SPAM

1
SPAM

• What you can and cant do about it

2
SPAM Overview

• SPAM
• Scope and cost
• Viruses
• Definition and examples (CCSF )
• Fraud and Phishing
• Types of phishing
• Some Examples
• Spyware
• From annoyance to identity theft
• CCSFs Barracuda SPAM filter
• Protecting yourself

3
The Spam Problem

• Spam unsolicited email
• Ads
• Viruses
• Phishing
• spyware
• The Problem
• Volume / Annoyance
• Cost-Shifting
• Waste of Resources
• Fraud

4
Spam as of total email

• Feb 2004 ? 62

• March 2003 ? 45

5
Spam today

• Feb 2004 ? 62

• March 2003 ? 45
• January 14, 2005

From http//www.appriver.com/ - up-to-the minute
statistics
6
Has this happened to you?

• Email undeliverable notices for email you never
  sent?
• Requests to confirm account numbers, PINs,
  Passwords?
• Microsoft emails containing updates or
  fixes?
• Administrator_at_ccsf.edu orThe ccsf.edu support
  team messages

7
Email undeliverable

• Mail from your email address sent to people all
  over the world
• Causes
• Mining Spammers gather email addresses from
• Intercepted email
• Spyware planted on users computers
• Spoofing Spammers use your email address to
  disguise their messages

8
Microsoft emails

• Contain fake updates with viruses
• Microsoft never uses email for updates
• http//office.microsoft.com/OfficeUpdate/
• http//windowsupdate.microsoft.com
• Virus protection preinstalled on all CCSF
  computers
• Automatically updates for latest virus data
• Updates happen in background no messages appear

9
Administrator_at_ccsf.edu

• Messages claiming to come from our ITS admins
• Ask for info because account is expiring
• Verify by sending password
• Unsigned (and misspelled)
• Never genuine! We dont
• Email confidential security/personal info
• Send unsigned messages
• Misspell

10
Recent examples 1 CCSF support

• The W32mydoom virus carried by this message sent
  to many CCSF email addresses

Dear user of ccsf.edu, Your account has been
used to send a huge amount of spam during the
recent week. We suspect that your computer was
infected by a recent virus and now runs a trojan
proxy server. Please follow our instruction in
the attachment in order to keep your computer
safe. Virtually yours, The ccsf.edu support team.
11
CCSFs policy.

• Users Delete this virus/hoax
• Email Admin Took action to block these messages
  as soon as known
• Our policy statement
• CCSF PERSONNEL WILL NEVER SEND OUT A MESSAGE
  ASKING FOR ACCOUNT INFORMATION OR INSTRUCTING
  USERS TO OPEN AN ATTACHMENT THAT RELATES TO THEIR
  ACCOUNT THAT IS NOT PERSONALLY SIGNED BY A
  SYSTEMS ADMIN
• (i.e., with a name such as Shirley Barger, Anne
  Morris, Doug Re, whomever). "Virtually yours,"
  "The CCSF Team", "CCSF Administrators" and such
  AIN'T our STYLE, and it won't be.

12
Recent examples 2 CCSF user

• Email on Faculty Listserv from "Rbalestr

From "Rbalestr" To
"faculty_at_ccsf.edu".GWIA.sfccd_at_ccsf.edu Date
Saturday - September 18, 2004 650 AM Subject
Faculty Re jvwdtbyfru.bmp (3958 bytes)
View Save As foto2.zip (36606 bytes)
View Save As Mime.822 (57943 bytes)
View Save As
13
Recent examples 2 Carried a virus

• Email on Faculty Listserv from "Rbalestr

From "Rbalestr" To
"faculty_at_ccsf.edu".GWIA.sfccd_at_ccsf.edu Date
Saturday - September 18, 2004 650 AM Subject
Faculty Re jvwdtbyfru.bmp (3958 bytes)
View Save As foto2.zip (36606 bytes)
View Save As Mime.822 (57943 bytes)
View Save As
File carrying a Virus!
14
Other examples.
Fake craigslist msg w virus From
administration_at_craigslist.org To
johnkerry_at_whitehouse.gov Subject Important
notify about your e-mail account. Hello user of
Craigslist.org e-mail server, Your e-mail account
will be disabled because of improper using in
next three days, if you are still wishing to use
it, please, resign your account information. Pay
attention on attached file. For security reasons
attached file is password protected. The password
is "13545". Cheers, The Craigslist.org team
March 2004
15
Fraud

• Fake Subject lines disguise content
• Remove links gather addresses
• Spoofing of identity
• Fake From addresses in email
• Disguised server sources implicate innocent
  parties
• False claims, phishing

16
Phishing

• Attempts to gather confidential information
• Credit card s
• PINs
• Account s
• Passwords
• May use original sites graphics
• Return addresses/links mimic originals

Since August 2003, most major banks in the USA,
the UK and Australia have been hit with phishing
attacks
17
Confirm account numbers

• Phishing for confidential information
• Growing fraud phenomenon
• International
• Recent organized crime involvement
• Spam for
• Siphoning money
• Identity Theft

18
Unsophisticated Phishing
19
Sophisticated Phishing
20
New Tsunami phishing scams
From USA TODAY (Edward Iwata and Martin
Kasindorf) The FBI is investigating dozens of
bogus Web sites that prey on potential tsunami
donors by mimicking sites of well-known
charities, FBI Special Agent Tom Grasso said
Monday. Con artists also are using variations of
the Nigerian "419" scam.... The e-mail authors
claim to be government officials, bank officers
and poor farmers who have lost loved ones in the
tsunami.
21
Phishing increases

