer. An anti-spam filter is essential to minimizing this potential risk.
It will also stem the flow of spam into your inbox.

What is an anti-spam filter?

An anti-spam filter is a program designed to detect and block unsolicited bulk
email. It works by scanning any incoming email for words, phrases, html code
and other spammer tactics to determine whether an email is spam or not. It does
this based on probability formulas that calculate the likelihood that an email
that has certain words is spam.

It will also create black lists and white lists. The blacklist will store email
from unknown ISP and email addresses or ISP addresses; the whitelist will hold
email that is sent from pre-approved sources. The filter software will also
keep these lists up to date. Whenever the filter detects that an incoming email
is spam, its address is added to the blacklist. Whenever the sender or recipient
confirms an email as trusted and legitimate, it will be added to the white list.
Most of the "sporm" (spam pornography) will be filtered out as well as any email
that it detects has adult content.

What Should You Look for in Anti-spam Filter Software?

Here are other important features you should take into consideration:

- Make sure the anti-spam filter software is compatible with your particular
email service. Do not take it for granted that it will work with what you have.

- It is important that the software program is easy for you to use and
navigate. Anti-spam software is worthless if you can't figure out how to use it
or if it has features you do not understand.

- The features and tools the software offers should enable you to customize the
program to suit your own needs. It should be flexible in letting you set your
own rules regarding which email to permit into your inbox and what you want to
filter out or block.

- Ideally, it should enable you to set up whitelist, which will indicate
particular email and ISP addresses that should always be delivered to the
inbox. This will ensure that legitimate email from trusted sources will never
be filtered out or accidentally deleted.

- The software should install with ease, with zero or minimal errors
encountered during set up. Some anti-spam software requires registration,
additional downloads or other steps to be taken before it can be used.

- The software you choose should be stable in its release and workings. One way
to check this is to look at the release package and view what the programmers or
company states is the last stable release. It is probably not in your interests
to buy software that is still in the beta phase, particularly if you are not
familiar with the program.

Spam is irritating at best, and maliciously destructive at worst. Buying the
right anti-spam software will go a long way toward protecting you from the
spammers of the world.

Spam -What is Your Protection Under the Law?

Spam has become an ever-increasing problem in recent years, costing legitimate
businesses a great deal in both time and money.

In response to the growing threat from spam, new legislation was enacted in
2003. it was called: Controlling the Assault of Non Solicited Pornography and
Marketing Act (CAN-SPAM act). This act created some requirements for all
companies who are sending bulk commercial email, as well as those companies
whose products are offered for sale in the spam emails. It also instituted
penalties for violators, as well as giving the client or consumer the right and
the means to request that the emailers cease the spam efforts.

CAN-SPAM was enacted in January, 2004. The act covers any email which have as
its purpose advertising or promotional efforts for any service or product,
including those whose contents reside solely on a web site.

The legislation also covers "transactional or relationship messages," meaning
those emails which help a web site to deal with any transaction, even those
which are agreed on, or make updates to any customer whether new or exisiting.
None of these may contain false or spoofed routing information.

The Federal Trade Commission (FTC), the United States agency for consumer
protection, was granted the authority to enforce the act and the DOJ, or
Department of Justice is additionally charged with the enforcement of the CAN
SPAM act. It also provides that Internet Service Providers who are hurt by the
spam may in fact sue the violators of the legislation to recoup losses to their
own business.

Other Major Provisions of the Law

-It bans any attempt to falsify the information in the header or subject line.

These must correctly identify what the message is about, and accurately display
routing information as well as "To" and "from" information. The email must
accurately indicate the identity of the sender and recipient. It must
accurately portray the domain from which the email originates as well as the
senders real email address.

- It bans misleading subject lines

The subject line must not mislead the recipient to open the email under false
pretenses. It should clearly indicate the actual subject matter of the email.

- Emails sent in this fashion must offer the recipient a legitimate means to
get out of receiving the commercial email in the future. Any such requests to
opt-out must be honored by the spamming company, and the email address deleted
from its sending list. The commercial emailer will have 10 days to after the
request to cease sending messages to that address

- Commercial bulk email should easily be identified as an advertisement or
solicitation. It must also include the sender's actual physical postal address

- The recipient must be fore-warned of any sexually explicit information the
email may contain. This warning must be displayed in the email's subject line.

