Monday, July 31, 2006

Spam Scams

Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months. ~Clifford Stoll

As a network administrator, I find that the most common questions I get all revolve around spam, viruses, and malware. Basically, the questions fall into a few categories:
  1. Why do I get so much spam?
  2. Why do people send out spam?
  3. Why do people create viruses, trojans, spyware, and adware?
  4. What is the physical length of a bit?
Well, actually, I don't get asked that last one at all, but I'm ready for it when it comes.

As to the others, the answers are regrettably easy.

You get a lot of spam because you either a) register at every web site that asks you to; b) got a little spam and tried to “opt out” using the links in the spam; c) downloaded adware that's happily sending your address to every spammer on the planet -- and possibly to other planets as well.

People send out spam because it's a really cheap thing to do. They can send out millions of messages, and all they need is a minuscule return to make money.

People USED to create viruses and the like because it gave them a feeling of power to screw up other people's lives. The image of the pimply-faced kid living in Mon and Dad's basement who sat a computer all day creating viruses and hacking sites so he could spread the stuff more easily wasn't far from the truth. Nowadays, though, there's a new factor.

The same wonderful folks who send out spam are also proliferating viruses and trojans that will turn your machine in a spamming robot, sending out junk to everyone in creation without your being aware of it, until your ISP threatens to cancel your account. So the answer to question three is the same as the answer to number 2: Money.

But, I am often asked, who would be silly enough to respond to these spam messages? Obviously, the same people who are buying those diet pills, hair restorers, ginsu knives and get-rich-quick-schemes from TV ads are going to be fertile ground for people selling cheap drugs, male enhancement products, stock tips, and get-rich-quick schemes via e-mail.

I think the only honest business people on the Internet are the ones running porn sites. At least with them, they're up front about the product. And, since porn has been the most consistently profitable web business almost since day one, somebody is buying into this business model.

It's easy enough to avoid this stuff. For starters, never use your main e-mail address to register anywhere if you can avoid it. Tighten your “cookie” security, because these can contain your e-mail info. Even Internet Explorer lets you approve each cookie that comes by, and you can say “no” to all the cookies from a given site, if you want. Only accept cookies that you absolutely have to. If you must register at some legitimate site, beware of little “opt-in” or “opt-out” check boxes. Make sure you read whether checking the box or clearing the box tells the site not to sell your name.

Get a free alternative e-mail address from one of the many legitimate web sites that provide them. Use that when you must register somewhere. If you start getting tons of spam, cancel the account and start another one, and consider yourself lucky that you had such an easy way out.

“Phishing” scams have become extremely popular. Basically, you get a letter from your bank, stockbroker, PayPal, or similar outlet saying your account has been messed up in some manner, and you need to click on the link below to straighten things out. This will take you to a site that looks exactly like the site you usually use, but it isn't. It's a fake site that will ask you for all your personal information and passwords. After providing this information, you will be able to appear on one of those ads on TV about identity theft.

I mention phishing because it can entrap innocent folks. Banks are doing a much better job of educating online users about what phishing spams look like. Check out your bank's site, and you'll probably find a good section explaining how to recognize these.

What amazes me is that people are falling for blatant con jobs that arrive in their inboxes. Many of these are what are known are “419” or “Nigerian” scams. They were started by some enterprising Nigerian crooks (419 refers to the portion of the Nigerian legal code these crooks are violating). Basically, the scam goes like this: An e-mail arrives from somebody you've never heard of claiming, in stilted but awful English, to be a relative of some former powerful political figure now deceased. It seems that this individual left a lot of dough behind, but the relative can't get it out of the country. So, in return for your help fronting for them, you'll get a percentage of the very large take.

Of course, to do this, they'll need your bank account information and may go so far as to ask for a few thousand bucks of expense money up front to get the machinery rolling. Some people have lost their entire life savings to these thieves.

The thing is that the whole activity, even if it was on the up and up, would be illegal. Yet people jump at the chance, knowing that they're doing something that is at least unethical and probably against the law. As someone (I think it was W.C. Fields) once said, “You can't cheat an honest man.”

Of course, these people may be terminally naive. To them, I offer this bit of advice paraphrased from a story by Harry Anderson, talking about advice he received from his father.

“My son, someday a man will come up to you carrying a sealed deck of cards. He will bet you $10 that he can make the queen of spades jump out of this deck of cards and squirt cider into your ear. Do not bet with this man, my son, for if you do, you will be $10 poorer and have an earful of cider.”

Words to live by.

No comments:

Post a Comment