Tag Archive for SPAM

| May 18, 2024
Comments Off on War on SPAM: Do New FCC Rules Help?

War on SPAM: Do New FCC Rules Help?

War on SPAM: Do New FCC Rules Help?

In the battle against SPAM, the Federal Communications Commission (FCC) has made a move that may help us. Back in December 2023, the regulators published new rules to close loopholes used by spammers. FCC commissioners voted 4 to 1 in favor of these regulations, but skepticism remains. Will these changes reduce the flood of unwanted messages we get every day?

These rules focus on closing lead generation-based loopholes. Companies are exploiting the loopholes. They use them to flood consumers with robocalls and texts without consent. Reuters predicts the new rules may “double or triple” the number of lawsuits against spammers. This sounds promising. But, we still need to see how well authorities will enforce these rules. Another concern is if the new rules will succeed. They aim to stop the unethical tactics used by spamming entities.

More control over who can contact them

more control over who can contact themThe new rules require consent from consumers on a per-seller basis. This will give consumers more control over who can contact them. The new rules make clear that it is no longer “business as usual.”

Websites that compare prices and lead generators must get consumer consent to receive robocalls and robotexts. The consent applies to one seller at a time. It can’t apply to many telemarketers at once.

But, the approach’s efficacy remains uncertain. It relies on these entities’ willingness to adhere to the regulations.

SPAM red flags

SPAM red flagsFurthermore, the FCC now has the authority to “red flag” select phone numbers. Carriers must prevent the flagged numbers from sending texts. The new rules also expand the federal “Do-Not-Call” registry. It will now apply to unwanted marketing texts. It still remains unclear how this will be implemented in practice. There are so many SPAM calls and texts flooding consumers’ phones. Spotting and flagging specific numbers may be hard for the FCC.

Colin Sholes has covered SPAM’s dubious tactics. He is cautiously optimistic about the potential impact of these rule changes. Mr. Sholes, told Business Insider the FCC’s rule changes were “a long time coming.” He predicted they’ll have a big impact. They will decrease the number of SPAM calls and texts consumers get each day. He thinks the new FCC rule put companies “out of business” for using “slimy” tactics.

Politics as usual

Political exemptions in anti-spam lawsIt’s worth noting that political and campaign-related messages remain exempt from regulations. This is a significant gap in the FCC’s approach to combating SPAM. This loophole raises questions. Can the new rules fully address the SPAM problem?

Sholes predicts the exemption will last. It will last due to political benefits. Campaign stuff is just never going to go away. Members of Congress and their campaigns benefit from mass communication services. They carve out political exemptions in anti-SPAM laws to protect those conduits.

They may reduce SPAM. But, Sholes also stresses the challenges from political exemptions. He also notes the growing cunning of spammers.

SPAM continues

SPAM continues to plague consumers with no end in sightDespite FCC efforts, SPAM continues to plague consumers with no end in sight. Sholes points out that the FCC’s rules only apply to groups that use robocalling and robotexting tools. Marketers are generally allowed to call or text consumers without consent. This is true as long as they manually dial the phone numbers.

Stricter rules may lead to more lawsuits against spammers. But, it’s unclear if this will actually help consumers flooded by SPAM.

rb-

In conclusion, skepticism persists about the effectiveness of new FCC rules.  As we  await the outcome of these regulatory changes, the battle against SPAM calls and texts wages on, leaving many wondering if true relief will ever be achieved.

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| February 27, 2021
Comments Off on 5 Reasons to Never Unsubscribe from SPAM Email

5 Reasons to Never Unsubscribe from SPAM Email

5 Reasons to Never Unsubscribe from SPAM EmailWe all get unsolicited commercial emails, aka SPAM. Cisco’s Talos estimates that in January 2021 86% of emails sent were SPAM emails. That means that of the almost 145 billion emails sent 122 billion were SPAM email. The math works out to over 6 SPAM emails for each legit email. At best SPAM is annoying. At its worst, SPAM can be a threat to your PC and your personal information. SPAM email is a threat because 94% of malware is delivered by email, and one in every 3,000 email messages contains malware a payload.