Each and every violation of this law or the aspects of the law subjects the
sender to strict fines that can go as high as $10,000 per incident and, for
certain violations, the commercial emailer will face possible jail time.

Another legal initiative aimed at fighting spam is the "Digital PhishNet"
(DPN), which was established in 2004. It is a collaborative effort between the
Internet industry and criminal law enforcement. Its purpose is to identify and
to prosecute spammers who break the law through phishing. Online auction sites,
financial institutions, ISPs and other groups within the industry are all
involved in this imitative. Important data and information is forwarded in real
time to law enforcement.

How to Report Spam Abuse

Spam is as prolific as the leaves on the trees and because there are so many
kinds of it, it is a challenge to find the right site or organization to report
spam to. Each type of spam will violate the law in one way or another and each
can be prosecuted if it can be proven.

Saving and sending the entire email header is an important step in reporting
spam. The header of every email you receive will contain information on the
full chain of computers through which the email passed in order to get to you.
Generally, most email will pass through at least four computers: The spammer's
computer, the spammer's ISP, your ISP and finally your computer. This is the
most reliable way for an anti-spam service to track down the spammer's ISP
because the spammer will camouflage the "from" address.

As the email passes through each computer, information is added to the header
indicating who the mail came from, as well as where they are sending it. While
this header information will seem complicated, you just need to make note of
the originating ISP, which will be easy to recognize. For example, if you
receive your mail through AOL and you note "yahoo" in the string of
information, then you will know to report the spam to yahoo.

To read the information in the email header, just right click on the email,
choose properties and then either "options" or "header" depending on your email
program. Then cut and paste the header path in its entirety, into the body of
the email. Finally, forward the spam email first, to the spammer's ISP, and
then next to spam reporting agencies

You should also forward the spam to the Federal Trade Commission (FTC). You can
do this at the website: uce@ftc.gov. While the FTC will not take action on
individual incidents, they will add the spam to a database reffered to as UCE
(unsolicited commercial email)

A common spam scam you may come across is called a "419 Scam", or the Nigerian
Advance Fee Fraud. These spam emails generally relates a tale of woe -- a death
in the family and a huge inheritance that the sender needs your (financial) help
to claim. As improbable as it sounds, many people have fallen for this scam and
millions of dollars have been defrauded from them. Fax a copy of this spam
along with the header information to the United States Secret Service.

Here is a list of the agencies you may report spam to, along with the type of
email they can handle or will deal with.

The Federal Trade Commission (FTC). www.ftc.gov/bcp/conline/edcams/spam/ --
This site offers you information about the law enforcement actions that have
been taken against deceptive mailers and companies and those who do not honor
opt-out requests from email recipients..

www.spamabuse.org This is a third party reporting agency.

www.spamcop.net Another third party agency which will report spam on your
behalf to the relevant anti-spam agency.

For stock fraud, email the Securities and Exchange Commission (SEC) at
enforcement@sec.gov . They are prosecuting however they are only able to deal
with fraud in email that has to do with stocks and bonds.

What Can an Anti-spam Firewall Do For You?

Today, the Internet is reminiscent of the wildest days of the Wild, Wild, West.
Your stagecoach through the World Wide Web can be hijacked at any instant if you
have no knight in firewall armor to ward off any viral intruders. When your
computer is connected to the internet with no firewall running, it is
vulnerable to attack from spammers, hackers and phishers.

Much like human viruses, computer viruses run the gamut from the benign to the
fatally destructive to the computers they infect. And just as with human
viruses, prevention is better than cure. Prevention begins by stopping them in
their tracks at the portals of contact. This is where a firewall can come in
handy.

An anti-spam firewall application will, to an extent, help in keeping viruses
at bay. There is, however, no firewall that is 100% hacker proof -- there are
too many ways in which viruses can be embedded in a software download or
regular data, for a firewall to detect and catch them all. However there are
some relatively effective firewall programs available on the market, and some
of them are actually free for your personal use.

At the bare minimum a home personal computer that is connected to a cable modem
or a full time connection needs to have and run a personal firewall software
program, as well as anti-spyware and some type of anti-viral program.

The ideal firewall will hide the ports that a hacker might use to gain access
to your PC and protect your home PC from attacks, as well as track those
attempted entries and prohibit unauthorized access or output from your
computer. Two-way firewalls are the best as they block the threats that are
incoming OR outgoing, to prevent things such s virus, Trojans or malware from
being installed without you knowing it.

