Entries Tagged 'Spam, Scams' ↓

Author: CipherTrust

Email is the quintessential business communication tool, so when it doesn´t work like it´s supposed to, business suffers. Anti spam software is designed to protect your inbox from unwanted messages, but unless your system is properly trained even the best software misses the mark and flags legitimate messages as spam. These messages are referred to as “false positives.’

While consumer and ISP anti spam products focus on blocking messages and even consider some false positives acceptable, businesses require anti spam solutions that treat their messages as very valuable. Failing to receive critical messages in a timely fashion can do irreparable damage to customer and partner relationships and cause important orders to be missed, so eliminating false positives while maintaining high anti spam accuracy is paramount to any enterprise anti spam solution.

<b>What causes false positives?</b> Different anti spam solutions utilize different methods of detecting and blocking spam. Anti spam software typically uses content filtering or Bayesian Logic, an advanced content filtering method, to score each email, looking for certain tell-tale signs of spammer habits such as frequently used terms like “Viagra’ or “click here.’ Other anti spam solutions reference blacklists and whitelists to determine whether the sender has shown spammer tendencies in the past. A false positive can occur when a legitimate sender raises enough red flags, either by using too many “spam terms’ or sending from an IP address that has been used by spammers in the past.

<b>Minimizing False Positives</b> Although it takes a person only a moment to process a message and identify it as spam, it is difficult to automate that human process because no single message characteristic consistently identifies spam. In fact, there are hundreds of different message characteristics that may indicate an email is spam, and an effective anti spam solution must be capable of employing multiple spam detection techniques to effectively cover all bases.

A comprehensive anti spam approach involves examining both message content and sender history in tandem. By using a reputation system to evaluate senders based on their past behavior, a more accurate picture of their intentions and legitimacy can be discerned, and a solution´s false positive rate can be further lowered. Has the sender engaged in spamming, virus distribution or phishing attacks in the past? If not, the likelihood of their message getting past the email gateway just went up, and the chances of a false positive declined accordingly. If they have, an effective reputation system knows and flags the message.

<b>Self-Optimization</b> In order to be most effective, anti spam solutions must learn based on a recipient´s preferences. While most of us prefer not to receive emails containing the term Viagra, some medical organizations might need to receive these emails in order to process patient data. In order to best learn your organizational preferences, anti spam solutions should put filtered emails into a quarantine that allows users to review and make decisions as to whether a particular message is spam. Making this quarantine available to the end-user lowers the administration costs and increases the accuracy of the anti spam system.

Each time a user makes a decision about whether a particular email is or is not spam, the system becomes more personalized and intelligent about filtering email for that individual in the future. Over time, users find that they rarely need to review their quarantines anymore because the system has learned how to identify messages that are important to that user.

<b>Don´t throw the baby out with the bathwater</b> An effective, accurate anti spam solution aggregates multiple spam detection technologies, combining the benefits of each individual technique to stop spam while minimizing false positives. It also puts suspected spam into a quarantine that is available to end-users, and learns how to better identify spam in the future. To learn more about how IronMail can help your enterprise eliminate false positives while maintaining the highest spam accuracy rate available, download CipherTrust´s free whitepaper, ““<a href=”http://www.ciphertrust.com/files/forms/landing_template.php ?sp=CT-Ext_Newsletter_Articles&cr=anti_spam”>Controlling Spam: The IronMail Way</a>.’

About the author: CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “<a href=”http://www.ciphertrust.com/files/forms/landing_template.php ?sp=CT-Ext_Newsletter_Articles&cr=anti_spam”>Controlling Spam: The IronMail Way</a>’ or by visiting <a href=http://www.ciphertrust.com>www.ciphertrust.com</a>.

Originally posted 2005-03-23 00:00:22. Republished by Old Post Promoter

Author: Seamus Dolly.

Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash. To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. The issue, though, is the pretence of such mail.