SPAM email is big business

SPAMersSPAMers can make millions per year. TechRadar says an average full-time SPAMer makes around $7,000 a day – over $2.5 million a year. They can make this kind of money because email spam costs them very little to send. Most of the costs of SPAM is paid by the recipient and the carriers. The SPAMers do not have to pay for all the internet bandwidth tied up in the delivery of their spam emails. SPAMers send out millions of messages on behalf of online merchants who want to sell a product. SPAMers get paid for sending SPAM email messages, regardless of whether recipients buy any of the advertised products. They also re-sell their SPAM emails lists to other SPAMers. SPAMers can get up to $22,000 for a list of stolen email credentials. In some cases, these cybercriminals also get a percentage of the sale. For pharmaceuticals, the commission can be as high as 50%. A good example is “penis-related spam” which has a 5% click rate, meaning that 5% of the recipients actually open the spam mail and click on the link in the mail.

Why you get SPAM emails

There are a number of reasons why you get SPAM emails.
  1. victim of a data breachYou are the victim of a data breach. Any company you do business with could be vulnerable. Check haveibeenpwned to see if your account has been compromised – smaller breaches might not be listed.
  2. You posted your email address online. You put it on Facebook or other social media, on a website, or as a public comment. Once on the web, your email is considered fair game for SPAMers.
  3. At some time you opted in or neglected to opt out. When you signed up for something, buried somewhere was that little checkbox. You didn’t indicate you’d rather be left alone. The service for which you opted-in is either inundating you or they shared your email address with interested parties.

Never unsubscribe from a SPAM email

The “unsubscribe” button is a scamSo how do you stop SPAM from flooding your inbox? The first step is do not unsubscribe from SPAM. Ignore the convenient “unsubscribe” button at the bottom of the message from the Nigerian prince. The “unsubscribe” button is a scam. The cyber-criminals to get more info about you and increase the number of SPAM emails you receive.

1. When you unsubscribe, you confirm to the sender that your email address is valid and in active use. SPAMers now know the account is active and the volume of SPAM you receive will most likely go up. Now that you have validated your address, the SPAMer will sell it to his SPAMer friends. Now you will get SPAM from a completely new source.

A Federal Trade Commission study found that more than half the time, responding to a “remove me” option resulted in either no change or more spam emails.

2. In addition to giving away your email address, unsubscribing delivers lots of information about your email software. Emails contain meta-information that hackers can use to devise attacks.

3. When you respond to the SPAM email, SPAMers think you are interested in the subject matter—whether it’s getting money from a foreign prince, a penny stock tip, or a diet supplement.

4. If your response opens up a browser window, you’re giving away even more information about yourself. By opening a browser SPAMers learn information about your:

    • Geographic location,
    • Computer operating system,
    • Web browser.

Additionally, the SPAMer can give you a cookie. A cookie allows the attacker to track you across any other websites they own. They will be able to identify you personally.

install malware on your computer,5. Worst of all, if you visit a website owned by a spammer, you give them a chance to install malware on your computer, even if you don’t click anything. These attacks, known as drive-by downloads, can be tailored to use exploits the SPAMers knows you’re vulnerable to—thanks to the information you’ve shared about your operating system and browser.

How to stop SPAM email

Use SPAM filters – SPAM filters work by looking at the nitty-gritty technical details of the email. What it’s about. What it says. How it says it. How many other people are getting that same email message? If it looks like SPAM, then the email is placed in your SPAM or junk mail folder instead of your inbox. spam filtering machine learning algorithmsIf you’re using webmail, like Gmail, Outlook, or Yahoo!, then you have a pretty good SPAM filter already. Gmail claims their SPAM filtering machine learning algorithms are 99.9% accurate. You can improve the default SPAM filters. You need to train your SPAM filter. To train your SPAM filter – report SPAM every time that you find it in your inbox. Whether you use, Gmail Yahoo, Outlook or Thunderbird, you should take the time to learn and understand its SPAM filtering features. When you flag an email as SPAM, your email app will use this information to refine its spam filter. The SPAM email filter will automatically get better at detecting SPAM emails in the future. This could be either globally if enough other people say the same things about emails like that. Keep flagging SPAM emails and the number of SPAM emails in your inbox should decrease – perhaps dramatically – over time.

Stay safe out there!

Related article   Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , , , , ,
| June 29, 2019
Comments Off on Presidential Wannabe’s Don’t Use Email Security

Presidential Wannabe’s Don’t Use Email Security

Most Presidential Wannabe's Don't Use Basic Email SecurityWe are in the run-up to the 2020 silly U.S. Presidential election season. Not much has changed in the three years after Trump operatives Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign. Email security firm Agari reports that nearly all 2020 presidential candidates have learned nothing. They have not implemented email security. They are not protected against email attacks, fraud, and data breaches typically run by nation-states.

During the 2016 presidential campaign, the chairman of Hilary Clinton’s campaign, John Podesta, was the victim of a spear-phishing attack. That attack led to the now-infamous WikiLeaks email publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari’s CMO, Armen Najarian, explained the importance of DMARC email protection;

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.

