Title: SPAM
1SPAM
- What you can and cant do about it
2SPAM Overview
- SPAM
- Scope and cost
- Viruses
- Definition and examples (CCSF )
- Fraud and Phishing
- Types of phishing
- Some Examples
- Spyware
- From annoyance to identity theft
- CCSFs Barracuda SPAM filter
- Protecting yourself
3The Spam Problem
- Spam unsolicited email
- Ads
- Viruses
- Phishing
- spyware
- The Problem
- Volume / Annoyance
- Cost-Shifting
- Waste of Resources
- Fraud
4Spam as of total email
5Spam today
- March 2003 ? 45
- January 14, 2005
From http//www.appriver.com/ - up-to-the minute
statistics
6Has this happened to you?
- Email undeliverable notices for email you never
sent? - Requests to confirm account numbers, PINs,
Passwords? - Microsoft emails containing updates or
fixes? - Administrator_at_ccsf.edu orThe ccsf.edu support
team messages
7Email undeliverable
- Mail from your email address sent to people all
over the world - Causes
- Mining Spammers gather email addresses from
- Intercepted email
- Spyware planted on users computers
- Spoofing Spammers use your email address to
disguise their messages
8Microsoft emails
- Contain fake updates with viruses
- Microsoft never uses email for updates
- http//office.microsoft.com/OfficeUpdate/
- http//windowsupdate.microsoft.com
- Virus protection preinstalled on all CCSF
computers - Automatically updates for latest virus data
- Updates happen in background no messages appear
9Administrator_at_ccsf.edu
- Messages claiming to come from our ITS admins
- Ask for info because account is expiring
- Verify by sending password
- Unsigned (and misspelled)
- Never genuine! We dont
- Email confidential security/personal info
- Send unsigned messages
- Misspell
10Recent examples 1 CCSF support
- The W32mydoom virus carried by this message sent
to many CCSF email addresses
Dear user of ccsf.edu, Your account has been
used to send a huge amount of spam during the
recent week. We suspect that your computer was
infected by a recent virus and now runs a trojan
proxy server. Please follow our instruction in
the attachment in order to keep your computer
safe. Virtually yours, The ccsf.edu support team.
11CCSFs policy.
- Users Delete this virus/hoax
- Email Admin Took action to block these messages
as soon as known - Our policy statement
- CCSF PERSONNEL WILL NEVER SEND OUT A MESSAGE
ASKING FOR ACCOUNT INFORMATION OR INSTRUCTING
USERS TO OPEN AN ATTACHMENT THAT RELATES TO THEIR
ACCOUNT THAT IS NOT PERSONALLY SIGNED BY A
SYSTEMS ADMIN - (i.e., with a name such as Shirley Barger, Anne
Morris, Doug Re, whomever). "Virtually yours,"
"The CCSF Team", "CCSF Administrators" and such
AIN'T our STYLE, and it won't be.
12Recent examples 2 CCSF user
- Email on Faculty Listserv from "Rbalestr
From "Rbalestr" To
"faculty_at_ccsf.edu".GWIA.sfccd_at_ccsf.edu Date
Saturday - September 18, 2004 650 AM Subject
Faculty Re jvwdtbyfru.bmp (3958 bytes)
View Save As foto2.zip (36606 bytes)
View Save As Mime.822 (57943 bytes)
View Save As
13Recent examples 2 Carried a virus
- Email on Faculty Listserv from "Rbalestr
From "Rbalestr" To
"faculty_at_ccsf.edu".GWIA.sfccd_at_ccsf.edu Date
Saturday - September 18, 2004 650 AM Subject
Faculty Re jvwdtbyfru.bmp (3958 bytes)
View Save As foto2.zip (36606 bytes)
View Save As Mime.822 (57943 bytes)
View Save As
File carrying a Virus!
14Other examples.
Fake craigslist msg w virus From
administration_at_craigslist.org To
johnkerry_at_whitehouse.gov Subject Important
notify about your e-mail account. Hello user of
Craigslist.org e-mail server, Your e-mail account
will be disabled because of improper using in
next three days, if you are still wishing to use
it, please, resign your account information. Pay
attention on attached file. For security reasons
attached file is password protected. The password
is "13545". Cheers, The Craigslist.org team
March 2004
15Fraud
- Fake Subject lines disguise content
- Remove links gather addresses
- Spoofing of identity
- Fake From addresses in email
- Disguised server sources implicate innocent
parties - False claims, phishing
16Phishing
- Attempts to gather confidential information
- Credit card s
- PINs
- Account s
- Passwords
- May use original sites graphics
- Return addresses/links mimic originals
Since August 2003, most major banks in the USA,
the UK and Australia have been hit with phishing
attacks
17Confirm account numbers
- Phishing for confidential information
- Growing fraud phenomenon
- International
- Recent organized crime involvement
- Spam for
- Siphoning money
- Identity Theft
18Unsophisticated Phishing
19Sophisticated Phishing
20New Tsunami phishing scams
From USA TODAY (Edward Iwata and Martin
Kasindorf) The FBI is investigating dozens of
bogus Web sites that prey on potential tsunami
donors by mimicking sites of well-known
charities, FBI Special Agent Tom Grasso said
Monday. Con artists also are using variations of
the Nigerian "419" scam.... The e-mail authors
claim to be government officials, bank officers
and poor farmers who have lost loved ones in the
tsunami.