You may not even have such an account as referenced. It doesn’t come from the account provider. It can use false S.S.L. references, to present an illusion of trust and security. It can prompt for immediate action on your part, alleging false log-in’s by persons unknown, and from countries unknown. If action is not taken, they can impress on you, that the account will be suspended or closed. Indeed, anything likely to work can be fabricated, to get you to the webpage suggested in the link or hyperlink. Note the word “suggested”. Likenesses to company logos are used to re-enforce “credibility”.

In fact, these phishing attempts actually look pretty good or realistic. So much so that any qualms of guilt or stupidity, experienced by a “conned party” are groundless.

Experience, specific education or forewarning, is all that prevents this type of charade from widening its base of “victims”.

The goal is to get you to type in your details, complete with credit card number and the rest can be guessed. Some damage is also absorbed by the organisation or company being misrepresented and they can do little about it but warn their customers what to watch out for, and issue security instructions. Indeed, it is from accounts at reputable companies that most passing trade learn the correct or most secure procedures. It is therefore important to read any material that they offer.

Generally though, reputable companies with a mind to preserve their integrity will tell you to log-in at their main page and proceed from there. Not through a link specific to your account!

Hyperlinks can mask the true domain that you’ll be brought to, with the text linked to www.anydomaindotcom (example, only), a replica or fake page. Only going to secure pages where one believes that “https” will do it, will always help but wholly unreliable. The “s” is an indication of a secure page, but are you at the right domain? Place your mouse over the link and the domain attached to such a link, should show itself. Viewing the source code is another way but some knowledge of it is necessary.

Another ploy, sometimes deliberate and sometimes “convenient”, is inserting a reference to the “legitimate company” anywhere after the domain name. Ex. https://www.anydomaindotcom/ebay/aagle/. Unwary victims may overlook the fact that “ebay” is not the domain, but see it anyway as a directory or file name. Anyone, anywhere can have a file or directory named like that of a company.

To make matters somewhat worse from an “easy to identify” viewpoint, the source code of the link can be represented as an I.P. address rather than its named counterpart. There are some tools that you can use at http://centralops.net/co/

>> and you can type in the I.P. address and cross reference it

About the author: Seamus Dolly and some examples are at www.CountControl.c om

Originally posted 2005-03-30 15:51:31. Republished by Old Post Promoter

At my used bookshop today we got a surprise email at the shop from Verizon both our ISP and phone company:

The credit card we have on file for your Verizon DSL Internet service was declined when we attempted to bill you $34.95 on 06/01/2004 for your most recent service fees. For this reason, your service could be suspended. Please visit our Account Information pages, located at http://account.verizon.net, and update your credit card information as soon as possible.

We pay our phone bill via check.

A look at the blind carbon copy field showed that they were sending emails to a randomly generated list of Verizon customers whose account name begins with the letter b.

What looks like a legitimate link to Verizon really takes you to http://secure-form-b.com.

A variation on the old PayPal credit card number scam.

Originally posted 2004-06-02 13:14:59. Republished by Old Post Promoter

From the feverish MT-Blacklist activity in my logs I’d say the gambling sites have become the biggest – albeit not the most disgusting – pests.

“In this day and age, it’s all about subtle manipulation of page rank,” said Cameron Marlow, the creator of Blogdex …

Porn Blogs Manipulate Google

A series of blogs used in a cross-linking strategy to boost the Google page ranking of three porn sites run by adult site operator CyberQuest was the unauthorized creation of an affiliate, the company said Wednesday.

CyberQuest Disavows Porn Blogs

Many months ago I engaged in an email exchange with someone at Blogger complaining about the sites only to get evasions. Thanks to the Wired story Blogger is finally shutting down the scam weblogs.

Originally posted 2004-08-08 08:53:38. Republished by Old Post Promoter

Because of my on and off problems with referral log spamming I decided to not install Refer on any of my new domains. Leaves me in withdrawal when I make a new post and while I have AWStats, Webalizer and Analog installed by my web host they aren’t good for a snapshot of the moment.