Windows XP, as well as the new Vista have a personal firewall built into the
operating system that is by default turned on. Because it monitors and offers
popup warnings many people turn it off, and leave themselves remarkably
vulnerable to attack. The Windows firewall default of "on" should be maintained
until and unless you find another software or hardware firewall to protect your
system.

Some good freeware anti-viral and firewall software programs are available,
such as Zone Alarm and Zone Alarm Pro. AVG also comes in a free as well as a
pro version.Neither of these programs comes with adware attached and they are
very good solutions to begin to address your internet security.

You will need good anti-virus programs to go after any viruses that may
inevitably bypass your firewall. It should be programmed to either quarantine
or, preferably, destroy them. Last but certainly not least, it is essential to
always keep your anti-viral and firewall programs up to date with the newest
patches and security updates. Most viruses target your C: drive, so scan it
daily. And never, ever open any unsolicited emails or the attachments that come
with them.

Top Anti-Spam Filter Reviews

In the race to provide the best anti-spam system to fight the ever-growing
threat of spam email, there are a few which stand out among the for-pay
software systems. Some are software programs, while others are web-based
systems that function by sending your email through their service before it
gets to you. The web-based filter has the added benefit of not permitting spam
to get through to your system, in the first place; on the other hand, if valid
email is filtered out and isn't spam, its difficult to recover it.

Here are reviews of top-rated spam filters

Mailwasher:

The Mailwasher spam filter is a very efficient and secure spam filtering tool.
It combines a number of different techniques to detect and delete spam before
it gets to your inbox, as well as protecting your computer from viruses. These
techniques include: using statistics, blacklisting and white-listing, databases
and advanced learning filtration. Mail Washer supports IMAP and POP accounts, as
well as MSN, AOL and Hotmail. However, it does not offer IMAP or POP proxy
filtering. This spam filter takes a bit of time to "learn" what you think is
spam, and in time will be highly efficient in its spam filtration.

Only My Email:

Is on an online web based filtration system, so there is no software to
download or install. Because it is not downloaded to your computer itself, the
spam filtering operations will never affect your computer's performance. Your
email is filtered prior to coming to your computer and the spam will never be
downloaded to your personal machine. You also get a daily spam report.

Only My Email is an extremely accurate anti-spam filter. It is capable of
filtering up to three IMAP or POP email accounts.

Cloudmark Desktop:

This is a great, easy to use anti-spam filter. It is a plug-in for Outlook and
Outlook Express. This software is highly accurate, with a great spam detection
rate and relatively low false positives.

Cloudmark Desktop uses a database of spammers to identify and filter out spam.
This database is updated by the community of over a million Cloudmark users.
For example, when you identify a message as spam, it is automatically deleted
from other Cloudmark users' inboxes as well. Phishing spam faces the same fate.
This spam filter deletes spam immediately or moves it into a dedicated folder
for further action from you or later deletion. Cloudmark Desktop is a
subscription service that needs to be renewed annually. There are still some
areas in which improvement is needed such as in the case of false positive spam
removal, but all in all, it is a great spam and phishing email solution.

CA Anti-spam

Previously known as eTrust Anti-Spam, this software is a whitelist spam filter.
This means that it will only permit mail from those you have added to your
whitelist and will quarantine all other emails. Once approved, messages from a
previously quarantined sender will be moved to your inbox. It also updates your
whitelist by scanning you outgoing email.

While CA Anti-spam works well for those who receive only mail from those they
know, but may not be practical for those who receive large volumes of email
from several legitimate but unknown sources.

Top 5 Myths About Phishing

There are several myths and misconceptions that abound when it comes to
Phishing. These are the top 5 most common ones:

Myth #1

Anti-spam software can detect phishing email

While anti-phishing and spam filters can decrease the number of phising emails
that get into your inbox, they are not 100% effective. Whenever anti-phishing
technology keeps improving, the phishers are always devising ways to get around
them. It truly is a cat-and-mouse game.

Secondly, because spam email and phishing email are different (phishing email
spoofs a legitimate business), a different set of rules and criteria are 
required to detect the phisher.

Myth #2

As long as I don't give my password and user-name, I won't be Phished

Phishers are getting increasingly sophisticated. They now employ several
variations on the original spoofed email that once requested your password and
user-name.

