Tuesday, September 02, 2008

How To Verify Whether a Suspicious E-Mail is a 419 Scam

In my last article I explained how to spot a 419 scam by paying attention to the common characteristics of 419 scams. In this article I will explain how to identify a 419 scam by looking at the cold hard facts.

The majority of 419 scammers conform to standard procedures (not standards) and send scam e-mails that can be identified quite easily by analysing these e-mails against a set if common 419 scam characteristics. However, you will always get the case where a scammer sends an e-mail that's out of the ordinary, one that contains absolutely no common characteristics of a 419 scam. It is in cases like these when you need to follow your gut feeling, which is quite easy if you analyse 419 scam e-mails on a daily basis, because you know how a 419 scammer's head works, but it is a problem for people who don't understand how these scammers operate. If you can't spot any common characteristics of a 419 scam in a suspicious e-mail, you will need cold hard facts to prove its fraudulent intent.

It is surprising to see how many people resort to the lazy way of verifying a 419 scam. What do I exactly mean by "the lazy way"? The lazy way is the quick "IS THIS A SCAM?" post on a discussion board or a social community website like Yahoo! Answers, while the answer is readily available through a search engine like Google or Yahoo. Always remember there are only a handful of people (mostly volunteers) who devote their time to battle online crime, so it is a waste of valuable resources if people simply resort to a quick and comfortable e-mail or forum post, to have the answer presented to them by someone else, if they could have found the answer themselves. Don't get me wrong, people should always ask around before acting on a suspicious e-mail, but you should only resort to assistance from someone else, if you are still unsure after looking for the answers yourself.

But there is another problem in asking for help without looking for the answers yourself. If you ask for help in the wrong places you can easily get the wrong answers. Only ask questions in places where you are sure you will get answers from experts in their fields. I can recall an incident in February 2008 where someone asked a question on Yahoo! Answers about a the legitimacy of a website called dhl-postit.com. At this stage there were a couple of Romanian scammers who pretended to sell mobile phones to their victims and used fake courier websites to defraud people from their hard earned money. The website was initially reported to Cyber Top Cops by a victim(1) of this scam and I discovered the post on Yahoo! Answers while doing some research about the fraudulent website. I was shocked by the response to this question. A contributor called Gerry(2) told the original poster that the website was safe and that he dealt with them all the time. Gerry's profile is no longer active any more, he most likely got kicked from Yahoo! Answers because there is no doubt in my mind that this guy was the scammer himself. What kind of victim will vouch for a website that only defrauds people? The sad thing however is that the original poster believed him and found the response very helpful. The poster asked the same question in a different section of Yahoo! Answers and even on the second attempt, the poster still received a misleading and inaccurate answer. What lesson can be learned from this example? You should never act on the information found on one site only, you should always look for a second and third, yes even a fourth opinion, just to make 100% sure all the facts add up. If you are still not 100% sure about the e-mail or website, look for expert help.

The sad reality is that many people still doesn't know how to use a search engine, not even to speak of researching an e-mail scam on the Internet, so I will try to explain both in this article, but with the emphasis on finding scam related information on the Internet. I will be using information from a real 419 scam e-mail in my instructions below. For simplicity I will provide instructions from Mozilla Thunderbird as the e-mail client and Mozilla Firefox as the web browser. For the more advanced readers of my articles, please bear with me for a couple of moments, I know this is already common sense to most people, but believe me there are people out there who don't even know how to do a simple search on Google and I'm trying to reach out to them. Chances are good that most of my subscribers already know how to search for scam related information on Google, so if you know someone who has trouble finding stuff on the Internet, please refer him/her to this article, you might just save someone from falling victim to a 419 scam.

Lets say you received an e-mail from contactfbihq016@earthlink.net. To search for this e-mail address in Google, do the following:
  1. Copy the e-mail address from the e-mail itself: Right-click on the "From:" e-mail address and select "Copy Email Address" from the drop-down menu.

  2. Go to Google.com: Open your browser (Internet Explorer, Firefox, Opera, or whatever you use for browsing the web), type www.google.com in the address bar and press the Enter key on your keyboard.

  3. Wait for Google to open and paste the e-mail address in the search box: Right-click inside the search box and choose "Paste" from the drop-down menu.

  4. Now click on "Google Search" and wait for the search results to appear.

It is very unlikely that you will find anything for this e-mail address (at this moment), so lets repeat the process for the "Reply-To" e-mail address, fbiwashingtonfield@fedbureau-ofinvestigation.org. Once again, a search for this e-mail address will most likely deliver no results (except a link to this article perhaps, once a search engine has crawled and indexed this page).

The scam e-mail also contains an instruction to contact someone that goes by the name of Prof. Charles Chukwuma Soludo, so lets do a Google search for "Prof. Charles Chukwuma Soludo".

  1. Copy the text from the e-mail: Select the text "Prof. Charles Chukwuma Soludo" from the e-mail, right-click on the highlighted text and select "Copy" from the drop-down menu.

  2. Repeat steps 2, 3 and 4 above.

Among the search results you will find links to websites like 419.bittenus.com, 419scam.org, 419baiter.com and even Wikipedia. You are basically looking proof that the name of Prof. Charles Chukwuma Soludo is being used in 419 scam e-mails. All four of the websites mentioned earlier will contain this kind of information. Remember this does not mean that the real Prof. Charles Soludo is involved in any 419 scams, it merely proves that 419 scammers are abusing his name to add credibility to their fraudulent e-mails. If you can't find any useful information on a specific web page, simply hit the "Back" button of your browser to return to the search engine results page and choose another link from the results.

Scam e-mails also contain telephone numbers and secondary e-mail addresses, so can you do a Google search for them just like you did with the name of Prof. Charles Soludo. To test yourself, do a search with Google or Yahoo and see if you can find any information about +234-8054740218 and p.charles.soludo@centbnkingonlineng.org.

But how do you identify a fraudulent or fake website? If you want to analyse a suspicious website you need to do the following:

  1. Look for common 419 characteristics. Funny names and e-mail addresses, spelling errors, bad grammar, silly web design mistakes, etc. You will find more details about this operation in my article, How To Spot a 419 Scam.

  2. Do a Google search for the website address and analyse the search results, just like you would do for a suspicious e-mail address (as already explained).

  3. Copy a phrase from the website and do a literal Google search for this phrase (in other words enclose the search phrase in double quotes).

  4. Do a WHOIS lookup on the domain name for more information about the owners, the creation and alteration dates of the domain.