A couple of my new sites, like Sexy Pop Culture, are already getting false referrals anyway. Or something like that. Recently I learned that some sites post links, sometimes invisible to the naked eye but not search engines to sites they want Google to see them as being in the same ‘neighborhood’ with (for local rank as it seems to be called).

Nothing you can do about it. Since Google doesn’t penalize you with guilt by unwanted association it does no harm.

Originally posted 2004-05-10 07:19:10. Republished by Old Post Promoter

Surviving Website Identity Theft

Author: Greg Scowen

Every now and then you read about identity theft. I am not talking about the theft of you personal identity, sure that happens too, I am talking about the theft of a website’s identity. The big question is: What should you do if somebody with deeper pockets and more push creates a website similar to yours, stealing your limelight, and your hard earned visitors? Let me answer your question from my own experience.

Firstly, it is important to note that the actions I took when one of my sites identities was stolen worked for me, but may not be the best solution in your case. Please, always consult a professional for a second opinion before making ‘wallet bulge changing decisions!

Continue reading →

Originally posted 2005-06-26 17:57:37. Republished by Old Post Promoter

The SpamAssassin Custom Rule Emporium is the place to go for additional rules you can drop in to your SA config.

• BigEvil.cf is an additional rule set that is update very frequently between major SA releases. It contains lots of rules for recently discovered spam.
• EvilNumbers.cf is a group of rules focused on numbers that occur frequently in spam messages (phone numbers, IP addresses, etc).

From Jeremy Zawodny’s blog .

Originally posted 2004-03-22 05:22:31. Republished by Old Post Promoter

Author: Lawrence Deon

I´m literally inundated with questions on the subject of invisible text & hosting so in I thought I´d debunk some myths and give you the facts straight up.

What is invisible text? Invisible text is the body text that´s the same or similar color to the background. You know, the stuff you can very easily see on a page if you press Ctrl-A or highlight everything on the page with your left mouse button.

Will invisible text hurt your search engine rankings? Undoubtedly! If you attempt to use the same color text as the background color of your web pages the search engines will penalize you.

Why? The use of invisible text is commonly considered black hat seo by the search engines and a blatant spam tactic. If your visitors can´t see or read the text then what good is it anyway? It´s deceptive period.

Trust Google when they say in their Quality Guidelines & Specific recommendations to avoid hidden text or hidden links.

http://www.google.com/webmasters/guidelines.html

Now here´s why this topic is so interesting… and I know you´re saying, why should I worry or care about invisible text if I´ve never used any on my web site? Well the answer is simple.

You may be hosting invisible text on your website right now & not even know it. In fact you were never intended to know it… That’s why it’s invisible!

WHAT? Yeah… you may be getting duped!

So just what exactly am I talking about? I´m talking about your hosting company (usually the free ones) leeching your Google PageRank & building link popularity for their clients off your web pages & bandwidth. If you don´t think they do it… guess again. It´s a lucrative business.

Now with that said I´m not going to name or badmouth any specific hosting service. What I am going to do is tell you how to determine if you´re an unsuspecting victim.

Here´s an invaluable tool to help you detect search engine spam penalties!

http://tool.motoricerca.info/spam-detector/

Secondly, double-check your cached pages to see what the search engine robots actually see when they index your page. Look for additional links & advertising in the source code that isn´t in your original source code.

If you find additional advertising or links that aren´t on your current pages… your host MAY be killing your search engine rankings. The simple solution to this problem is to immediately transfer your domain to a trusted service provider.

http://www.tkqlhce.com/click-1604302-10294265

Now let’s talk about the invisible text you can’t see at all on a page. Yes, you could still be hosting invisible text. Even if you press Ctrl-A or highlight everything on the page with your left mouse button & nothing shows up!