They will, for example, instruct you to click on a link so as to update your
information at a website. If you do click on the link, malware such as a
keylogger or syware wil be downloaded to your computer. The link may take you
to a spoofed website, but it may also link you to the actual website of the
legitimate business. Once there, a pop-up or overlay is activated, directing
you to log in. You will probably be unaware that your access information has
been compromised.

Myth #3

Most Phishing attacks originate from outside

With all the time and effort that has been poured into the Nigerian 419 spam
scams, it is commonly assumed that phishing originates from emerging countries
outside America. However, a study by Symantec shows that the majority of
phishing attacks actually originate within the U.S.

Myth #4

Phishing is a problem that we can solve by educating users

This is not true. There are various ways the phisher can camouflage an IP
address. In fact, a large proportion of phishing attacks are enabled through
common misconfigurations in a web application. Phishers can manipulate internet
technology to redirect you from a real and legitimate website, in such a way
that although the original web address points to this real web site you are
taken to the phisher's web site.

As the incidents of phishing and identity theft have increased, people have
become more aware, and better able to identify phishing emails. The percentage
of phishing victims has gone down. However, even though users are getting
better educated and informed about phishing, there is always still a chance
that someone will mistake a well-crafted phishing email for the real thing.

Myth #5

I will know one when I see one

This is another misconception regarding phishing, and a potentially dangerous
one at that, especially in our digital world. With all the time, talent and
technology available to them, these cyber crooks have more than ample resources
to create and execute increasingly realistic email spam, web site spoofs or
other electronic means by which to scam you out of your confidential financial
data and wreak havoc on your financial affairs.

Vigilance is, in fact, your number one protection against the phisher's hook.
Underestimating the phishers may cost you.

5 Tips to Protect Yourself From the Spam in Your Inbox

You will inevitably receive some spam in your inbox -- there is no getting
around that fact of life. How you handle this unwanted junk mail will go a long
way toward reducing or increasing the amount of spam you will receive in the
future. It may also protect you from viruses, credit card fraud, identity theft
and other forms of cyber-crime. Next time you log into your inbox, keep these 5
tips in mind to stop the spammers dead in their tracks.

Do not Preview

If you are able to preview your entire email messages in your inbox, you should
disable the message preview pane. This is important because some spam email
contains code that is specifically designed to compromise your computer and
leave you vulnerable to viruses, Trojan horses or worse. Review the options
offered in your email program and change the settings.

Do not Fall for the Phisher's Hook

Many spam emails are cleverly designed hoaxes, which are intended to get you to
unwittingly divulge private information. They claim to be from your credit card
company, bank or other financial institution, and attempt to fool you into
divulging personal information such as your social security number, bank
account number, password or other private, identifiable information.

This fraudulent practice is called phishing. Responding to this form of spam
would leave you vulnerable to identity theft, credit card fraud and other
financial cyber-crime.

Friend or Foe?

Just because an email has been sent to you by a friend, do not assume that it
safe for you to open any attachment that comes with it. Contact your friend and
verify that they did indeed send it. Very often, spammers will attach a virus to
their spam, which, if opened, will hijack your email program and mail itself out
to every email address in your address book. This fraudulent email will appear
to the recipients to have been sent by you. If they in turn, open this email
attachment, the same malicious cycle is repeated.

Read your Email in Plain Text

Spammers often use Javascript to embed malicious code in their spam. It may,
for example, be designed to infect your system with a virus that can install
itself in your computer, and give a hacker or other scammer access to your
private and financial information -- without your ever knowing it. You can
protect yourself against this by changing the settings to display the email
messages in plain text. This effectively disables many harmful scripting
features

Never Respond

Do not click on any banner advertising or send a reply to a spam message. Doing
this lets the spammer that yours is a "real, live" address, which will only
result in a deluge of even more spam. Unless you have specifically subscribed,
do not click on any unsubscribe messages contained in junk mail. Most of these
are only intended to fool you into confirming your address as valid. Also, do
not forward any junk chain letters you may receive.

Above all else, common sense is the most important form of spam protection you
can have. Be vigilant when you check your mail -- even the most advanced
anti-spam filter available today cannot keep 100% of all spam out of you inbox.

Protect your Kids from Spam

Spam is commercial email that is sent out in bulk to millions of people without
their consent. It is may contain advertising messages for regular products and
services but increasingly, it is email of an inappropriate, offensive or
malicious nature.

Today, many children have an email address that they use to email their
friends, submit homework, etc. It is a fun, inexpensive and instant way to keep
in touch. However, as the volume of spam keeps rising, the need to protect
children from the dangers of spam is a growing concern.

