Spam has been a problem for email users for years, but the spam you get in your mailbox today is not the same as yesterday’s spam. Remember when your unwanted email messages consisted of “just” a few Nigerian scams, software ads and maybe some links to porn web sites? It was relatively easy to filter out and usually didn’t do you any real harm (although some of those graphic ones could certainly shock your sensibilities).
Over the last few years, though, spammers have become much more sophisticated. They’ve had to, as spam filters have gotten better. Now they have all sorts of little tricks to get around the filters. One of the most annoying is to use a string of words that make no sense together, in an effort to overwhelm the filters and make it harder for them to determine whether a message is spam or not.
I get questions from readers all the time, asking what these nonsense messages mean. They often don’t appear to be selling any product or even to have a link, so what benefit does the spammer get from sending them? The whole point is to confuse the spam filters that “learn” what’s spam and what’s not by analyzing all your messages. This makes your anti-spam software less effective so that real spam is more likely to get through later. The nonsense messages are sometimes called “selfless spam” because they aren’t actually directly benefiting the spammer who sends them, but benefit all spammers by messing up the filtering. You’ll also hear these messages referred to as “word salad.”
It’s also possible that some of those messages aren’t selfless after all. If the messages are in HTML format, they may have “web beacons” or “web bugs” embedded in them. These are tiny images that are very small (1 pixel) and usually transparent or the same color as the background of the message, so that you can’t see them. The image is linked to content on the spammer’s server, so that when you view the email message, your computer sends a request back to that server and the spammer knows he has a “live” email address. Your request also sends your IP address to the server, so now the spammer has that information as well as the exact time you downloaded the content (viewed the message).
One way to avoid having web beacons send your info back to spammers is to configure your email client not to download images whose URLs are embedded in HTML messages. The latest versions of most popular email programs have an option to do this, or you can use a text-based mail client. Newer email programs are set to block these images by default, so that you have to explicitly consent to downloading images. That’s why you may find that you get messages with the images missing.
Two ways to avoid having web beacons send your info back to spammers is:
- To configure your email client not to download images whose URLs are embedded in HTML messages. The latest versions of most popular email programs have an option to do this, or you can use a text-based mail client. Newer email programs are set to block these images by default, so that you have to explicitly consent to downloading images. That’s why you may find that you get messages with the images missing.
- Turn off the preview pane in each folder view that you set up. That still shows you the message subject line. You can do this setup through the View menu on the Outlook client. Click on View, and then click off the Preview Pane and the Message Preview items.
Spammers love special occasions. I’m writing this on Mother’s Day, and this morning I found several holiday-related spam messages in my mailbox, including ads for flowers, jewelry and one that advocated giving mom something much more intimate (just what I didn’t need to wake up to).
Of course, many spam messages today aren’t really advertisements at all, even if that’s what they appear to be. They’re actually phishing messages, and their intent is not to sell you a product but to get your personal information (credit card numbers, social security number, birth date, address, and so forth) so it can be used by the spammer to steal your identity or sold by the spammer to identity thieves.
For example, all those mortgage loan ads you get may not actually be from mortgage companies. Some of them are from people who want to lure you to a web site where you’ll fill out a bogus loan application. Of course, loan applications require all sorts of information that you would normally not disclose, such as all your numbers, your bank balances, employment history and much more that can be used by identity thieves. The same is true of spam messages that seem to be selling insurance, debt reduction services, and anything else related to financial services.
As more people become aware of spammers’ and phishers’ tactics and know not to respond to such messages, the bad guys have to either use deceptive techniques such as those described above to get a response, or in some cases, get downright nasty. I’m seeing more and more spam/phishing messages that contain subtle or not-so-subtle threats to try to get you to respond.
One recent message I got states that “
Some messages are a lot less ambiguous. Some folks are reporting getting blackmail spam – messages that threaten to kill you or your family members if you don’t send them money. Such messages fall under most states’ laws against making terroristic threats (or other, similar statutes), but of course, as with other online crimes, prosecuting can be difficult since you may not be able to track down who sent it and if you do, it may have originated in another country. Nonetheless, if you feel in danger from a threatening email message – and especially if the sender indicates knowledge of where you live and who you are – you should report it to local law enforcement and/or the FBI. You can file a complaint online at the Internet Crime Complaint Center (ICS) here.
Bottom line: spam isn’t going away anytime soon, and the spammers are getting sneakier and more dangerous. If you use email, you should be using a good anti- spam program like Sunbelt’s IHateSpam, and if a spam message does get through, you can no longer assume that it’s just an annoyance. Simply opening and discarding a message with an embedded web beacon can send the spammer what he wants: verification that your email address is working and in use and a good target for spammers. To protect yourself, you should avoid opening suspicious messages and configure your email program not to download remote images.
What new trends have you noticed in the spam you get? Are you getting more or less spam now than a year ago (and if less, have you implemented new anti-spam software or taken other measures to reduce it)? Do you get more or less of certain types of spam (such as graphical porn spam)? What type of spam do you find most annoying? Do you believe there is a “final solution” to the spam problem, or is it something that we’ll just have to live with, part of the price of using email?
Deb Shinder, MVP