I already discussed points 1 and 2, so I will explain points 3 and 4 in greater detail below:

Do a Literal Search For a Phrase From the Suspicious Website
Why do a literal search for a piece of text from a suspicious website? The idea here is to find another website with the exact same phrase. This will help you to identify other websites containing the exact same content as the suspicious one. 419 scammers often scrape website content from legitimate and trustworthy organisations and pose as legitimate organisations to add credibility to their schemes. But they don't copy the content alone, they copy the layout and graphics as well, in other words they create a complete replica of the original site and only change key elements like the the contact details and sometimes the name of the organisation. But it is important that you search for a phrase that is unlikely to be published or syndicated elsewhere on the web. The phrase has to be a unique piece of text that contains no names, e-mail addresses or anything that has the likelihood of being changed by the scammers.

I know this is easier said than done and most people won't have a clue what to search for or how to analyse the search results. So to make things easy, just copy a piece of text from the home page of the suspicious site, paste it into a Google search box, enclose the phrase with double quotes and click on Google Search. Now look for websites with the same content, layout, graphics and overall design. Several websites with the exact same content and layout is often a sign of a 419 scammer at work. If you can find only one other website with the same content and layout, you probably stumbled across the original website (but this is never a guarantee, you will soon see why).

These search results are not always a clear-cut case and you should always to keep the following in mind:

  1. You may find the original website among the search results as well, so don't just assume that all of them are fraudulent.

  2. The fact that you have found several copies of the same site, does not necessarily mean that they are copies of a legitimate or trustworthy site. 419 scammers can easily design a website from scratch.

  3. The website ranked in the number one spot of the search engine results, is not necessarily the original website. 419 scammers can always use black hat search engine optimization techniques to outrank the original website.

  4. You should never judge a website just because it has been copied on another domain. Content scrapers and plagiarists are all over the web and there are way to many variables to consider when it comes to content syndication. This method only forms a small part of the overall process of identifying fake and fraudulent websites and is never the deciding factor.

Do a WHOIS Domain Name Lookup
You may use any WHOIS service you prefer, but I suggest DNSStuff.com. Simply visit this site and enter the domain name in the WHOIS lookup box and click on the search button. You will be taken to a results page where you can view more information about the domain. There may be a lot of technical information for some users, but in most cases you only need to pay attention to the following:

  1. The creation date of the website. If the website is relatively new, be on high alert. What do I regard as new? Fraudulent websites do not have a very long lifespan (on average, but this is not always the case). I normally use a safety margin of 3 months, but this is no guarantee at all, because a suspended website can always be reactivated after 3 months. The age of the website is merely a sign and is in no way a deciding factor.

  2. Recent changes to the WHOIS records. This goes hand-in-hand with the creation date of the domain, so there is no need to explain this any further.

  3. The owners of the domain. If it is owned by someone who live in one of the 419 scam hotspots, it is most likely a fraudulent website. I discussed these hotspots in my previous article, How To Spot a 419 Scam. Scammers often provide fake personal information, so this is never a reliable source of information. Fortunately you get certain scammers who are stupid enough to tell the public where they live.

  4. Do the owners use a privacy protection service like privacyprotect.org or myprivateregistration.com? You can determine this by looking at the contact e-mail addresses. It is normally a bunch of crooks who use these services, so it is yet another sign of a fraudulent website. (I'm not saying that you are a crook if you use these services, I'm merely referring to the fact that scammers prefer to use these services, because this enables them to hide their true identity. It remains a joke no matter how you look at it, because they provide false information anyway, so what is the use of hiding it?).

Another way to verify whether a suspicious e-mail is a 419 scam, is to do a trace on the sender's IP address. This works a lot like a domain name lookup, it's only called an IP-WHOIS (or IP Info) lookup and DNSStuff.com also provides this service. An IP-WHOIS lookup provides geographical information among other technical information about the IP address, so you basically do an IP-WHOIS lookup to determine the geographical location of the sender. If you have the geographical location of the sender you can easily tell whether the e-mail originated from a 419 scam hotspot. I'm not going into the details of doing an IP lookup because it involves the analysis of the e-mail header and many people don't even know where to look for them. So I will leave this for another article perhaps. I want to keep the methods in this article as simple as possible and I feel that I already overstepped this boundary a couple of times.

If you have any questions about the methods discussed in this article, feel free to ask them in the comments section of my blog and I will do my best to explain.

(1) The person who reported the website to us, never responded to our follow-up e-mails, so I am not sure if this is the same person who asked the questions on Yahoo! Answers, but the fact that the report to Cyber Top Cops came on the same day as the question posted on Yahoo! Answers, makes me confident that this is the same person.

(2) It remains a mystery why Yahoo! never removed this question and the misleading responses from Yahoo! Answers, even after we reported Gerry to Yahoo! Answers. Perhaps he got suspended due to another contravention of the Yahoo! Answers Terms of Service.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

Monday, August 18, 2008

How To Spot a 419 Scam

419 scams come in different forms and flavours but they all have their sights on one goal only, your money. In this article we will take a look at the importance of spotting a 419 scam and what to look for in a 419 scam.

Brief Background of 419 Scams
This is a very brief description of a 419 scam and I will not even scratch the surface here. Several aspects of the 419 scam goes beyond the scope of this article and I plan to discuss them in future articles. The 419 scam (Nigerian Four-One-Nine) got its name from the article of the Nigerian Criminal Code dealing with fraud. Scammers often demand upfront payments for dubious reasons like processing fees, legal expenses or to bribe certain officials, therefore the scam also became known as Advance Fee Fraud. A 419 scam starts with an unsolicited e-mail from a scammer promising a huge sum of money, but the scammer will create the impression that you need to make a couple of upfront payments before you can lay your hands on this non-existent fund. These upfront payments are normally a drop in the bucket, compared to the huge sum of money you will receive in the end. This makes the scam very attractive to unwary and uninformed people, who are desperate for some extra cash.

The Importance of Spotting a 419 Scam
Prevention is the most important reason behind the successful identification of 419 scams, but this is not the only reason. Registrars, hosting companies, Internet Service Providers and Law Enforcement also need to familiarise themselves with the common characteristics of 419 scams, because their support and cooperation play a huge part in the battle against 419 fraud.

Unfortunately, many registrars and hosting companies fail to take a stand against the fraudulent activities of 419 swindlers. Registrars refuse to suspend the domains of known scammers and hosting companies fail to enforce their Acceptable Use Policies (AUP). There is a reason why registrars and hosting companies are hesitant to suspend the accounts of 419 scammers... Money! These swindlers are their clients, so they are happy to host their fraudulent websites and support their spamming services. With some registrars unfortunately, you will never win, not even if you are Sherlock Holmes. They are simply ignorant to the 419 scam problem and do not care about the lives being destroyed by these scams.

