Category Archives: Spam/Scam

Email scams again

Security, Spam/Scam

People keep reporting emails that say something like:

Dear network user,
Your account has violated a quota and will be turned off.
To avoid this, email your login name and password to
somebody@somewhere.com.

Signed, wou.edu administrator

To us geek types, this is obviously a scam. I just keep getting reminded that other people don’t instantly spot this for what it is, even when it tells them to send their info to a non-WOU address. It can be even harder to spot when the From: address on the email is something like admin@wou.edu, or the message tells you to go to a link that looks like it’s on our website but actually goes elsewhere.

So really what we need are some general rules of thumb. The first and most obvious is never, ever, ever, EVER put your password into an email message. Never. And did I mention never? Of course this means we UCS folks should never ask someone for their password except in person — we really don’t even want to get users in the habit of saying their password over the phone.

Another rule of thumb would be never trust emails from generic addresses. When we send messages out, they’ll have a specific name on them, not just “admin@wou.edu” or some such.

If we agree on this among ourselves and communicate it to users, hopefully that’ll help everybody.

Freakin’ Spammers!

Spam/Scam

We just had another one of those mass email scams that claimed it came from wou.edu and told people to reply with their usernames and passwords.

At least three people fell for it and their accounts got hijacked and used to send tons of spam until we shut them down. What a mess.

Maybe someday people will learn to think before following instructions they see in some random email. Not likely… but it’s more likely than all these [vile cursewording] spammers and scammers deciding to work for a living instead of exploiting people.

Project Honeypot

Security, Spam/Scam

A couple years ago I signed up for Project Honeypot, which is a distributed network of fake email domains set up to catch spam for research purposes. All I had to do was create a subdomain off of a domain I already had (I didn’t use any WOU resources for this) and set it up to point to the Project Honeypot servers, and then forget about it. They don’t even need access to my site or anything.

So anyway, I hadn’t thought about this in a while, but this morning they sent me a notification that they’d caught their one billionth spam message (which happened to be an IRS phishing scam, in case you’re curious.) They also included some statistics (Quoted from their email:)

  • Monday is the busiest day of the week for email spam, Saturday is thequietest

  • 12:00 (GMT) is the busiest hour of the day for spam, 23:00 (GMT) is the quietest

  • Malicious bots have increased at a compound annual growth rate (CAGR) of 378% since Project Honey Pot started

  • Over the last five years, you’d have been 9 times more likely to get a phishing message for Chase Bank than Bank of America, however Facebook is rapidly becoming the most phished organization online

  • Finland has some of the best computer security in the world, China some of the worst

  • It takes the average spammer 2 and a half weeks from when they first harvest your email address to when they send you your first spam message, but that’s twice as fast as they were five years ago

  • Every time your email address is harvested from a website, you can expect to receive more than 850 spam messages

  • Spammers take holidays too: spam volumes drop nearly 21% on Christmas Day and 32% on New Year’s Day

You can find lots more here.

So how does the Web really work, anyway?

Blogging, Explanation, Security, Spam/Scam

I’m always fascinated to learn how things work, especially stuff we completely take for granted, like for instance how electricity gets from a power plant to your house. So in the hopes that there are others like me out there, I’m going to describe the inner workings of something most of us take for granted: the World-Wide Web.

Naturally this is going to take more than one post, since I’ll try to start from fairly non-technical concepts, and use analogies. Those of you who already know most of this may find the explanations not quite accurate, because I’ll leave out a lot of the nitpicky details, especially at first. I don’t have an outline in mind, so I can’t say exactly how this is going to go, but here’s a basic idea of what I’ll try to cover:

  • Internet 101

  • What is a protocol?

  • Before the Web was born

  • HTTP vs. HTML

  • Why are there different browsers?

  • What’s a URL and how do I read it?

  • What is actually happening when I click that link?

  • How does the page get to me?

  • What if there’s a problem?

  • How forms work

  • Secure connections (HTTPS)

  • E-commerce and shopping carts

  • Web video

  • More security concerns

  • What’s “Web 2.0”?

Hmmm, OK, just off the top of my head I came up with a lot more than I thought I would. And there’s a lot more where that came from! So we’ll see how far I get, and how many entries it takes.

I hate scammers

Spam/Scam

Since the security certificate on our main webserver was set to expire soon, I’ve been getting these email messages at webmaster@wou.edu saying “Reminder – SSL Certificate for wou.edu expires in 5 Days”, counting down every day until the expiry date. I didn’t pay attention to them at first, because I already knew the cert was about to expire. Then after we renewed the cert (Thanks, Summer!) the messages still kept showing up.

I took a closer look and found out that the messages don’t even come from Thawte, our usual certificate vendor, but from some place called “certstar.com”. They pretended our expiring certificate came from them, though, and told us we should renew it by clicking the handy-dandy link they provided.

Well, I wasn’t born yesterday, so I didn’t touch the link, but I was curious enough to go to their main site. It looks reasonably professional, but they don’t secure it with one of their own certificates; they got one from Comodo instead. That’s a real red flag. For all I know, they just take the money and run. Even if they have legitimate certificates to sell, it’s really slimy to send those deceptive emails to people.

I wonder how many people out there have gotten fooled?

A new fraud

Spam/Scam

A week or so ago I got an email from someone claiming to be “Jerson Estandarte”, a recent high school graduate in the Philippines who needed money for college. This person was trying to reach someone else on campus, but I got their email since they sent it to webmaster@wou.edu.

I thought there might be a chance they were legitimate and just very naive; I looked around and couldn’t find any other examples of this kind of thing being a scam. So I asked them for some proof, and they got evasive, pretending to misunderstand my requests.

Finally when I asked them to mail actual paper documents to me, I got a reply accusing me of being unsympathetic and saying they would stop trying to contact me. At that point I figured the whole thing had been a scam all along.

I’m curious if anyone else has seen anything like this; it sounds like a new strategy.

By the way, for fraud information with a humorous slant, check out http://www.scamorama.com/.