Like all other Internet users, children are just as susceptible to receiving
spam as are adults. And because spam is an equal opportunity menace, kids are
just as likely to receive spam that contains adult and pornographic material.
While there is really no way to totally eliminate the possibility of your kids
receiving spam, there are steps you can take to minimize it. Here are a few:

Here are a few tips to help protect your kids from spam

Email Filters

Your email service comes with email filters built in. You can use these to
filter your child's email into specific folders, and filter spam into the trash
folder. This involves setting up rules that your email program will follow in
determining what action to take on incoming messages: to let it through to the
inbox, send it to trash or to block the sender.

Your email spam filter program will apply these rules based on certain words in
the subject line or body of the email. For example, if an email contains the
word "viagra," it will be sent directly to the trash and the sender blocked.

Spam Blocker

Your email service may also come with a spam blocker. If it does not, it may be
worth your while to invest in one for your child's computer. Where-as your email
filter filters incoming email into folders, the spam blocker blocks spam from
going through the system. It checks your mail server every 10 minutes, where it
deletes the spam and destroys any viruses it finds. Legitimate email is let on
the server and downloads to the inbox when you log in.

Whitelists

Set up an email account for your child that "whitelists" only specific email
addresses. A whitelist is just a list of trusted and approved email addresses.
For example, you can have the addresses of your child's grandparents, aunts and
uncles whitelisted. Whenever email is received from any of the whitelisted
addresses, it goes directly to your child's inbox. All other email addresses
are blocked.

Monitor, Monitor, Monitor

Be sure to log into your child's email account on a regular basis to monitor
the incoming and outgoing messages, and to ensure that the spam filter and spam
block are working appropriately. Using your email spam filter, you can set up a
rule that will ensure that a copy of every email that is sent and received on
your child's account is forwarded to your own email address

It is very important to educate your children on the dangers of spam and how to
handle it if they do receive any in their inbox.

Popular Email Scams on the Internet Today

Phishing Scams:

"Phishing" is a high-tech scam that uses spam or pop-up messages to deceive you
into disclosing your credit card numbers, bank account information, Social
Security number, passwords, or any other kind of confidential personal
information. Identity theft is the goal of this scam.

The phisher sends you a fraudulent email that is designed to look like it was
sent from a reputable company. The email directs you to a website that looks
like it belongs to the reputable company, but is actually a spoof. You are
asked to "update" your information here, and if you do, all that personal
information goes straight to the phisher. uses this information for identity
theft purposes such as making withdrawals from your bank and credit card
accounts, ordering new credit cards which they promptly max out, etc.

Some of the most recent phishing attacks have spoofed the email and websites of
well known companies, including eBa, Paypal, Yahoo, Pfizer, Bank of America,
among others.

Work-At-Home Scams:

These are some of the more tempting spam scams. They offer those who need to
make extra money the opportunity to do so, and invariably the email will state:
"no experience necessary." The scammer often claims to have "inside
information," and tries to bait you with the lure of quick money for next to no
effort. More often than not, you are asked to pay anywhere from $35 to several
hundred dollars to purchase the kits or materials that will not earn you a dime.

This scam often offers opportunities involving handicrafts, stuffing envelopes
or medical billing on your home PC. If you fall for this scam, pay the fees for
the handicraft or envelop-stuffing "kit," and complete the assembly of the
crafts as instructed, you will be informed that your work is of poor quality
and not worth paying for.

If you sign up for the medical billing "opportunity," you will be asked to
purchase a list of doctors. These doctors are either fictional or do not want
or need your services and never did.

Credit Repair Scams:

These scams tell promise to erase real and usually correct negative information
that has been added to you credit report, so that you can qualify for loans,
mortgages, unsecured credit cards, etc.

These services rarely deliver on their promise, and more often than not, will
create a great many more problems in the long run. They have even been know to
suggest that you commit fraud e.g. falsifying your social security number.

Guaranteed loans on easy terms:

Some email scams offer guaranteed, unsecured credit, such as a home-equity
loans that does not require equity in your home, or credit cards regardless of
your credit history. This offer of credit is often extended by an off-shore
bank.

This scam is often executed in conjunction with a pyramid scheme, which will
encourage you to make earn money by signing up friends and family to
participate in the scheme.

