How to block spam email fake ACH Canceled Payment messages
I was reading my website's raw access logs today and saw that one visitor arrived on my blog when he or she searched Google for this phrase: ach+payment+canceled+spam+how+to+stop. This article will offer suggestions to block such messages from your inbox.
First of all, you need to understand that you are not alone in being a scam and spam recipient. Almost everybody who sends, receives, forwards or replies to any email message will probably end up on some spam database eventually. Master Spammers compile email address databases using various means. Then, these addresses are sorted by country and sold to other, second level spammers. These spammers then rent the use of botnets to blast out ginormous amounts of spam email, to promote various products and services, for which the spammers are affiliates (paid by the sale, or per infection, or referral).
The ACH payment canceled scam which my visitor was asking about is not your typical type of spam message. It comes under the category I call "mal-mail," meaning it contains either a malware laden attachment, or a link to malware exploit attacks or downloads. This is a very dangerous class of email to allow into your computer's email client.
Here are some methods you can try to use to block the ACH scam emails from your inbox.
The solution I use and have been using since about the year 2000, is a desktop program that receives my email first, then analyzes it, then either leaves it available, or deletes it from the server. These decisions are based on several criteria, including one's own self created friends and black lists, checking world wide blocklists (e.g. SpamCop, Spamhaus, etc), a spam detection system of their own called FirstAlert, a learning filter and best of all, the use of user generated custom spam filters.
That program is named MailWasher Pro. It is written in New Zealand, by a company named Firetrust. The fact that one can write their own spam filters, or download the anti-spam filters I write and publish, enables people using this program to filter out such email-borne scams as the ACH Canceled Payment malware scams.
First of all, let me tell you who can or cannot use MailWasher Pro. If you fall into the latter group, skip this section and read about possible Webmail solutions.
You can use MailWasher Pro if you use a desktop program, known as an "email client" to send and receive email, via the POP3 or IMAP email protocol. It also works with Hotmail. Mailwasher does not work with browser based email. So, if you use your web browser to log onto Yahoo, or AOL, to do email, MailWasher cannot intercept your messages at all.
Common desktop email clients include the out-dated Outlook Express, Microsoft Outlook, Windows Live Mail, Mozilla Thunderbird, Pegasus (if still exists), or any other stand alone desktop email client that uses POP3 or IMAP email systems, rather then HTTP.
Normally, people using a desktop email client will set their preferences to automatically check for new messages at a certain interval. Some folks allow read email to remain on the email server for X days. Others, like me, delete it from the mail server as soon as we download it to our computers. If you get a lot of spam, like most folks do, you won't want to leave those messages on your email server. In that case, your best solution id to apply the option to delete them from the server when you empty your email client's Deleted Items folder. Most email clients have a checkbox to do this automatically, when you close the program.
In order to fully benefit from the spam filtering abilities of MailWasher Pro, you need to disable the automatic checking for email option in your email client. You'll let MailWasher do the checking for and filtering new messages at your preferred interval, then manually download the desired non-spam messages to your email client, using whatever button performs the Send/Receive function.
Without any further ado, here is my current set of custom filter rules to detect and block the current ACH scams. It uses a combination of plain text and "Regular Expressions" (RegEx) rules.
This filter is for the old version 6.x of MailWasher Pro. Select option for ALL of the following rules:
Body, contains: ACH
Body, contains: Transaction
Body, contains: Report
Body, contains, RegEx: Cancell?ed
Body, contains, RegEx: financial\ (body|institution)|bank
Body, contains, RegEx: details\ in\ the\ attachment|nacha\.(org|net|us)/reports?/|(?-i)Transaction\ Report:
Here is my ACH filter for the new XML version of MailWasher Pro. Select option to apply ALL of these conditions:
Entire message contains RegEx: (?-i)\bACH\b
Body, contains, plain text: Transaction
Body, contains, plain text: Report
Body, contains, RegEx: Cancell?ed
Body, contains, RegEx: financial\ (body|institution)|bank
Body, contains, RegEx: details\ in\ the\ attachment|nacha\.(org|net|us)/reports?/|(?-i)Transaction\ Report:
If you prefer to use my already compiled MailWasher spam filters, you can read about their use and download them from my Wizcrafts' Custom MailWasher Pro Filters page. There are filters for the old and new versions of MailWasher.
If you don't use MailWasher Pro, but do use a desktop email client, if it has "email rules" you can create, or "junk rules," create a new rule using the same criteria as I use in the MailWasher filters. If your email client allows the use of "Entire Message" then use the second set of rules. If not, use the first set. Make sure you choose the option for ALL of the conditions you add to the new email rule. For the action, you can choose "Delete" or "Delete it from the Server" - which means you never even see it.
As an example, here is how you can compose an ACH Fraud filter rule if you use Windows Live Mail or Outlook Express:
With the email client open, search your various options until you find the section that creates email/junk rules. Start a new rule, name it ACH Fraud, add the following rules and set them all to use AND rather than OR.
Where the Subject contains: ACH
AND
Where the message body contains specific words: ACH
AND
Where the message body contains specific words: Transaction
AND
Where the Body contains: Report
AND
Where the Body contains: cancel
Action: Delete or Delete from server.
Move this rule high up if you have other rules. The rules you can create in Outlook Express and Windows Live Mail do not allow for the use of Regular Expressions. Thus, you have to match spam with fewer conditions. This could lead to a false positive. It might be safer for you to set the action of such a filter to Delete, giving you a chance to look it over (in the Deleted folder), or better, view its Properties in safe, plain text.
If you use a different POP email client, read the Help file to learn how to create spam rules in it.
Webmail spam filters
Here is where you really are at the mercy of your email provider. Most free email systems provide you with the ability to block senders by name or domain, but not to create special rules based on words and phrases. Blocking the senders in spam messages only works if the sender contains a known spam word (like Viagra, Cialis, ACH, etc).
If you use Yahoo web mail, your "options" are severely limited for creating custom filters. You are allowed to specify a sender's account, or a partial email address. You can specify a word or phrase in the subject and another in the body and a few more items. Then, you set the action to send matching messages to the Trash. Finally, Yahoo has a checkbox option to send suspected spam to the Junk folder, which has the follow-up option to delete immediately, or once a week, every 2 weeks, or every month.
Users of Microsoft's Hotmail service, via their browser, are also limited in the spam filtering department. Once you login to your inbox, look over the the right top side and click on Options, then on More Options, fro the flyout menu. Under "Preventing junk email" click on Filters.and Reporting. The options for dealing with spam are pathetic. You can choose between "standard" or exclusive routing of mail. Standard means that Hotmail decides what is spam and what is not. It routs suspected spam to the Junk folder. Exclusive means that only senders you placed on the "safe list" are sent to your inbox. All other email goes to your Junk folder. That folder gets emptied every 10 days. Period. That's it. You can choose to report spam or not.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.