June 23, 2014

Big pump and dump stock scam flooding email inboxes again

June 23, 2014

Unless you're one of the people who hasn't opened their email inbox lately, or you subscribe to a spam filtering service, you are probably well aware that there is an ongoing penny stock pump and dump scam flooding email inboxes.

This particular spam run is pumping a little known stagnant stock trading as RNBI. This scam has been happening for most of the last week and continues as of this writing. It has already been covered by Dynamoo's blog and several other spam fighters. This stock was discredited shortly after its initial pump campaign, about a month ago. It is in effect, a shell company. The big players already own all the stock and are trying to pump it up then sell out at a profit, leaving Internet investors (the marks) as big losers.

The pump and dump spam emails often forge the name of well known stock trading companies and communities, like "Investors Hub." Today, they were using the "From" name: Money Runners. Tomorrow it will be some other forgery. Also, I have found that the messages including clickable links were all to non-existent domains. A scam all the way through!

At first, the spam emails mentioned the stock by its trading symbol. This only lasted about a half day. The next wave shifted the stock symbol to the "alt" attribute of an embedded image, in the html version of the body text. That persists today in some of the messages I captured. Basically, these scams are image spam, but containing gigantic paragraphs of nonsense sentences having nothing to do with stocks. Most of this junk text is buried behind a green or other colored background, below the actual spam image, which contains grandiose wording and the pumped stock symbol.

Today, I saw a brand new tactic used by the spammers to try to evade detection (it didn't work on me guys). Some of the spam emails are now using attached virtual business card files to carry the scam message. To avoid seeing the come-on, don't click on the link to open the attachment card. Avoid getting involved with pump and dump scams, unless you are prepared to part with most or all of the money you invest in them.

As always, I have been on this scam since I first saw it, updating my spam filters for MailWasher Pro users. I will continue to update my filters to fight this scam until it runs its course and disappears like they always do (when the perps cash out). If you don't use MailWasher Pro to filter out spam, and you use a desktop "POP3" or "IMAP" email client (program other than a browser), and you only have rudimentary spam filter rules provided by the email client, MailWasher Pro will be of use to you. There are both desktop and mobile versions available.

If you don't or can't use MailWasher Pro, perhaps because you only do email via http using your web browser, you may still gain useful insight by examining my spam filters. Using my spam filter conditions as an example, you may be able to cobble together some spam filters on your own, applicable to your email provider's user options.

Posted by Wiz at 12:44 PM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

June 1, 2014

Windows Live Mail spam filter rule to delete Russian domain messages

June 1, 2014

It seems to me that no matter what other types of email spam I get, Russian fake pharmacy links are always showing up. It appears to be their fallback money maker when other scams fail. This article describes how Windows Live Mail users can create a spam filter that blocks Russian domain messages.


If you are one of the many people Worldwide who bought into MailWasher Pro, you are probably already aware of and using my published MailWasher Pro Spam Filters. If you are monitoring that page using ChangeDetection.com, you are already aware of how frequently I have been updating my filters to respond to new spam tricks. I do this on a voluntary basis, working on my own time, with only a donate button to offer any chance of a payment.

While my spam filters can be added to MailWasher Pro using a simple, well documented procedure (explained on my filters page), folks using other email clients have to do more work to use them. Most modern desktop email clients and several of the better web browser based email systems allow users to create their own spam filters. The ones that work the best allow the use of Regular Expressions and multiple conditions (logical "AND" or "OR"). Windows Live Mail (WLM) has a half-decent spam rule system, that although it doesn't allow for Regular Expressions, can be used to at least approximate many of my spam filters. Instead of being able to combine multiple words or phrases into single line rules, WLM forces us to use plain text, one word or phrase at a time, which can then be combined using either AND or OR conditions. Rules can be set for various email fields, including the more important From, Subject and Body. The following is a rule I created to demonstrate how one might filter out Russian domain scam.

My definition of Russian domain spam includes email messages with Russian domains in the From field as well as in the message body. Russian domain names end in the Country Code: .RU (plus a few related former Soviet Union Country codes).

Spam Filter For Russian Domains

Step 1:
Open Windows Live Mail and click on the "Folders" tab, on the first row under the title bar. Look to the right side of the next bar down for "Message Rules" and click on its folder icon. A box titled "Rules" will appear. Click on "Email rules." Click on "New" and a New Mail Rule box opens. Inside the top box labeled "Select one or more conditions," click to check the top field: "Where the From line contains people." Over the bottom field you will see "To edit this description click the underlined words." Inside you will find: "Apply this rule after the message arrives" and "Where the From line contains people." Click on the link "contains people" to open an editing box, labeled "Select people" - then type in: .ru and press "Add" - or the Enter key, then click "OK."

Step 1b:
If there are other related domains you wish to include in this filter (e.g., .ua, .ro, .su, .lv, etc), add them one line at a time until you are done. Then click on Options button on the lower right to open the Rule Condition Options. Choose "Message contains the people below" and "Message matches any one of the people below" and click OK, then OK again. This takes you back to the "New Mail Rule" box, where more work needs to be done.

Step 2:
Back in the New Mail Rule box, go to the second group of options, labeled: "Select one or more actions." Scroll through the options and check the action, or actions you want to apply. It could be "Delete it," or "Delete it from server," or whatever actions you desire from the list. If you have many other personal mail rules and plan on moving this rule higher up the list, you might want to also select "Stop processing more rules."

Step 3:
At this point, if you wish to include Russian domains in links in the body text, repeat the process for the condition labeled: "Where the message body contains specific words." Open the edit box and type in: .ru/ and click OK. If you have been receiving spam from other domains from the former Soviet Union, add them to that list. Click OK, then look inside the bottom field for the word "and" - before the second (or more) conditions. Decide if you want to make the filter conditional upon all of the criteria ("and"), or if a match in any of the criteria will trigger the action ("Or"). If you want to change the option, click on the blue word "And" to open the And/Or option box and make your selection, under "Apply rule if:" - then click OK.

Step 4:
After you have inputted all the rules you have on hand you should rename the filter to something more meaningful than "New Email Rule #1" or whatever number it says. Erase those words and type in a name into the bottom input field.

Step 5:
Finally and most importantly, click the Save Rule button, then OK, to close the Email Rules box. If you forget the Save Rule step, all of your work will be lost! Any time you need to edit this rule, just go back to the Folders view > Folder Rules, and open that spam filter, then add or remove any new or unwanted terms from the various fields and Save it again.

You have now learned how to create a spam rule for Windows Live Mail.

New Email rules are always added at the very bottom of the list of existing rules. Rules are processed from the top down. If you create several rules to sort or delete various messages, you might want to move this one or another one higher up. Use the "Move Up" button after saving a new or edited rule to move that rule higher up the list. Use the "Move Down" button to lower a rule.

Posted by Wiz at 4:31 PM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.

CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.

Categories

Tag Cloud

Recent Posts

Popular Posts

Archives

Subscribe to this blog's feed
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^