The promised offer of a home equity loans turns out to be a useless list of
lenders who will turn you down if you don't meet their qualifications. The
promised credit cards never come through, and the pyramid money-making schemes
invariably collapse.

Chain letters:

The spam email directs you to send a small amount of money to each of 4 or 5
names on a list, add your name to the top of the list and remove the last name
on it, and then forward the updated list via bulk mail. Typically, the letter
will claim the scheme is legal, and may refer to sections of US law as
supporting proof of this. Not true.

These chain letters are almost always illegal, and nearly all those who
participate in them lose their money.

Phishing-101

Phishing is an email spam scam that is specifically used to commit identity
theft. Its sole purpose is to scam you into divulging personal information,
which they can use to perpetrate identity theft. This includes passwords, card
numbers, birth dates, PINs and other vital personal data. The term came into
use to denote the way phishers bait to lure their victims into divulging
private data. Industry experts define this devious practice as a form of
"social engineering."

Typically, a phishing attack will be executed in combination with a massive
spam mailing. Phishing spam is sent out to millions of recipients, often with a
subject line that is exciting or upsetting. It is calculated to trigger an
immediate reaction from the recipient, and get them to respond without further
thought.

The phishing email will often have phrases such as:

-Dear Valued Customer. -Click the link below to access to your account. -If you
don't respond within 24 hours, your account shall be closed.

The phishing spam is typically a fraudulent but very official-looking e-mail.
It is cleverly designed to replicate the website and email messages of a
business you know and trust such as your bank or mortgage company. The email
will even sport official logos and graphics of the legitimate company.

It will instruct you to click on a link in the email to go to the company's
website, where you can "update" your personal information. The link will
usually be "masked," which means that when you click on it, it will take you to
a phony web address. Clicking on the link will take you to a website that
appears to be that of the real financial institution's website. It is, however,
just a copycat spoof, set up to give the spammer access to your personal and
financial data. You may give your information thinking you are at the real
website. Instead, any information you enter here will go directly to the
identity thieves.

What are the Consequences?

If you fall prey to the scam and unwittingly divulge private information, you
will be left vulnerable to identity theft, credit card fraud and other
financial mishaps.

These identity thieves will either sell the information to fellow criminals, or
use it for their own financial gain. This vital personal data will be used, for
example, to set up fraudulent online bill pay, with payments made out to the
phisher. They may use it to access funds from your bank accounts and credit
cards and transfer them to their own checking accounts. They may even use a
copy of your bank or credit card along with the phished PIN to withdraw cash
from your accounts at any ATM.

Phishing is a numbers game for these criminal spammers. They will send out
their phishing email to millions of recipients. They count on just a few
falling for the scam and volunteering their information: if a mere 1% of
recipients volunteer their personal information, the phishing expedition will
be a hughly lucrative. It is these few who make their scam worthwhile.

Don't Fall for the Phisher's Bait

Never respond directly to any unsolicited email that asks you to update or
verify your personal information. Banks, stores and other legitimate businesses
will never ask you to give this information via email, particularly following
the advent of phishing.

If there is any doubt as to whether or not the email is from who it purports to
be, contact the company immediately to confirm and clarify the request for
information. Be sure to call a phone number from your statement. Calling the
phone number in the email is probably a direct line to the identity thief.

Never click on a link in any such email. To do so would be to risk downloading
malicious Trojan horse spyware, which will install keyloggers in your computer
system. This would provide hackers direct access
to all the personal data stored on your computer, which they will use for their
own nefarious financial gain.

Never, ever fill out forms contained in an email that request personal
information. The mere request for this information should ring a loud alarm
bell. Phishers are able to use HTML to design very official-looking email
messages. Any information entered into these forms goes directly to the phisher

Never trust links contained in unsolicited email. Phishers have devised ways to
spoof legitimate website links. Common tricks that are used include misspelling
web addresses or using sub-domains that include the name of a legitimate
business.

An email link can also be "masked" in such a way that it displays a very
official looking text-link to a legitimate company's website, but clicking on
it will take you to the phisher's web site.

Do not cut and paste the link contained in the message into your browser. Type
the address of the legitimate company in a separate browser window, so as to
bypass having to click on the link in a suspected phishing email.

Always be suspicious of impersonal email. Almost all email communication from
legitimate businesses will contain some specific piece of personal information
that is not readily available to anyone but you. An email from your bank, for
example may include part of your account number. Always keep in mind that here
are malicious people out there who do nothing more than think up creative,
innovative ways to get at your personal information.

