Innocent Bystander

A little tech, a little current affairs, and my view on whatever has my attention at the moment...

Current Terror Alert Level
Terror Alert Level

Friday, October 07, 2005


So with the previously mentioned move the Bystander got some new e-mail addresses. That means that the widely distributed spam baiting bit buckets that the Bystander used to have no longer work.

Now I've been carefull with my addresses. I actually have used a "bait" e-mail address for web site sign-ons and such in order to minimize the amount of spam coming in to my inbox... At least for the account I actually care about. It worked pretty well for a while, although after about 8 months even my primary e-mail account started seeing spam too.

On top of that I run a great and free spam filter called Spam Bayes, this little program is a plug-in for Microsoft Outlook and it catches 95% of the spam sent to my account, with very few false positives. Now when you're getting 75 to 100 pieces of spam A DAY 95% isn't too bad.

Occasionally I do look at some of the assorted crap that's sent to me, and I can't help but laugh when I look at it. The spammers try this stuff because A)it's cheap to do, and B) somebody actually fell for this foolishness.

Take for example the e-mail I got that of course was "addressed" to an e-mail address that wasn't quite mine. The sender wanted me to know about fantastic deals that I could get on cialis and viagra at their website. The trouble is, the sender called them Ciaglis and V1agara. Hmm, even if I was inclined to buy perscription meds off a website, something tells me that it's a bad sign when they can't (or won't) even correctly spell the meds they are supposedly selling.

Or how about the e-mail from Mr. Concord Stevens the loan officer at "the bank" (quotes added by me) telling me that I was approved for $32982 in credit, and that they've been trying to contact me for days and that I had to act now! Of course, the email address the email was supposedly sent to wasn't mine, and within 30 seconds I also received 4 more identical e-mails addressed to different e-mail addresses one from Elliot Carmichal, Phineaus O'Reily, and Marcia Peterson all claiming to be the loan officer at "the bank"...

A few weeks ago I got an e-mail from a nice sounding person at a bank in Lagos Nigeria. It seems a local oil tycoon died a few weeks ago and he had no heirs. He left behind $30 Million in his bank account, and this nice person at the bank was looking for some assistance in transfering the money out of the bank since there's no one to claim the money. If I was willing to send him my bank account and routing information he'd deposit the money into my account, and then transfer $20 Million back to him. If he couldn't get the money out of the country the corrupt Nigerian government would seize the money. The $10 Million would be my fee for assisting him. I figured what the hey, it's free money right? So I contacted the friendly bank person (with a disposable address not linked to me, I'm not a fool people!) that I would be happy to assist him. All he had to do is provide me with HIS bank account and routing information and I'd take care of everything for him. Oh, and my fee is $17 Million, non-negotiable, I thought it was pretty fair since I would be handling the transfers for him and helpfully reducing his workload, I'm sure he's a busy man so it was the least I could do for him... He never got back to me...

Then there's the phishing scams... And some of these are just plain evil. I can sniff out most of these scams pretty well, but one of them that just popped up a few months ago almost caught me. First rule when it comes to detecting a phishing attempt, look at who the e-mail is actually addressed to. Just like the loan and med spam messages I get, 99% of these phishing e-mails I receive don't actually have an e-mail address that belongs to me in the To address line. That's an instant tip off, the same goes for when I receive an e-mail from a website that I have an account with but use a different e-mail address than the phishing e-mail was sent to.

There are two real evil ones that seem to be circulating now though. One seems to be from PayPal, advising you that a new user has been added to your account. When I got this the first time, I resisted the urge to click on the link in the e-mail. Instead I opened my browser and went to PayPal and checked my account. Sure enough, everything was ok, and nobody extra had been added to my account. I keep a close watch on my PayPal account and was pretty sure that nothing could happen in there without my knowledge.

The other evil spam looks like it comes from e-Bay and that a user is upset because they didn't receive something that they bought from you. The "buyer" even threatens to report you to e-Bay if you don't come up with the goods. This one freaked me out, I was really concerned that somebody was monkeying with my e-Bay account. Cruising the cell phone sections on e-Bay I've found several hijacked e-Bay accounts being used as fronts for bogus auctions, so I was concerned that I had been hit. After going into my browser and confirming on e-Bay that there were no auctions going on without my knowledge I decided to look into this one further. After cranking up my firewall to it's highest settings, I clicked on a few of the links in the e-mail. While I wasn't surprised that the website I was taken too looked an awful lot like an e-Bay signon sceen, I was very amused that the website address in my browser's address bar was some obscure server that didn't even have e-Bay anywhere in the name. I mean come on guys you go to all that work to make a reasonably authentic looking e-Bay signon screen and you can't even make the web page address have e-bay in it somewhere?

So with the new e-mail addresses from the move I've been enjoying a brief respite from the flood of spam I used to get... That is until I took at look at some of the comments here in the blog. MY BLOG IS BEING SPAMMED!!!! Not just once so far, not twice, but FOUR TIMES! (although two are on the same post). How much of a freaking looser do you have to be in order to A) spam a blog, or B) come up with a program that can autonomously spam a blog! Sheesh! I mean it's nice to see that people are finding the blog, but this is pathetic!

So in an attempt to prevent this from happening in the future, or at least to cut down on it, should you try and comment on a post you'll now have to enter a little code that blogger will provide you that proves that there's at least a live human making the post and not some spambot created by some deviant mutant miscreant.


  • At 10:29 PM, Blogger Spider Girl said…

    I love the little code thing.

    I'm so glad someone told me about it. :)


Post a Comment

<< Home