I have written before about spam and phishing attacks, but I thought it would be a good idea to re-visit this topic since there seems to be a concerted effort by senders out there to blast our collective Inboxes with not only hideous amounts of spam (which is bad enough), but also with a whole new class of phishing emails.  I get tons of them “from” Amazon (that’s where the phrase Spamazon came from!), Newegg, Bank Of America, PayPal, and eBay just to name a few.  Basically, they are likely to send one of these phishing emails from pretty much any online e-commerce type of store that they think the can trick someone with.  That’s why you have to be careful and check these messages out thoroughly!  Because the ones I have been getting lately have been really, really well done.  They have been pretty hard to tell from the real thing.

The idea here is that the phisher will send you something from … let’s use Amazon, saying that your order went through successfully and your credit card was charged X amount of dollars.  Well, you look at that and right away know you didn’t order anything recently (or maybe you did, but the amount charged shows different from what you just ordered) and it makes you think that someone maybe got into your credit card account or your Amazon account maybe.  You feel that rush of excitement and fear as your mind starts doing the mental tally of how much money you are losing for every second that ticks off.  So you immediately click the link in the email so you can log into your account at Amazon and see just what the heck is going on.  Only, that link you just clicked isn’t taking you to Amazon, the phisher sends you to his own web page that looks like Amazon and is counting on that excited fear feeling to get you to rush into action without thinking.  Once you are on the version of Amazon that the phisher sends you to, you try to log in.  You might get an error or the phisher might go ahead and re-direct you to the real Amazon now, it doesn’t really matter because he has what he wants.  He now actually does have your username and password that he just snagged from you attempting to log in at the fake site.  Plus, if you use the same password for a bunch of different sites, he now has your password and probably username for those as well!!!

In a case like I described above, be sure to take a deep breath and act calmly.  Even if you are sure that the email really is from Amazon, open up your web browser and go to Amazon directly and then log in there to check your account, where you can be sure that it really is the correct site.  When you get these suspect emails, check them out closely because as good as I have seen them, there is always something that isn’t exactly right.  For example, when I get a legitimate email from Amazon it will start with a greeting that includes my name.  In the fake but really good one, one thing that stood out was the greeting was to my email address and not my name.  Another was that there was a total dollar amount for the order, but no itemized list.  The real ones from Amazon always have an itemized list.  So, keep an eye out and use your head and you’ll be just fine.  Be safe!!

You have heard me share information about the fiasco that Verizon created.  In case you haven’t heard, I’ll recap quickly.  In the name of fighting SPAM, Verizon decided that they would block ALL port 25 SMTP traffic on their network for all of their ISP customers.  That means that anyone and everyone that uses Verizon as their ISP (DSL, FIOS, Dial-up, etc) cannot use any third party mail server or service that is configured to use the industry standard port 25.  That’s just plain stupid, but I have complained about that already.

I was in a quandary with this one, or maybe a catch-22 is a better term.  If I didn’t do anything about this “problem” that Verizon created, then all the people that I host email services for that use Verizon as their ISP are now out of luck.  They can’t send mail through their (read: my) mail servers.  So, I can just change the port that sendmail listens on, right?  Yeah, I could, and then my Verizon tethered customers can send mail again … but, all my other customers that don’t use Verizon have to change their email client settings too, since they would still be sending through port 25.  OK, I didn’t want to go down that road.  I wanted to fix the problem with the least impact on everyone. Read the rest of this entry »