Like everyone else I get a ton of SPAM in my inbox, even with all of the SPAM fighting tools I can find and use. Usually, as a last line of defense I use a product called Mailwasher to catch anything that gets past server filters, but we’ll talk about Mailwasher later. This post is the first of many I am sure where I thought I would alert folks to some pieces of mail that are especially crafty that get through and look legit but carry dangerous payloads. These messages carry viruses, or are Phishing attacks (where people try to trick you into giving them information like usernames and passwords) so I thought I would start posting about the ones that I see. I get people and customers asking me about these emails and what they are and if they are real or not, etc., so I thought some of my readers might have the same questions.
So, here we go with the first two:
- Look out for emails that appear to be from PayPal. They will look like they came from a valid PayPal address and will have a subject saying something like “You sent a payment” and in the body of the message they will tell you that you sent a payment of X number of dollars (it varies between emails but is usually anywhere from a hundred to thousands of dollars). It will then have links to click on to supposedly get information about the payment. This is where they spring the trap, when you click on the links. Most likely you will be sent to a fake PayPal login page, and when you log in you will get some kind of error or redirect, but most importantly, they now have your PayPal username and password, think about that! So be on the lookout, if you haven’t sent any payments, or don’t use PayPal even, don’t fall for these emails. Just delete them, and if you feel the need to check your PayPal account, you go to PayPal directly by typing in the address yourself so you know you are going to the right place.
- Next, we have an email carrying a virus payload called DROPPER. Your anti-virus software (you ARE using AV aren’t you???) should catch it, but just in case I’ll post the common headers below. Keep in mind that they might look slightly different, such as a different case number, but it should be similar. Keep in mind too, when have you had any contact with the Better Business Bureau? If you haven’t, which is likely, then that ought to be the first red flag with these emails! Here are the subject and from address as I have seen them:
- From: Better Business Bureau (firstname.lastname@example.org)
- Subject: BBB assistance Re: Case # 27368244
Remember, the case number may vary, and as always, keep a keen eye on your email and remember that if it looks suspicious, it probably is!
In yet another new and trendy spammer and phishing ploy, I have been getting a few copies of a message claiming to be from Blizzard regarding Beta access to the Cataclysm expansion coming out soon. This one did give me pause at first because I am signed up for the Beta, waiting to see if I get in. Luckily, I noticed some blatant signs when I inspected the message. The biggest thing was not only the Cataclysm website they wanted to send you to for account information harvesting being wrong, as in the wrong URL (not even close LOL), but I received several of these and they had different URLs between them. One other thing was that I received this to several email addresses, none of which were the one actually associated with my WoW account. Obviously these guys (or gals?) are carpet bombing and hoping they snag a few of the 10 or 12 million or so WoW players. Just wanted to pass this on, be on the lookout if this fits you in any way! In the words of Mad Eye Moody “CONSTANT VIGILANCE!!”
This is just a heads up to everyone out there to be extra careful when handling email. We have seen an explosive increase in the number of attacks brought about to every day citizens through email. From SPAM with fake links, to Internet Scams that these fraudsters want you to invest your time and money in, to Viruses/Trojans/Back doors, and of course Phishing attacks where someone pretends to be from some place familiar to you like your bank, eBay or PayPal in an attempt to get your account information.
There are some basic steps to take like using good anti-virus software, and making sure it is kept up to date, that can help you stay safe. We posted an article a while back with these explained, and I believe we should take a look at updating it since it’s been a year or two. The basic principals stay the same, and there is still lots of good info there, we will most likely just be adding more stuff to deal with new threats. Take a look at it here, it’s called Web Surfing Safety, and we hope you find it useful. In addition to that, be sure to check out the Library, since we have lots of other good information and tidbits in there too! Thanks.
Guess what kiddies, in troubleshooting an email connection for a customer that was unable to send any email through one of my servers, I found the problem was not quite what I expected. The good news is that the problem wasn’t my mail server, or even on my end at all for that matter. After some testing and digging I found that the problem is that Verizon has now blocked ALL out bound port 25 traffic. Period. As you know, port 25 is the standard RFC compliant port for SMTP communication, and Verizon has blocked all port 25 traffic as a means to fight SPAM. Uh-huh. Sure.
This means that you cannot use any other email provider for sending mail unless they support a non-standard port for their SMTP service, or you are using webmail exclusively. This, to me, is wrong on so many levels. First off, it’s not helping in the SPAM wars as far as I can tell. I am told the same thing by some Verizon customers I surveyed. Second, it’s just wrong to cut out basically all other mail providers like that. This is yet another example of how stupid Verizon is, and how they cannot manage their service at all.
I have done business with many, many telco’s over the years, and Verizon tops the list by a mile of the worst service providers to deal with. Some of the most incompetent people, bone headed mistakes and plain batshiat crazy experiences have all been at the hands of Verizon. I hope this is just the first of many nails in their coffin.
One last thing, conveniently enough, the only way around this is to upgrade to FIOS (or other non-specified broadband service) and pay extra for a static IP address. How nice. Read more here.
OK folks, I came up with something helpful and I thought I would pass it on. Recently I had a spam bot (or maybe a real person, who knows) join the forums. Went right through all of the security controls and verifications. Then, said user went about posting almost 500 porn posts all over my site’s forums. Posting topics, posts, pics and embedded videos, it was really bad and I was really mad. First off I banned the user, no problem. I figured I would do that so I could keep relevant info like IP and email addresses rather than just deleting him. Now I had the arduous task of removing all those damn posts and topics.
I do know that you can delete a user and tell SMF to also delete all of those users topics posts as well, but that hasn’t worked in the past so I did it on my own. Here is what I did.
Although you can read the Monty Python skit here, I am talking about email spam. Lately I have been inundated with spam, and it’s aggravating me. I use MailWasher which I recommend to people for filtering spam at the user level, and it does a superb job. However, I really want to stop spam at the server level. I am now on a quest, or mission if you will, to figure out how to stop spam (at least as much as I can) from passing through my server and even getting to the user level. So, as I go forth on my spam fighting quest, I will bring you along with me and share what I find. Maybe we can all move a step forward in overcoming the spam epidemic.
More to come …