To all the unethical registrars and hosting companies out there, don't tell me you have a hard time identifying Advance Fee Fraud websites, if you own a groceries store, will you knowingly sell Marijuana to your customers? Perhaps that was a stupid question. If you don't mind hosting a fraudulent website, you will probably have no problem selling Marijuana to your customers. But what is the big difference here? If the cops catch you selling illegal drugs to the public, you can kiss your store goodbye, but it is a common misconception that the cops won't do a thing against a registrar who refuses to suspend the domain of a fraudulent website. The actual reason why registrars get away with murder is because complainants do not want to go through all the hassles of filing a complaint with the police and the cops sometimes do not have a clue how to approach a case like this, even if there are laws you can use to your advantage. Yes, I am aware that your local police department won't have any jurisdiction over a webmaster in a foreign country, but even if they did, you are unlikely to get anywhere with a case like this, if you don't have deep pockets and the registrars know that.

I understand that registrars cannot go suspending domains left and right on a mere request or tip from the public, they have to conduct a thorough investigation before they can take any action. Abuse departments are swamped with fraud reports each day and on top of that I believe they get their fair share of false reports as well. Members of the public need to get their facts straight before reporting a fraudulent website to a registrar, this improves the turnaround time of abuse complaints and makes the work of the abuse departments that much easier. I'm not saying you must conduct a full-scale investigation (unless you feel the need to do so), simply take the time to gather all the evidence and present the information to the abuse department in a logical and organised manner. So many people resort to a quick e-mail like "Hey, check out this site, I think it is fraudulent." or "Hey, this guy sent me a fraudulent e-mail and this is his e-mail address, please take him out". Good, you raised awareness about possible fraud, but tell the abuse department why you think the website is fraudulent. Don't just send them an e-mail address of the suspect, send them a copy of the e-mail that was sent to you and don't just forward the damn thing inline, forward it as an attachment or include the full header of the e-mail along with the body. The abuse department will eventually find the e-mail address of the suspect in the copy that you sent to them.

Proper identification of 419 scams by members of the public will make these scams less effective and will eventually lead to a decrease in 419 activities. So lets take a closer look at the characteristics of a 419 scam.

What To Look For In a 419 Scam

  1. The subject of the e-mail, as well as the name and e-mail address of the sender:

    By analysing the name and e-mail address of the sender in conjunction with the subject line of the scam e-mail, you can easily identify a 419 scam before opening it. Spotting a 419 scam at first glance minimises the risk of falling for the scam and saves you time (you don't have to read through all the mumbo jumbo of the scammer). This also simplifies the task of reporting 419 scams to cyber security authorities.

    Typical characteristics of subject lines, names and e-mail addresses used in 419 scams:

    • Scammers love to disguise their true identity with the names of high profile figures like State Presidents, Ministers, Ambassadors, Directors, etc.

    • Subject lines are often typed in uppercase letters only.

    • They use free e-mail services like Yahoo, GMail, Hotmail/Live, or a free ISP e-mail account. These free e-mail accounts are used in cases where one would expect an e-mail from an official e-mail address and surprisingly enough, there are still people who fall for this lame trick.

    • There is often an overdriven use of formal and professional titles like Mr, Mrs, Dr, Barr, Sgt., Lt, etc.

    • Subject lines often have a false sense of urgency. See example (b) below.

    • The name of the sender is repeated in the subject line. See example (h) below.

    • Many scammers mistake the Subject for the From field and vice versa. Refer to example (q) below.

    • Generic greetings like, "My Dear", "Dear Beloved", "Greetings to you", "Dearest Brother" or "Dear Sir/Madam" are sometimes used as a subject line.

    • Many scammers are hypocrites who pretend to be devoted Christians and will use subject lines like: "GREETING IN THE NAME OF OUR LORD JESUS CHRIST", "My Dear Beloved in the Lord", "Goodness Of God Will Be Upon You", or "YOU ARE THE LORD CHOSEN ONE".

    • Subject lines contain notices about "Payments", "Lotteries", "Bank Drafts", "Compensation", "Funds" and other financial related terms.

    • The subject line often contains an instruction to contact a specific individual, department or organisation. For example "Contact my secretary", "Contact the fiduciary agent", "Contact the bank official", "Contact the ATM Department of..." or "Contact FedEx".

    • Scammers always come up with the strangest and most outrageous e-mail addresses, especially in scenarios where it is quite obvious that the e-mail account is fake. For example, a scammer pretending to be an official from the FBI will use a silly e-mail address like fbiofficial015@example.com. The FBI have their own domain and e-mail servers, so there is no valid reason for using an e-mail account from another domain, or a free e-mail service like Yahoo! or GMail.

    • It is common practice among 419 scammers to use an e-mail address that consists of a formal title, a name and surname. For example, Mr. John Doe will use an e-mail address like mrjohndoe@example.com.

    • It is very popular among 419 scammers to start their subject lines with the words: "From the Desk Of".

    • Lottery scams often have a reference number for the subject line. For example "Award Notice (Ref: LSUK/2031/8161/05)"

To illustrate the characteristics mentioned above, I included a few examples of subject lines, e-mail addresses and fake aliases used by real 419 scammers:

    1. From: Robert S. Mueller, III
      E-mail: fbiauthorities@i12.com

    2. From: Mrs. Inessa Gutseriyev
      E-mail: SFI@netti.fi
      Subject: An Emergency! Please Act Asap!!!

    3. From: Mr Fred Johnson
      E-mail: fred.johnson34@yahoo.dk
      Subject: GREETINGS!!Good News

    4. From: Lt. Gen. David Lee
      E-mail: china@live.com

    5. From: FRED MOORE
      E-mail: fredmoore@yahoo.com

    6. From: Finance Nigeria.
      E-mail: www.fmf.gv.ng@mail05.syd.optusnet.com.au
      Subject: From the desk of: Dr. Shamsuddeen Usman

    7. From: Lottery Board
      E-mail: smithzazaza@mtnloaded.co.za

    8. From: Mr. Vincent Cheng
      E-mail: mrvincent@yahoo.com
      Subject: From: MR. V H C CHENG.

    9. From: mrwalterleoanard@accessbankngrplc.org

    10. From: Mrs. Alice Jones
      E-mail: internet@nuevoexcelsior.com.mx
      Subject: Dear Beloved, PLEASE GET BACK TO ME