21Phishing increases
- From latest AntiPhishing.org report
- December 2004
22Phishing updates
- http//antiphishing.org/
- Up-to-date examples and descriptions of phishing
scams - Examples Amazon, eBay, AOL, Washington Mutual
- http//survey.mailfrontier.com/survey/quiztest.htm
l - Good information provided after you take a quiz
based on actual emails, real and fraudulent
23Spyware
- Programs installed secretly on your computer as
you browse the Internet - Purposes
- Pop up ads change home page
- Capture keystrokes as you enter passwords,
logins, etc - Gather Info about
- browsing habits
- email addresses/passwords/credit card s
24Combating Spyware
- Combat with free programs
- Spybot Search and Destroy (www.safer-networking.o
rg) - Ad-Aware (www.lavasoft.com)
- Yahoo New free toolbar contains anti-spyware
program, popup-blocker - Microsoft Beta tool for Windowshttp//www.micros
oft.com/athome/security - Summary info at http//www.ccsf.edu/vfascio/spampa
ge
25CCSF New Spam filtering
- Barracuda Spam-filter
- Applied starting November 2004
- GroupWise email only
- MUCH less Spam in Mailbox
- Separate Quarantine area
- Quarantine message once a day
- User control over Spam
- Whitelist Addresses always allowed
- Blacklist Always blocked
26CCSF (informal) Spam stats
- 2003 25-50 filtered out
- ½-1 hour/day of GroupWise administrators time
- March 2004 65-75 filtered
- Feb 2005 80 filtered
- 118,000 messages a week!
- Current 6000 domains / addresses blocked
- List grows daily
27Barracudas 4 categories
- Definitely Spam/Virus
- Not allowed through system
- Likely to be Spam
- Sent to your Quarantine area for you to
review/delete/allow - Maybe Spam
- Tagged with BULK in Subject
- Sent to Mailbox
- Not Spam ? Sent to Mailbox
28Quarantine message Web
- Once a day, youll see this message (Web client)
- You can take limited action but
29Accessing Quarantine Web
- For more control
- Scroll to end of message
- Click link at end click here
- Takes you to your quarantine area
- See all quarantined messages
- Act on them
30Quarantine message Windows
- Once a day, youll see this message (Windows
client) - Click long link at end
- Tip Click first or last lines
- Takes you to your quarantine area
- See act on all quarantined messages
31Quarantine area
- Deliver
- Just deliver the mail. Make no change to
filtering parameters. - Whitelist
- Deliver and always allow message from this sender
- Delete
- Just deletes without changes to filtering
parameters. - Classify as Not Spam
- Deliver message and updates Spam filter.
- Classify as Spam
- Delete and update Spam filter
32Barracuda tips
- Look at the Barracuda SPAM message regularly
- Go to your SPAM link
- Delete Spam
- THEN
- DELETE Barracuda SPAM report messages
- They are big!
- Fill up your email space unless deleted
33Be Vigilant
- Protect your email address - treat it like your
phone number. - Never email passwords, credit card numbers, or
other personal information. - Don't post your email address in public places.
- Never respond to unsolicited email or click on a
URL or web site listed in spam. - Never forward spam chain letters.
34Protect against viruses
- Dont open suspicious attachments even from
friends - Check to see if they have actually sent attached
docs - At CCSF
- Desktops automatically update Virus SW
- Laptops Lucky owners must actively keep CCSF
virus SW updated (Windows and Mac) - At home Get a Virus checker
- Keep it updated!
35Virus Vigilance
- Look at email attachments
- Suspicious signs
- Nonsense names
- Names ending with any of the following .zip
.scr .pif .exe .vbs .com
36Protect against Spyware
- Use at least one Spyware catcher
- Free Ad-Aware (Personal edition)http//www.lavas
oft.com - Free Spybot Search and Destroyhttp//spybot.safe
r-networking.de/ - Free (So far) Microsoft betahttp//www.microsoft
.com/athome/security/spyware/ - Not Free SpySweeper (30/yr)http//www.webroot.c
om - Mac MacScanhttp//macscan.securemac.com/
37Dont contribute to Spam
- Use the BC email field for groups outside CCSF
- BC Field hides addresses
- May help get msgs to Yahoo, Hotmail recipients
- Helps prevent address capture by spammers
38Dont look like Spam
- If you want people to read your email messages
- Make your email Subject lines count
- CNIT 3/22 meeting minutes
- Not Info
- Dont use suspicious Subjects
- Hi!
- Pix
- Re
- Dont leave subjects blank
39Spam / Spyware Resources
- Search on Spam facts
- Your ISP for Spam info
- http//www.pcwebopedia.com/quick_ref/SpamGuide.asp
- http//biz.yahoo.com/pfg/e15credible/index.html
(Suze Orman on Spam Scams) - For fun http//www.mailmsg.com/SPAM_python.htm
- Spyware http//www.microsoft.com/athome/security
/spyware/
40Identity Theft Resources
- Search on Identitytheft athttp//www.sfgov.org/
- Prevention tips
- What to do
- to find out if your identity has been stolen
- after the fact
- http//www.fightidentitytheft.com/
- Good clearinghouse of information
41Updates
- General
- http//news.yahoo.com/fc?tmplfccid34intechca
tspam_wars Excellent updated news links site - http//www.spamanti.net/en/
- http//www.microsoft.com/athome/security/
- Good source for Windows OS updates and general
information - Phishing and Organized crime
- http//www.ftc.gov/ftc/consumer.htm
- Government site on many aspects of spam and crime
42Final note
- From CAUCEthe Coalition Against Unsolicited
email - http//www.cauce.org/
According to the European Commission, the costs
of spam to businesses and consumers have been
estimated at USD 8 billion/year. Pressing
doesn't recover those costs.