July 28, 2013

Email spam roundup for week ending on 7/28/2013

July 28, 2013

I haven't posted my email spam findings for a couple of weeks, mainly because the details haven't changed much since my last post.

In a nutshell, approximately 70% of my spam is weight loss "newsletters" that lead to Polish domain (.pl) web sites selling green coffee bean extract (a potentially harmful herb). These fake newsletters spoof well known TV personalities, like Dr. Oz, to persuade potential "marks" that the links are trustworthy.

The next most frequent type of spam continues to be an ongoing pump and dump penny stock scam, run out of Eastern Europe. The scammers continue to cause a devaluation of a particular penny stock, dropping its value from about 25 cents all the way down to a fraction of a cent. Normally, these scammers move on to another stock, which it appeared they were going to do. But, something happened and they have turned their attention back to the stock they pumped to death a month ago. A lot of investors lost a lot of money when the dump occured and many more may become victims of the ongoing scam, unless they are made aware that the odds are stacked against them by professional con men.

There are still a few Nigerian 419 scams making the rounds, trying to find gullible people who are willing to part with their money in the hopes of making millions left by somebody's allegedly dead relative overseas.

Finally, there were a few dangerous scams that contained links leading to malware exploit kit attacks. The destination web sites contain JavaScript routines that probe computers for unpatched versions of Java, or Adobe Reader or Flash, or particular exploitable Windows operating system files. If any of the targeted software is found on a computer, a malicious payload is downloaded and run. The next paragraph explains how this happens and what you can to to mitigate your risk.

The impact of landing on an exploit attack web page is tied to the user account privileges of the logged on user and whether JavaScript is allowed to run in the browser for unrated web sites or not. People who operate as less privileged users are much less likely to become silently exploited without notice than those operating as computer administrators.

As for allowing JavaScript to run, or not, the Firefox browser supports an add-on called NoScript that blocks Java and JavaScript by default, unless you specifically choose to allow it, on a site-by-site basis.

What you can do to block spam and scam email.

First and foremost, use whatever tools are available to your email reader to reroute suspected or known spam to a spam folder, or have it automatically deleted, rather than delivered to your inbox. Web mail (browser based) users have less control over what is or isn't spam or a scam that people using desktop POP3 email clients.

If you do use a desktop POP3 email client, such as Windows Live Mail, Outlook, Thunderbird, etc, you can create rules that may reduce the amount of spam and scams you have to deal with. You can also choose to disallow downloading (potentially hostile) attachments (and even images that may contain spam messages and URLs) altogether.

Better yet, desktop email client users can install MailWasher Pro, which is a POP3 email screening security program that I have been using for almost a decade. MailWasher allows users to write very sophisticated spam detection rules, with multiple conditions, including the use of Regular Expressions. Plus, I happen to be the author of a set of custom spam filters that can be installed into both the old and new versions of MailWasher Pro. My spam filters are regularly updated to detect and delete most types of spam, such as they ever-changing green coffee/weight loss herb scams.

Stay safe online. Operate as a less privileged user, understand how to recognize spam and scam emails, then delete them manually, or automatically with filters, and most importantly, maintain an up-to-date anti-virus program on each computer you own.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

July 14, 2013

Email spam and scam roundup for the week ending July 14, 2013

July 14, 2013

This past week has seen a major increase in the amount of email spam for weight loss herbals, all of which are promoting a possibly dangerous and expensive green coffee bean extract.

I investigated this so-called miracle diet herb and ended up on WebMD. There, real users posted their findings, which are diabolically opposed to the rosy picture painted by the affiliate web pages promoting this junk. A lot of people taking green coffee bean extract got sick from it. Almost no one lost weight, except from having cramps, diarrhea, or vomiting, which stopped when they stopped taking the capsules. These are not a miracle weight loss solution. They are mostly a ripoff. Anybody buying this stuff as a result of a spam email will be enriching the spammers who are paid affiliates in the underground pharmaceuticals trade. If you must try this green coffee shit, you can buy it super cheap from your local Walmart (less than half the price of the spamvertised bottles). Then return it when it makes you sick.

The next busiest category of spam is sent from the former Soviet Union, where miscreants are running an ongoing penny stock pump and dump scam. They have succeeded in running the last stock they pumped, HAIR, into the ground. They are just now launching a different scam campaign pumping, then dumping another penny stock, trading as NOST, which will be run into the ground as well. A lot of suckers are taken in by these pump and dump scams and most lose all of the money they invested. Please don't fall for a pump and dump scam! The odds are stacked against you.

The third most seen category of spam last week was Nigerian 419 scams, offering huge money for processing fees. Those fees have been known to wipe out the fortunes of many greedy people who fall for this ages old con game. A fool and his money soon will part.

The fourth category I intercepted were malware attachment scams, which arrived in the form of a spoofed delivery failure form, an invoice or bill, a BBB complaint, a spoofed Facebook notification, etc. The filesize of most of the malicious attachments averaged about 137 kilobytes, all in the format of zipfiles. You need to be cautious about opening unexpected attachments and you must use an up-to-date anti-malware program to monitor every file downloaded, opened, or run, just in case.

Last, there were just a couple of Russian dating scam messages.

Finally, I hope that this information helps somebody hold onto their money, or health, which would otherwise be taken by cybercriminals and spammers, all of whom could care less about you or your well-being.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.


CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter


Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.


MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.





Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^