    11. From: Jubouri Omar
      E-mail: jubouri_omar1@yahoo.co.uk
      Subject: Request for Business Partnership

    12. E-mail: dhlworlddeliverydispatch05@gmail.com

    13. From: Seek Of God Ministry Church
      E-mail: nmbsquad@debiansk.org
      Subject: Rev Pastor mulla welcoming you to seek of god

    14. E-mail: highcomm1@sohu.com

    15. From: MR. EDES ABEBE
      E-mail: charity@stella.org
      Subject: ARE YOU TRUST WORTHY?

    16. From: Dr. Henry Martins
      E-mail: henrymartins@jobproposaloffer.com (Spoofed)

    17. From: Warm Greetings From Nokia Company
      E-mail: info@nokia.co.uk (Spoofed)
      Subject: From Nokia Company

    18. From: DR. GREGORY DAVID
      E-mail: phc.comm418@earthlink.net

    19. From: (SGT) Eric Yonenson
      E-mail: yonenson_76@mindspring.com
      Subject: Dear Friend

      E-mail: myofficemail60@gmail.com

    21. From: BARR MIKE BEN
      E-mail: chi_elor@yahoo.fr

    22. From: EURO-PW LOTTERY v6.0
      E-mail: ryan.larson@ndsu.edu

    23. From: frankegwu11
      E-mail: frankegwu11@o2.pl

    24. From: Mrs. Kate Williams
      E-mail: katewilliams_comp@yahoo.co.uk
      Subject: Claim Your Bank Draft of $500,000.00

    25. From: Thomas Michael
      E-mail: tbt40650@ucmo.edu
      Subject: Reference Number 799BV90.

      E-mail: SARAH@YAHOO.COM
      Subject: With God all things are possible

This is not an exhaustive list of characteristics, but is certainly a collection of the most common characteristics found in the subject lines, e-mail addresses and names of 419 scammers.

  1. Questions you need to ask yourself before analysing a 419 scam any further:

In order to answer these questions you need to open the e-mail and read its contents. At this point, you don't need to pay attention to specific details in the e-mail, you only need to determine what the e-mail is all about.

    • Is the e-mail an unsolicited and unexpected job, loan or business offer from an unknown individual?

    • Is it about a lottery or competition you never entered? (Remember: Having your e-mail address randomly drawn from a list does not count as a valid entry for a competition).

    • Have you received a huge donation from a non-profit organisation?

    • Are you appointed as the next of kin of a total stranger?

    • Do need to help a foreigner to clear a consignment box, containing millions of dollars, declared as something else to a diplomatic courier service?

    • Is the e-mail supposedly from an American Soldier, doing service in Iraq, who discovered millions of dollars and needs to get the money out of the country?

    • Is the e-mail an unsolicited request to take care of orphans, send Bibles to a church or offer financial assistance to sick and hungry people in Africa?

    • Are you appointed, as the beneficiary of a fund, where the owner of the fund is currently dying of cancer?

    • Is the e-mail about the recovery of money or assets that were never stolen from you in the first place?

    • Have you been awarded an unsolicited bank draft for your philanthropic efforts?

    • Is the e-mail about an outstanding/delayed payment for a contract with some government, but you never entered into such an agreement or you never even conducted business with them at all?

If you answered YES to ANY of these questions, you are most definitely dealing with a scam.

Now ask yourself the following questions:

    • Did you expect the e-mail?

    • Do you know the sender in person?

    • Did the sender mention your name in his/her initial e-mail?

    • Does the sender have any other personal information about you (besides your name)? If so, did the sender supply a valid, trustworthy source of where he/she obtained the information?

If you answered NO to at least 50% of these questions, you are most likely dealing with a 419 scam.

Always remember the golden rule, if it sounds to good to be true, it probably is!

  1. Analysing the contents of the e-mail:

    If the name and e-mail address of the sender, the subject line of the e-mail or the story of the sender leaves you clueless about the legitimacy of the e-mail, you will have to analyse the contents of the e-mail in greater detail.

    The following characteristics are telltale signs of a 419 scam e-mail:

    • The Reply-To e-mail address is different from the originating e-mail address. Scammers do this to ensure they receive your reply, in case their service provider shuts down their e-mail account. Some scammers will spoof the "From" e-mail address with an official e-mail address, like the Nokia.co.uk e-mail address showcased in example (q) and provide a free e-mail address in the Reply-To field.

    • If the sender does not provide a Reply-To e-mail address, he/she will specify an alternative e-mail address, in the body of the e-mail. In example (q) above, the scammer provided the e-mail address "thomas_claims2008@live.com" along with a telephone and fax number (+44 701 115 0131 and +44 704 576 7986 respectively). These numbers will obviously not belong to Nokia, but since they are in the U.K., the scammers cleverly chose to spoof the "From" address with a co.uk domain.

    • Sometimes the sender does not only provide a different Reply-To address, but also a completely different alias. The scammer wants to create the impression that you are sending your replies to a completely different person, but it is actually the same scammer operating both e-mail accounts, each one under a different alias.

    • The whole e-mail, or large portions of it, is typed in capital letters.

    • The e-mail starts with a generic greeting (as already discussed). Most scammers simply shoot in the dark when they distribute their scam e-mails, so they don't know your name and will therefore not mention it in the e-mail. (Never assume an e-mail is legitimate just because the sender knew your name. I have seen several 419 scam e-mails where the scammer already knew the name, last name and even the physical address of the recipient).

    • The sender pretend to care about the well-being of your family with greetings like: "Good Day, How are you today? I presume all is well with you and your family." Believe me, 419 scammers don't give a damn about your family, they are only trying to earn your trust by pretending to care. Other 419 scammers have an apologetic attitude right from the start, for example: "Dear, Please accept my sincere apologizes if my email does not meet your business or personal ethics."

    • The recipient of the e-mail needs to reply with personal details like his/her full name, telephone and fax number(s), residential address, birth date, gender, name and address of Next of Kin, banking details, occupation, marital status and nationality. Some scammers request a scanned copy of your photo ID, international passport or your driver's licence, so they are not only after a photo of yourself, they also want your identity number or social security number.

    • Scammers often request some ridiculous information from their victims. For example your e-mail address (they already made contact with you, why would they need your e-mail address again?), the country that you live in (even if they already asked for your residential address and/or nationality) or the amount of money that you won (in the case of a lottery scam).