Be sure to use anti-syware and anti-virus software, and keep these regularly
updated. Anti-spam filter software may help eliminate or minimize the amount of
phishing spam you will receive in your inbox.

Be very cautious of opening any emailed attachments you receive, even if they
seem to be from an acquaintance.

Help catch the phishers by reporting any phishing attempts. Forward the
phishing email to the company that is being spoofed. Also forward it to these
email addresses as well: spam@uce.gov and reportphishing@antiphishing.org. This
information will be used by the Anti-Phishing Working Group to fight phishing.
This organization is a coalition between the internet industry, and financial
institutions and law enforcement.

Learn more and stay informed by visiting the Federal Trade Commission's
Identity Theft website: www.consumer.gov/idtheft.

Anti-phishing Software

The threats posed by spam are always evolving, and phishing is one of the most
recent scams the spammers have come up with. Your most important protection
against phishing is vigilance and a healthy skepticism. You can, however,
supplement this with Anti-phishing software programs

Anti-phishing software works by detecting phishing content that may be
contained in an email. It is genrallly used in conjunction with your email
service as a toolbar. This tool bar will display the real name of any website
you visit, and expose any spoofed websites that phishers may attempt to use.

This software is offers a second line of defense to for blocking phishing
attacks and sites that might have foiled and bypassed by your browser's
built-in protection. Here are a few of them:

Earthlink Toolbar Scamblocker Offers a check towards a phishing blacklist of
sites Checks the owner and location of the web site Prevention against phishing
and pop ups

Earthlink offers a free browser toolbar that includes ScamBlocker, an
application that protects you against phishing scams and phishing pop ups. It
will, for example, warn you when you attempt to connect to a website that is on
Earthlink's balcklist of fraudulent sites. It will analie each web page hat you
visit and display a security rating of the webpage on its toolbar.

Earthlink's Scamblocker can be downloaded at this link:
http://www.earthlink.net/software/free/toolbar/

Netcraft Anti-phishing Toolbar When a one recipient of a phishing email reports
it, the relevant URL is blocked for the rest of the Netcraft community members.

It will display for you the website's hosting location, which will help expose
fraudulent urls. Say, for example, you are on the bankofamerica.com website,
the hosting location is unlikely to be in Poland. The toolbar will also detect
any web addresses that contain letters or characters that are only used in the
URL to deceive.

The Netcraft Anti-phishing Toolbar can be downloaded at this link:
http://toolbar.netcraft.com/

TrustWatch Toolbar This free toolbar is also designed to protect against
phishing, identity theft and internet fraud. It does real-time checks to let
you know if a web site you are visiting has been verified by a legitimate third
party organization, and if it is therefore safe to transmit your confidential
personal information. It is the internet equivalent of a credit check.

The TrustWatch Toolbar can be downloaded at this link:
http://toolbar.trustwatch.com/

Stopzilla Anti-Spyware 5.0 STOPzilla works by detwecting and blocking Phishing
Attacks, Popup Ads, Spyware, Adware and other malicious applications. It also
provides hijack protection.

Stopzilla can be downloaded at this link: http://www.stopzilla.com/

Spybot -- Search and Destroy This is a free Anti-Spyware application. An
important feature of this application is that it will Write-protect your
computer's HOSTS file, which is a primary target of phishers'spyware.

Spybot can be downloaded at this link: http://www.safer-networking.org

Webroot's Phish net Phish Net employs a dynamic blacklist to protect against
phishing. The application stores your personal data such as credit card
numbers, social security numbers, etc. When you visit a site and attempt to
enter this information, a pop-up will alert you that it is not on your list of
trusted sites, and will expose any redirects that the may be involved in the
transmission of your data. It will also verify that the site has an encrypted
connection before it transmits the data.

Webroot's Phish net can be downloaded at this link:
http://www.webroot.com/consumer/products/

Whitelists -- The Ultimate in Spam Protection

Whitelists are quite possibly the single most effective form of spam protection
available on the market today. They are as close as you can get to totally
eliminating spam from your inbox.

A whitelist is a database of trusted email addresses, IP addresses and domains.
To build the list, each one of these trusted sources is manually added to the
whitelist. Only email from a whitelisted source is delivered to the user's
inbox. In fact, whitelists are so effective, that the catch-rate for spam is
almost 100%.

