Email spam roundup for week ending on 7/28/2013
July 28, 2013
I haven't posted my email spam findings for a couple of weeks, mainly because the details haven't changed much since my last post.
In a nutshell, approximately 70% of my spam is weight loss "newsletters" that lead to Polish domain (.pl) web sites selling green coffee bean extract (a potentially harmful herb). These fake newsletters spoof well known TV personalities, like Dr. Oz, to persuade potential "marks" that the links are trustworthy.
The next most frequent type of spam continues to be an ongoing pump and dump penny stock scam, run out of Eastern Europe. The scammers continue to cause a devaluation of a particular penny stock, dropping its value from about 25 cents all the way down to a fraction of a cent. Normally, these scammers move on to another stock, which it appeared they were going to do. But, something happened and they have turned their attention back to the stock they pumped to death a month ago. A lot of investors lost a lot of money when the dump occured and many more may become victims of the ongoing scam, unless they are made aware that the odds are stacked against them by professional con men.
There are still a few Nigerian 419 scams making the rounds, trying to find gullible people who are willing to part with their money in the hopes of making millions left by somebody's allegedly dead relative overseas.
Finally, there were a few dangerous scams that contained links leading to malware exploit kit attacks. The destination web sites contain JavaScript routines that probe computers for unpatched versions of Java, or Adobe Reader or Flash, or particular exploitable Windows operating system files. If any of the targeted software is found on a computer, a malicious payload is downloaded and run. The next paragraph explains how this happens and what you can to to mitigate your risk.
The impact of landing on an exploit attack web page is tied to the user account privileges of the logged on user and whether JavaScript is allowed to run in the browser for unrated web sites or not. People who operate as less privileged users are much less likely to become silently exploited without notice than those operating as computer administrators.
As for allowing JavaScript to run, or not, the Firefox browser supports an add-on called NoScript that blocks Java and JavaScript by default, unless you specifically choose to allow it, on a site-by-site basis.
What you can do to block spam and scam email.
First and foremost, use whatever tools are available to your email reader to reroute suspected or known spam to a spam folder, or have it automatically deleted, rather than delivered to your inbox. Web mail (browser based) users have less control over what is or isn't spam or a scam that people using desktop POP3 email clients.
If you do use a desktop POP3 email client, such as Windows Live Mail, Outlook, Thunderbird, etc, you can create rules that may reduce the amount of spam and scams you have to deal with. You can also choose to disallow downloading (potentially hostile) attachments (and even images that may contain spam messages and URLs) altogether.
Better yet, desktop email client users can install MailWasher Pro, which is a POP3 email screening security program that I have been using for almost a decade. MailWasher allows users to write very sophisticated spam detection rules, with multiple conditions, including the use of Regular Expressions. Plus, I happen to be the author of a set of custom spam filters that can be installed into both the old and new versions of MailWasher Pro. My spam filters are regularly updated to detect and delete most types of spam, such as they ever-changing green coffee/weight loss herb scams.
Stay safe online. Operate as a less privileged user, understand how to recognize spam and scam emails, then delete them manually, or automatically with filters, and most importantly, maintain an up-to-date anti-virus program on each computer you own.