    • The most common telephone numbers provided by 419 scammers are from South Africa (country code +27), Republic of Benin (country code +229), Nigeria (country code +234) and Netherlands (country code +31), but I've also seen telephone numbers from Sweden (country code +46), China (country code +86), Turkey (country code +90) and Malaysia (country code +60).

    • Scammers always put a lot of emphasis on keeping the knowledge of the prize money or inheritance fund strictly confidential. There is a good reason for this, they don't want you to talk to other people about this because someone might realise that you are being conned and inform you that the e-mail is a scam.

    • 419 scammers insist on using Western Union or MoneyGram to transfer funds to them.

    • Scam e-mails contain loads of spelling errors and horrible grammar. However this is not a rule of thumb. Many 419 scammers have upped the standards and compose highly professional e-mails these days.

    • 419 scams involve huge sums of money, but the victim normally shares in only a small part of this fund. However, the alleged fund is so huge that even a small percentage of the fund can mean millions of dollars for the victim. This makes the scam very attractive to the victims, even if they only get a small cut out of the deal.

    • Many 419 scammers create the impression that they have been in contact with you in the past and that they failed to transfer some huge fund to you on a previous occasion. It is really hard to believe that people will fall for such a lame story, because if you can't recall doing business with these idiots, why would you reply in the first place. This only proves that 419 scammers are capitalising on the weakness of greedy people.

    • 419 scammers can sometimes be quite philosophical, for example they will say something like this in the introductory line of their scam e-mail: "This letter must come to you as a surprise, but I believe it is only a day that people meet and become great friends and business partners." Yeah, whatever! It is only a day that people meet and become scammer and victim.

    Characteristics of specific types of 419 scams:

    • Lottery Scams nearly almost have a line that reads something like this: "...winners were selected through a special internet ballot system from 40,000 individuals and companies E-mail addresses." Some Lottery scammers put it like this: "...draws was [sic] carried out through random sampling in our computerized E-mail selection machine TOTAL from a database of over 1,000,000 Email addresses drawn from all the continents of the world,and the Globe divided into Zones."

    • Most Lottery Scams have a silly disclaimer like this: "NOTE:You are to keep all lottery information away from the general public especially your Winning numbers. This is important as a case of double claims will not be entertained and will amount to disqualification of your already won prize."

    • In many Next of Kin Scams you miraculously have the same last name as the deceased, however the scammer quite conveniently forgets to mention the last name of the deceased in the initial e-mail. The trick here is to get the victim to reply with his/her personal information and then use the last name of the victim on the forged death certificate and relevant documentation.

    • Although it is not a rule of thumb, most Company Representative scammers offer 10% of their "income" to their victims. For some reason they like to use 10%, but I have seen scams where they only offer 5% and other, "more generous" scammers who offer up to 30%.

    • An Inheritance Fund Scam normally involves a corrupt banking official who allegedly stumbled across an abandoned account of a deceased billionaire, or it is someone who can't access the inheritance of a family member due to various reasons. The scammer often needs your help to get the money out of his/her country.

    • Inheritance Fund Scammers often provide links to news articles to back their facts (or should I say lies). For instance a scammer will use a plane crash as a basis for his/her story and provide links on a news site like CNN.com.

    • In a Bank Draft Scam, the scammer refers to a previous deal that failed and now you have to contact his/her secretary because he/she left you a bank draft and hasn't been able to send it to you, because he/she is busy with other "investment" projects.

    • Some Inheritance Fund Scammers pretend to send you the money via a pre-paid Visa or Maestro ATM card.

    • The Job Offer Scam normally involves a job in a foreign country, so the victim has to apply for a visa. This is how the scammers make their money. Victims have to pay a small fee to a certain company who will arrange the visa for them. I refer to a small fee because the fee is normally a little dust particle compared to the remuneration being offered to the victim.

    • The Compensation Scam often involves scammers who pretend to work for the United Nations or the FBI. These scammers pretend to compensate victims of 419 scams. How lame can you get?

    • ATM Card Scammers pretend to be very kind by paying certain processing fees and a drug law clearance fee on your behalf. The drug law clearance fee is to certify that the money issued on your name, do not stem from any money laundering activities. This is only for the bluff and the scammers only try to give their victims peace of mind. They can cook up any bloody certificate, you will still be an accomplice in money laundering if you assist them in moving funds through your bank account.

    • 419 scammers, using the story of the soldier in Iraq, who discovered a huge sum of money, always have some obscure plan to get the money out of the country. The most common one is transport via a diplomatic courier who has diplomatic immunity.

    • Several 419 scams about some kind of pending payment will state something like this: "...we were notified that you have waited for so long to receive this payment without success, we also confirmed that you have met all statutory requirements in respect of your pending payment."

    • Diplomatic Immunity Payment scammers often use the lame excuse that electronic fund transfers have resulted in payments being made to incorrect bank accounts, so they are shipping you the money in cold hard cash. These scams often contain a notice like this: "Note: The money is coming on 2 security proof boxes. The boxes are sealed with synthetic nylon seal and padded with machine." The scammers often claim that they declared the contents of these boxes as "Sensitive Photographic Film Material".

    • Some Inheritance Fund scammers allocate the funds in the ratio of 60% for the scammer, 30% for the victim and 10% for processing fees.

This is by far not a comprehensive list of 419 characteristics. Most of the specific details in this article will become outdated as time goes by. Today, many 419 scammers claim in their initial e-mail that they have paid the upfront fee on behalf of the victim. Many victims will bail out when the scammer mentions an upfront payment, so the effectiveness of these scams declined over time and the scammers had to improvise. However these fools will mention some kind of payment at some stage in the scam and vigilant people will bail out once again.

419 scammers never conform to any kind of standard, so it is hard to lay down a rigid set of rules for identifying 419 scams. 419 scams are just like any other kind of spam, there are millions of spammers out there, but a lot of these spammers use the same templates and techniques. After a while the templates and techniques become common knowledge and the spammers need to find new and innovative ways of infiltrating our mailboxes and our minds.

One thing that will keep up with the evolution of 419 scams is common sense. No one will ever be able to teach you all the tricks in the book, because there will always be at least one trick you didn't think of. Reading between the lines, being vigilant and applying a bit of scepticism towards e-mails from an unknown source, can be a very effective weapon against online fraud.

No 419 scammers were harmed during the writing of this article.

About the Author

Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

Saturday, August 02, 2008

Cyber Top Cops Goes Spammy (or rather SHPAMEE)

You may have noticed that my last article was published more than 2 months ago. I may have been absent from the blog, but I was not taking a break. I devoted all my time and attention to a new project aimed at educating the Internet community about Internet crime. All my hard work finally paid off and I am proud to announce that the project is finally ready for launch.