Which campaign practices email security

ClownsData released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed her campaign staff, potential donors, and the public.

Agari suggested in a blog post that the remaining 11 candidates it checked do not use DMARC. This includes Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. All do not use DMARC on their campaign domains to secure their email accounts. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks.

Agari also analyzed advanced email security controls of the campaigns. They found that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite.

Email alphabet soup

DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. DMARC records are published alongside DNS records, including:

  • SPFemail security
  • A-record
  • CNAME
  • DKIM

Matt Moorehead at Return Path explains that DMARC is the latest advance in email authentication. DMARC ensures that legitimate email properly authenticates against established SPF and DKIM standards and that fraudulent activity appearing from domains under the organization’s control is blocked. Two key values of DMARC are domain alignment and reporting.

DMARC’s alignment feature prevents spoofing of the email “header from” address. To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC flowrb-

Using email authentication to prove that an email comes from the person it says it is is important because nearly 30% of advanced email attacks (PDF) come from hijacked accounts. Without email, authentication accounts are vulnerable to email security-initiated breaches – attacks typically run by nation-states. The 2018 Verizon DBIR found that nation-state groups accounted for at least 23% of the attacks in successful breaches by an outsider.

DMARC is a widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy. DMARC helps protect customers and brands; it discourages cybercriminals, who are less likely to target a brand with a DMARC record.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| February 23, 2017
Comments Off on What to Think About Before You Click

What to Think About Before You Click

What to Think About Before You ClickReaders of the Bach Seat know that the Internet can be a risky place. The typical advice to stay safe on the Intertubes is to think before you click. But why should you care and what should you think about before you click on a link in your email or on Facebook?  Email is the leading source of attacks at home and at work.

Kaspersky reports that over 2/3 of emails sent in 2014 were SPAM. Merely clicking on a SPAM link can lead to password and data theft, and even “drive-by” malware downloads. In order to stay safe at work and at home ESet wants you to ask yourself these questions before you click on any link:

1. Do you trust the person sending or posting the link?Do you trust the person sending or posting the link? People have gotten better at distinguishing good emails and links from bad. Nonetheless, you still need to be alert, so the first question to ask yourself is:

  • Do I trust the person sending or sharing this link? If you don’t recognize the name, the email account, or the content, delete it.

2. Do you trust the platform? Here’s what we mean by “platform”: A link shared on your company’s private Intranet is likely to be safe. But anybody can send you an email — so be skeptical.

many social media accounts are fake and pose a riskPay special attention to Twitter (TWTR) and Facebook (FB), as both social media sites have been hit by copious amounts of spam. Online security experts have found that many social media accounts are fake and pose a risk to anyone they come in contact with.

  • Researchers say that an average of 40% of Facebook and 20% of Twitter accounts claiming to represent a Fortune 100 brand are fake. 99% of malicious URLs posted on social media channels led to malware or phishing attacks.

3. Does this link coincide with a major world event? Cybercriminals seize any opportunity to get someone to click a link. They commonly use news events like natural disasters, Olympics, and World Cups to lure victims to identity theft or malware sites.

Do you trust the destination4. Do you trust the destination? Look at the link that has been shared. Does it go to a website you recognize? If you don’t trust or don’t know, the destination, don’t click the link.

5. Is it a shortened link? The rise of social media, especially Twitter, has prompted people to shorten links for convenience. Bad guys can easily shorten scam links, making them harder to spot.

  • With shortened links, the advice is clear; ask yourself the above four questions and if you’re unsure still, use LongURL and CheckShortURL, to restore the shortened link to its original length.

rb-

Even if you follow this advice, you still need to be alert. If for whatever reason, you’re unsure, you could pick up a phone and call them (Did you remember that you can talk to people on phones?) to verify that they did indeed send that information and maybe talk about something else too.

 

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 7, 2016
Comments Off on 9 Emails You Should Never Open

9 Emails You Should Never Open

9 Emails You Should Never OpenThe increasing pace of life coupled with mobile computing which bombards us with emails and messages, from more sources, and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

fake emails from cyber criminals.Trigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professionals, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam

These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

2. The “long-lost friend”

tries to make you think you know themThis scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue

These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date

A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

5. You’re infected

you’re infected with a virusA message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

6. You’ve won

you won a contest you never enteredClaims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that ask you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification

An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

8. Playing the victim

emails make you out to be the bad guyThese emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check

A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
« Older Entries