However, the efficiency of whitelists comes at a price, because it produces a
large number of false positives. This means that a lot of legitimate email goes
undelivered. To deal with this problem, a challenge-response technique is often
instituted.

When an email from an unknown source is received, the system will respond
automatically, sending a "challenge" back to the sender. This challenge may
require the sender to answer certain questions, or decipher an image that
displays a series of letters and numbers. This image can only be deciphered by
a human, and not by spamming software. Once this is successfully done, the
email is allowed to go through the system to the inbox. The sender is also
added to the whitelist. The challenge-response methodology uses a combination
of human judgment and software technology to determine which email to let
through and which to block.

The advantage of this method is that it is not worth it to spammers to wade
through all the challenge-response emails and respond to them. They are more
likely to remove the email address from their lists and go after other
addresses that do not have such requirements. However, the inconvenience of
having to register to send email to the whitelist user may discourage
legitimate email senders from following through.

Another impractical aspect of whitelists arises when the email account user
places an online order, registers for a newsletter or other service. Each of
these new email sources must be manually added to the white list. If the user
forgets to do this, or enters it incorrectly, important email may be blocked.

Whitelists are far more effective than anti-spam filters, because the latter
work by calculating the probability that if an email contains particular words,
it is likely to be spam. However, spammers easily get around this feature simply
by misspelling words, or by avoiding words associated with spam. For this
reason, spam filters are usually only 80-90% successful. This may be acceptable
on a personal account, but not on a business account that likely receives over a
hundred emails a day.

Whitelists are especially beneficial to businesses as they almost totally
eliminate the waste of valuable time that would otherwise be spent wading
through the hundreds of spam that are received each day. However, despite their
effectiveness in blocking spam, whitelists have not gained widespread use
because of the high rate of false positives. It is also virtually impossible
for businesses to compile an exhaustive whitelist database of trusted email
sources.

The Next Generation of Spam: Image and PDF Spam

As spam filters get increasingly effective, spammers are changing their tactics
to foil anti-spam software and get through to your inbox. Recently, this has
involved a shift from the use of text-based spam to the use of embedded images
and PDF file attachments as the preffered delivery method for their spammy
intrusions.

Image Spam

The prevalence of this form of spam increased in 2006, primarily as a means for
advertising penny stocks. It involved the use of a picture or graphic embedded
in the body of the junk email. The junk email's message is displayed as an
image.

Because most anti-spam filters are text-based, image spam was relatively
successful. This led to its use in advertising everything from sexual
enhancement to fake pharmaceuticals.

One serious effect of image spam has had is to further clog up Internet
bandwidth, and drive up costs to businesses. This is because the average size
of each junk email almost doubled. In fact, this increased size and the sheer
volume of image spam forced many businesses to block all emails that contained
embedded or attached images.

By early 2007, image spam reached an all-time high, accounting for almost
two-thirds of all junk email. However, as spam filter technology has adapted to
detect image spam, its use has since declined to less than 15% of all junk
email. Instead, spammers are turning to PDF spam

PDF Spam

Spammers are increasingly using PDF files to bear their spam messages. The
practice begun in mid-2007, primarily as a scam to fool recipients into
investing their money in the stock of a particular company.

With this type of spam, the junk email is sent out with a PDF file attachment,
which most anti-spam filters cannot or do not read. These attachments range
from rudimentary to professional-looking documents. The text in the body of the
email is usually nonsensical gobbledygook that the spam-filter does not
recognize as junk mail.

For the spammer, the use of PDF files is advantageous because PDF files are so
commonly used in the business world. In fact, several companies allow or even
require their business email systems to deliver these documents to the
recipient. This makes it very likely that this PDF spam will reach the user's
inbox.

The use of junk mail with PDF attachments takes up even more Internet
bandwidth. This is because PDF files are generally much larger than the
embedded pictures and graphics used in image spam. Image spam is typically in
GIF format; PDF files are upto 3 times the size of these files.

The upside to the use of image and PDF spam is that so far, there is no hard
evidence that either one can be used to embed malicious software on the
recipient's computer. The only harm is done to those who do what the message
says. Spammers have also begun to experiment with attachments in different file
types such as excel and zip files.

The advent and decline of the different types of spam attest to the
cat-and-mouse game that goes on between the spammers and the security experts.
As anti-spam technology catches up to their techniques, they continue to
innovate and change tactics to deliver their spam messages.

  InfoBank Intro | Main Page | Usenet Forums | Search The RockSite/The Web