Today marks the launch of a new educational initiative called the SHPAMEE project. SHPAMEE is short for Spam, Hoaxes, Phishing and Malware E-mail Examples and replaces the current Hoaxes, Spams & Scams section of our website. The main goals of the new project will remain the same as the old one, but the SHPAMEE project features several new enhancements and improvements over the old project:

  • Full headers of e-mail examples will now be published.
  • Names (aliases) and contact details of perpetrators will no longer be removed from the examples, but will be published along with the examples.
  • More emphasis will be placed on the techniques used by spammers to bypass spam filters and these techniques will be highlighted more prominently.
  • E-mail examples will be categorised and grouped more effectively, combined with an integrated search feature, something that was missing from the previous project.
  • An RSS feed will be updated each time when a new example is published. This will help users to stay up to date with the latest examples published on our site. The RSS feed will also be used as an alert service, where possible, to warn subscribers about the latest spam outbreaks (however the main purpose of this project remains education).
  • E-mail examples will be discussed in greater detail.

Why replace the old project? A lot of work was done behind the scenes to simplify our job of publishing these e-mail examples. Too much time went into the preparation of the e-mail examples, so we had to find a way to publish the examples in a more efficient way. I'm still not completely satisfied with the current publishing model and I'm constantly working on improvements, but the new system saves us a lot of time and the time saved during publishing is used to investigate and discuss the examples in greater detail. The number of examples in the database might be disappointing at first, but we plan to add new examples on a regular basis. We could cut back on the time spent on investigating each spam example, to publish more examples in a shorter time frame, but we do not want to sacrifice the quality of our comments and the background information about each spam example. After all, this is what the project is all about, publishing interesting and valuable information about these examples to educate the Internet community. We still have a huge backlog of examples to publish, quite obviously, because there is never a shortage of spam examples to investigate.

But now a little more about the reasons behind the creation of this project.

There is still a huge problem among Internet users when it comes to the identification of spam. I get loads of requests from people who want me to take a look at some dodgy e-mail to confirm whether it is legitimate or not. Most of these dodgy e-mails are 419 scams and it is shocking to see that there are so many people who are still unaware of these scams, not even to speak of their inability to identify these e-mails as fraudulent. Many people might say: "That's easy for you to say, you work with these scams everyday, so it is easy for you to spot a scam when you see one". Perhaps so, but it is not rocket science to identify a 419 or phishing scam, you just need to use common sense and a little bit of scepticism. There are always certain elements in these e-mails that do not add up and the scammers make these mistakes over and over again.

Identifying a spam e-mail before opening it, is crucial, because spam is the cause of several problems like malware, fraud, distribution of illegal and harmful substances, porn, piracy, identity theft and even more spam (yes, one spam e-mail can be the igniting spark for a forest fire of spam). I mentioned earlier that we will use this project as an alert service where possible, but the main goal remains education. Why so much emphasis on education, isn't it more important to get the word out on new threats and outbreaks? Well, from my point of view I believe education plays a larger role in our defences against cyber crime.

My biggest problem with any alert service is the fact that many threats need to occur before one can take notice of them. There is always a delay between discovering a threat and alerting the public about it and a lot can happen during this time. Another drawback about an alert service is the fact that it can only reach the people who are subscribed to the service (unless you make use of mainstream media off course), so not everyone gets the message. Education on the other hand enables people to think for themselves and helps them to asses the situation on their own terms, based on their knowledge and previous experience. This means the threat is isolated more effectively and buys more time for the alert services to get the word out. So I'm not against an alert service, I simply believe that education will enable the community to adapt to new threats much quicker than a community relying on alert services alone to keep them safe. Your best weapon would therefore be a combination of education and alerts.

I guess a lot of people are wondering why we didn't publish the names and contact details of spammers and scammers along with the examples in the previous project. A spammer never distribute spam under his/her own name, so the spammer will use an alias and the originating e-mail address is often spoofed. So the details are basically useless and our focus was never on the people behind the spam, but more on the mechanics of the spam examples. It is more about the things that spammers do than the persons distributing the spam. However we realised that it would be an additional benefit for the community if we published these phony details along with the examples, especially with 419 scams. This means that you that you are not only educating people about the schemes of a 419 scammer, you are also alerting them about the aliases, e-mail address and telephone numbers used by these swindlers. So as you can see we are back at the ideal of combining education and alerts into a powerful weapon against cyber crime.

Through the SHPAMEE project and a series of educational articles in the weeks to come, I plan to educate the Internet community about the common flaws made by spammers. But what if the spammers start to pull up their socks and correct their mistakes? Spammers will always make mistakes and it is our goal to stay up to date with their latest tricks and gimmicks and communicate these deceptive techniques through the SHPAMEE project.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

Wednesday, May 14, 2008

The Streetwise Guide To PC Security

We are halfway through May already and speaking of which, we are almost halfway through the year already. But what progress have we made in terms of cyber security. Spam is on the rise, malware infections are on the rise, botnets are growing bigger and more Internet users are turning into advance fee con artists. Pretty grim picture isn't it? No, I do not want to sound pessimistic, but the reality is that no piece of computer security software can protect you completely against Internet based threats. What am I saying... throw away all your spam filters, firewalls and anti-malware applications? No, not at all, they play an integral part in our protection against cyber threats, but even the best tools in the world can fail dramatically if they are not used by streetwise cyber citizens.

I guess most of you are glaring at your screen right now, asking yourself, "what the hell is he talking about?" Lets take two persons and put them in a dangerous neighbourhood, the one person is a high profile celebrity dependant on his bodyguards to keep him safe and the other person is a normal guy who grew up on the streets and learned to take care of himself. Which one is the most likely to survive, all by himself, in this dangerous neighbourhood? The latter of course. Why? Because he is streetwise, he doesn't need fancy tools and bodyguards to take care of him, he knows how to think for himself and what to look for in order to stay out of the heat. Computer security is a lot like that, you don't need to be an Einstein to stay safe in the online world, it is no rocket science to be streetwise, you just need to how to stay on top of your game, you catch my drift? Right, enough street slang, so lets get to the point.

I stumbled across a very interesting article about PC security, published by BitDefender. A BitDefender employee told me that the article is quite old, but nevertheless, it is a generic set of PC security rules that are still very applicable to computer security these days. I have a lot of positive things to say about this article, but it is not without some criticism, so without any further ado, lets take an objective look at the list of rules called the Ten Commandments for Your Computer Sanity.