Just for the record you’ll find some content management programs employing this very technique. Imagine my surprise when I discovered my PageRank 5 realty site had two sets of Meta keywords on my pages, easily seen when I view Google’s cached versions….

I was choked… especially since their user agreement didn’t disclose this fact!

Is using invisible text in cascading style sheets good? Nope!

There´s a new school of thought claiming you can use an alternative cascading style sheet (CSS) approach to placing invisible text on your web pages without penalty.

The theory is predicated on the premise that you could employ an external style sheet in another directory. There you´ d simply define a special class for a tag like < P > where the font and background colors are identical.

The claim is there´s no way for the current search engines algorithms to distinguish the color codes and penalize you. While this may or may not be the immediate situation it´s fundamentally WRONG!

Invisible text is invisible text & it’s spam.

Since many invisible text tricks utilize CSS positioning properties to hide their contents, you´ll soon see (if not already) the search engines employing advanced algorithms to find hidden text in CSSs.

If you subscribe to the CSS theory you´ll undoubtedly be revisiting your strategy or paying later by being blacklisted or removed entirely from the various search engine indexes.

Incidentally, before you roll the dice on this one you might want to consider the fact that the tool I just referred you to is only the beta version and the developer is already planning to add support for identifying invisible text in CSSs! Just how much more advanced and further ahead do you think the search engine techs are?

So what does it all mean to you & what should you do?

1.Check your cached pages for invisible text. 2.If you find Invisible text or advertising determine it’s origin 3.Read every user agreement very carefully 4.Take action & do something about removing it!

The bottom line lesson here is simple. Trying fool the search engines with Spammy tricks or hocus pocus schemes has never worked for long in the past. Don’t employ unethical spam techniques and don’t become an unsuspecting victim yourself.

About the author: Lawrence Deon is an SEO/SEM Consultant and author of the popular search engine optimization and marketing model Ranking Your Way To The Bank. http://www.rankingyourwaytothebank.com

Originally posted 2005-03-22 20:03:01. Republished by Old Post Promoter

Copyright 2005 Kurma Group

Don’t get offended, I was not speaking directly to you. I was speaking to the horrible companies who are stealing not only my affiliate commissions, but yours too!

These companies are called “spyware.” They specialize in invading a consumer’s computer through unethical means and then literally replacing YOUR affiliate ID with their own! It is almost as if you never even existed!

Not only that, they even steal your future affiliate commissions by making sure that all future IDs are automatically replaced with their own. Even more, they can make it so that if the consumer goes to a website, a pop-up for a competing website (with their own affiliate ID) pops up and makes it impossible for you to get a sale.

As you likely agree, this is a major problem and it gets bigger and bigger every day. The more we fight back, the slicker these companies get.

How much are they really stealing?

Continue reading →

Originally posted 2005-07-05 12:34:06. Republished by Old Post Promoter

As search engines bring more and more people to my weblogs I get more and more comments. Mostly sincerely felt comments (albeit not necessarily intelligent ones).

A few kids drop by to say “asfd.”

And a few people who think weblog comments are smart places to post advertising. I haven’t had much of the latter. Most of those folks go to the guestbook.

I found my guestbook hosting spam before I ever installed MovableType on the website. For a time I had one hosted by SignMyGuestBook but that seemed to turn into a spam magnet. Possibly because so many guestbooks are centrally hosted it is easy to run through the list, offering diamonds, Viagra and cellphone sex.

Guestbook spam dropped considerably once I installed Vizbook. But the spammers do make their way there. I sometimes think about dumping the guestbook. With the weblogs there are plenty of opportunities for people to leave comments.

For now I’m assuming that the guestbook keeps some spam out of the weblog, guestbook as garbage dump. I may eventually setup a weblog as a guestbook and kill Vizbook. It’d be easier to have a weblog guestbook match my site’s look and feel. And easier to zap the spam.

Originally posted 2003-08-31 07:50:24. Republished by Old Post Promoter