"1. Don't assume anything. Take some time to learn about securing your system."

Perhaps the single and most important rule of them all. If you are not sure, ask for advice and try to understand why it is important to take certain precautions, don't just assume that's the way things are done.

"2. Acquire and use a reliable anti virus program. Select an anti virus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of anti virus software."

So many people go out and download the first anti-virus program that pops up on their screen. Malware infested products are marketed very aggressively, so these less known, but dangerous applications often occupy top spots in search engine results and online contextual advertising, so never trust a download just because it appeared in the search results of your favourite search engine. Visit Spyware Warrior for a comprehensive list of rogue anti-spyware products.

"3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall, which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic."

Firewalls were once a thing for computer experts and large corporations only, it was uncommon to find a firewall installed on a normal end user's computer. Like mentioned in the rule, we even have firewalls built into our operating systems these days (not that it really helped the online community in any way when I come to think of one specific operating system). But the necessity of a firewall increased in the last couple of years and it is irresponsible and suicidal these days to browse the Internet without a proper firewall that provides bi-directional protection. You need to know what is transmitted to and from your PC. You don't want malicious code to infiltrate your system and you don't want confidential and sensitive information to leave your PC without your consent.

"4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt."

If more people can adhere to the first part of this rule we will have a lot less virus breakouts and spam. Each time you open a 'harmless' spam e-mail you give the spammer reason to send more spam because you respond to his e-mails. I have discussed this topic a hundred times before so I'm not going into it once again. With regard to the latter part of this rule, it won't be wise to ask for a confirmation from the sender in my humble opinion, you are just looking for more spam by replying to an unknown source. With so much e-mail forgery happening these days, it is anyway a complete waste of time to respond, because the sender's e-mail address is most likely invalid or spoofed.

"5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated anti virus program."

Once again, the first part of this rule is a piece of gold and can save you a lot of headaches if you stick to it, but I do not agree with the latter. It is almost like saying: "Don't shoot yourself with a 9mm, but if you want to, go ahead and take a peek down the barrel to make sure you are using blanks". If you get an e-mail with a suspicious or unexpected subject and on top of that some executable file, Word document, PDF, ZIP or any suspicious file attached to it, don't mess around with the bloody thing, delete it.

E-mail scanners have been with us for quite some time. The e-mail scanner of an anti-virus package uses the same database as the file scanner, so if an e-mail gets past your e-mail scanner, using the latest virus definition database available, what makes you think that the file scanner will do any better? Should you trust an attachment just because your anti-virus program told you the file is clean? A suspicious attachment from an unknown source has a 99.9% chance of being malicious, so why even bother scanning it? Many inexperienced users don't even know how to save an attachment and run it through an anti-virus scanner, so they walk a big risk of infecting themselves. My advice, if you don't know how to handle suspicious files properly, stick to the first part of this rule and ignore the latter.

"6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic."

Pure words of wisdom. Many people simply assume that friends and family enjoy receiving junk chain letters and unbelievable, ridiculous stories that you need to forward to everyone in your address book. Who needs spammers if you have friends like this? Apart from spamming all your friends and breaking anti-spam laws, it also comes down to bad e-mail etiquette. The fact that your friends are on your mailing list does not give you the right to send them anything you want. Take your recipients into consideration and think before forwarding jokes, petition lists, chain letters and other kinds of junk mail to them.

"7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary."

There is a lot of truth in this, but unfortunately this is easier said than done. The blame lies on the side of software developers and not the end user installing the software. Ordinary users simply install the software and use it whenever it is needed. Little do they know that the software is running 24/7 in the background eating up valuable system resources. These programs put themselves in the Windows Start-up without informing the user about it, or the option to load the software at Windows Start-up is often pre-checked during the installation, so the user has to opt-out to prevent this from happening. These pre-checked options are often missed, because the user simply rushes through the 'easy' installation process. There is a reason why certain developers make the installation procedures so easy.

When I analyse HijackThis logs of malware victims, I often see loads of auto-update managers, system tray utilities, P2P clients and all kinds of 'junkware' loaded in the Windows Start-up. These users are always stunned by the sheer performance of their computers after I removed all these useless applications from the Windows Start-up. Ask someone to check the Start-up section of your PC and remove all the redundant entries. You will be amazed to see what difference this can make in your PC's performance. Don't leave file-sharing software like LimeWire, Shareaza or KaZaa running in the background all the time, they create a weakness in your security setup and make it easier for hackers to gain access to your system. As the rule says, these programs should rather be avoided if possible.

"8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist."

Most people are guilty of not updating their system on a regular basis. But there is a reason why people are afraid of updating. Remember what happened when Service Pack 2 of Windows XP was released for the first time and if I am not mistaking, history repeated itself with Service Pack 1 of Windows Vista this year.

I know one should lead by example, but I am perhaps the worst of them all. I haven't updated several of my applications in years, because I am happy with the versions I am using at the moment and don't want some update to screw everything up. If you stick closely to rule number one you automatically take your computer security to the next level. If you pay attention, to which sites you visit, which files you download and which programs you install, you can easily skip this rule for years without any malware incidents at all. Still it is wise to update your software when you have the chance. It is better to fix a broken wall even if you are never bothered by the outside world. The problem is however, you never know when the outside world might start to bother you, so rather be prepared than sorry.

"9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an anti virus program has already verified the files at their source."

Will you use a box of aspirins, from an unknown source, left on your doorstep? Off course not, even if you are familiar with the specific brand of aspirins, you have no idea where they came from. How can you be absolutely sure that they are really aspirins? Well, the same goes for computer files. If you can't verify the reliability of the source of a specific file, how can you trust the contents of that file? You have no idea where the file has been and you have no idea whether the contents of the file is really what it should be.

"10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in."

Backups, ah the one thing that no one ever does. Have you ever thought about what you can loose if you suddenly got infected with malware? What if a cracker gains access to your PC and delete your favourite music collection? Backups play a very important role in PC security, especially when it comes to system recovery after a malware infection or system failure. Any proper security setup should have solid backup policy. Without backups you will never fully recover from a severe system crash. Backups are your insurance against data loss. So if you are not in a habit of backing up your most important documents and data on a regular basis, rather start doing it before it is too late. BitDefender's Total Security can be set to perform automatic backups for you.

We live in an age where we can't rely on software alone to protect us from online threats. You are responsible for your own safety online, software applications like firewalls and anti-virus programs are only tools to help us in situations where things are out of our hands. Your personal computer security depends on your willingness to stick to these rules, being vigilant and using common sense. Treat everything as a threat until you can prove otherwise, this is the safest approach in the digital Wild Wild West.

If you have anything to add to this list of rules, feel free to leave your comments.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Tuesday, April 15, 2008

I Need a Proxy, Everybody Wants a Proxy!

Do a search for the phrase "I need a proxy" and you'll see what I'm talking about. Requests for the latest proxies are normally encountered on Q&A communities like Yahoo! Answers, WikiAnswers and Answerbag, but you will also find people on forums, constantly asking for the latest proxy to bypass Internet filters at school or at work. Unfortunately, these people fail to realise that firewalls and Internet filters are there for a reason.

I guess I'm not going to be very popular after publishing this article, but this is really a big problem and one that needs to be addressed very quickly before it grows into another digital snowball like spam and malware. IT departments spend a lot of time and money on network security. Restrictions are put into place, not only to protect corporate data, but also for the safety of everyone working on the corporate network. However, network restrictions are not only for the corporate world, these restrictions are also present at schools and even in our homes. But what is the use of protecting your data and privacy if you constantly have to deal with cyber rats eating their way through your defences from the inside?

A proxy is often blocked as soon as the network administrator becomes aware of the fact that it is used to gain unauthorised access to websites and other networks. That's the reason why people are constantly in search of brand new proxies and what scares me the most, is the rate at which these new proxies become available, it is so bad you can even regard it as another form of spam. The sad reality however, is that the people who use these proxies, either do not know a thing about PC security, or they don't give a damn about it. Browsing restricted sites via an illegal proxy exposes your computer to malware and hackers, putting the whole network at risk. Confidential and sensitive corporate information can easily be leaked and the privacy of every employee using the corporate network could be compromised due to the selfish acts of employees who can't walk between the lines. So you are not only putting your colleagues in a tight spot, your compromising your own security as well.

The most popular reason for a proxy is to gain access to social networking sites like MySpace, Facebook, Orkut or Twitter. Social networking sites are time and money wasters in terms of productivity, bandwidth and company resources. Instead of doing their jobs, people waste hours and hours of productivity during the day, by hanging out on social community sites. To add insult to injury, they don't use their own bandwidth to chill on these sites, they use company bandwidth, company computers and company printers to do what they should be doing after work. Kids browse these social communities instead of attending to their schoolwork, wasting their parents's money, or the money of the taxpayer if the government funds the school. Speaking of the government, what about government workers? Instead of delivering the services we pay for, they browse MySpace, Facebook, Orkut or Twitter with our tax money. (Some governments do not even have any network security to speak of, so they can access any site without the use of a proxy).

Don't get me wrong, I'm not against the use of social networking sites, but there is a time and place for everything and social networking sites do not have a place at the office or at school (unless you are the PR manager of the company maintaining the company profile on MySpace). Before everyone starts to call me a party pooper, accusing me of taking the fun out of the office, think about this: If everyone spent more time on their job and less time on social networking sites during working hours, we will get a lot more work done and will therefore have plenty of time to hang out with friends and family on our favourite social networking sites. Don't be mad at your boss for limiting your Internet access, the fact that you are using a proxy to bypass Internet filters and other limitations imposed by your employer, already tells me that you can't use the Internet responsibly. If you really need to use these sites, visit them after work or after school and if you don't have a computer at home, use a friend's computer or visit an Internet café. It has to be mentioned though, that 3rd party proxies are not only used to access social networking sites, but they are also popular for porn surfing and the downloading of pirated software, music and movies. These sites are far worse than social networking sites, because they do not only waste valuable man-hours, they are often loaded with nasty malware, a direct threat to the safety of everyone working on the network.

The bottom line is, companies invest a lot in computer security, computer labs at schools do their best to keep their networks safe and clean and parents invest in parental control software to keep their young ones from accessing harmful content on the Web. Still you get people who want to break down all these barriers, ignoring the damage they cause and the risks they create during this process. Bypassing the parental control software on the family computer can easily lead to a prohibited site where a sneaky rootkit finds its way into your system. It may log a credit card number here and a password there and before your folks know what's going on, they could be staring bankruptcy in the face. The same can happen at work or at school, your infected PC can cause a lot of problems for other people using the same network. Do you want something like this on your conscience? Proxies may have their uses, but they should not be used to cross digital borders illegally. If you are not allowed to visit a specific site at work or at school, then there's most likely a pretty good reason why you shouldn't visit it. If you choose to visit prohibited sites without proper authorisation, you risk loosing your job, getting suspended or even harsher network restrictions may be implemented. Think about it, is it really worth all that?

People are so touchy about this subject that when they ask for new proxies in forums or Q&A communities, they often warn you in advance not to bitch about why they shouldn't be using one. So next time when you run across someone asking for a proxy to bypass firewalls and Internet filters, don't waste your time explaining why they shouldn't be using one, don't expose yourself to insults and swearing, just refer them to this article.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Saturday, April 05, 2008

Anti-Spammers Suffer From "Spam Exceptionalism"

In response to the conviction of Robert Soloway, the "Spam King", Eric Goldman, assistant professor with Santa Clara University School of Law, who blogs about technology and marketing, stated that many Internet users may be happy to hear about Soloway's criminal prosecution, but law enforcement shouldn't necessarily rush into these criminal cases. Why? Well according to Goldman, spam is principally about speech and we should be very reluctant to criminalize speech-based behaviour. Goldman added that there's such an antipathy towards spam that there's almost a sense that anyone who ever engages in spam is so evil that they should be punished, an attitude that Goldman likes to call "spam exceptionalism". He believes that if people really thought about the issues, they wouldn't necessarily find spam any more invasive than other forms of advertising, like television commercials or junk postal mail.

So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?

So what are the basic characteristics of spam?
  • It is unsolicited;
  • It is obtrusive and a hindrance;
  • It needs to be managed and is therefore counterproductive;
  • The recipient of the message pays for it, not the sender.
If you evaluate the different forms of advertising against these characteristics, you soon realise that actual advertising is not nearly as invasive as spam. When advertising material bears all the characteristics mentioned above, you can't classify it as advertising anymore, at best you can call it spam (or perhaps a couple of stronger words). So lets take a quick peek at the different forms of advertising to see how spam matches up against them.

TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.

Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.

Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.

Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".

Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.

E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.

Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.

So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.

Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.

Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?

Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.

Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.

Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.

Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.

Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.

Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.

Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.

I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.

One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.