• From latest AntiPhishing.org report
• December 2004

22
Phishing updates

• http//antiphishing.org/
• Up-to-date examples and descriptions of phishing
  scams
• Examples Amazon, eBay, AOL, Washington Mutual
• http//survey.mailfrontier.com/survey/quiztest.htm
  l
• Good information provided after you take a quiz
  based on actual emails, real and fraudulent

23
Spyware

• Programs installed secretly on your computer as
  you browse the Internet
• Purposes
• Pop up ads change home page
• Capture keystrokes as you enter passwords,
  logins, etc
• Gather Info about
• browsing habits
• email addresses/passwords/credit card s

24
Combating Spyware

• Combat with free programs
• Spybot Search and Destroy (www.safer-networking.o
  rg)
• Ad-Aware (www.lavasoft.com)
• Yahoo New free toolbar contains anti-spyware
  program, popup-blocker
• Microsoft Beta tool for Windowshttp//www.micros
  oft.com/athome/security
• Summary info at http//www.ccsf.edu/vfascio/spampa
  ge

25
CCSF New Spam filtering

• Barracuda Spam-filter
• Applied starting November 2004
• GroupWise email only
• MUCH less Spam in Mailbox
• Separate Quarantine area
• Quarantine message once a day
• User control over Spam
• Whitelist Addresses always allowed
• Blacklist Always blocked

26
CCSF (informal) Spam stats

• 2003 25-50 filtered out
• ½-1 hour/day of GroupWise administrators time
• March 2004 65-75 filtered
• Feb 2005 80 filtered
• 118,000 messages a week!
• Current 6000 domains / addresses blocked
• List grows daily

27
Barracudas 4 categories

• Definitely Spam/Virus
• Not allowed through system
• Likely to be Spam
• Sent to your Quarantine area for you to
  review/delete/allow
• Maybe Spam
• Tagged with BULK in Subject
• Sent to Mailbox
• Not Spam ? Sent to Mailbox

28
Quarantine message Web

• Once a day, youll see this message (Web client)
• You can take limited action but

29
Accessing Quarantine Web

• For more control
• Scroll to end of message
• Click link at end click here
• Takes you to your quarantine area
• See all quarantined messages
• Act on them

30
Quarantine message Windows

• Once a day, youll see this message (Windows
  client)
• Click long link at end
• Tip Click first or last lines
• Takes you to your quarantine area
• See act on all quarantined messages

31
Quarantine area

• Deliver
• Just deliver the mail. Make no change to
  filtering parameters.
• Whitelist
• Deliver and always allow message from this sender
• Delete
• Just deletes without changes to filtering
  parameters.
• Classify as Not Spam
• Deliver message and updates Spam filter.
• Classify as Spam
• Delete and update Spam filter

32
Barracuda tips

• Look at the Barracuda SPAM message regularly
• Go to your SPAM link
• Delete Spam
• THEN
• DELETE Barracuda SPAM report messages
• They are big!
• Fill up your email space unless deleted

33
Be Vigilant

• Protect your email address - treat it like your
  phone number.
• Never email passwords, credit card numbers, or
  other personal information.
• Don't post your email address in public places.
• Never respond to unsolicited email or click on a
  URL or web site listed in spam.
• Never forward spam chain letters.

34
Protect against viruses

• Dont open suspicious attachments even from
  friends
• Check to see if they have actually sent attached
  docs
• At CCSF
• Desktops automatically update Virus SW
• Laptops Lucky owners must actively keep CCSF
  virus SW updated (Windows and Mac)
• At home Get a Virus checker
• Keep it updated!

35
Virus Vigilance

• Look at email attachments
• Suspicious signs
• Nonsense names
• Names ending with any of the following .zip
  .scr .pif .exe .vbs .com

36
Protect against Spyware

• Use at least one Spyware catcher
• Free Ad-Aware (Personal edition)http//www.lavas
  oft.com
• Free Spybot Search and Destroyhttp//spybot.safe
  r-networking.de/
• Free (So far) Microsoft betahttp//www.microsoft
  .com/athome/security/spyware/
• Not Free SpySweeper (30/yr)http//www.webroot.c
  om
• Mac MacScanhttp//macscan.securemac.com/

37
Dont contribute to Spam

• Use the BC email field for groups outside CCSF
• BC Field hides addresses
• May help get msgs to Yahoo, Hotmail recipients
• Helps prevent address capture by spammers

38
Dont look like Spam

• If you want people to read your email messages
• Make your email Subject lines count
• CNIT 3/22 meeting minutes
• Not Info
• Dont use suspicious Subjects
• Hi!
• Pix
• Re
• Dont leave subjects blank

39
Spam / Spyware Resources

• Search on Spam facts
• Your ISP for Spam info
• http//www.pcwebopedia.com/quick_ref/SpamGuide.asp
  
• http//biz.yahoo.com/pfg/e15credible/index.html
  (Suze Orman on Spam Scams)
• For fun http//www.mailmsg.com/SPAM_python.htm
• Spyware http//www.microsoft.com/athome/security
  /spyware/

40
Identity Theft Resources

• Search on Identitytheft athttp//www.sfgov.org/
• Prevention tips
• What to do
• to find out if your identity has been stolen
• after the fact
• http//www.fightidentitytheft.com/
• Good clearinghouse of information

41
Updates

• General
• http//news.yahoo.com/fc?tmplfccid34intechca
  tspam_wars Excellent updated news links site
• http//www.spamanti.net/en/
• http//www.microsoft.com/athome/security/
• Good source for Windows OS updates and general
  information
• Phishing and Organized crime
• http//www.ftc.gov/ftc/consumer.htm
• Government site on many aspects of spam and crime

42
Final note

• From CAUCEthe Coalition Against Unsolicited
  email
• http//www.cauce.org/

According to the European Commission, the costs
of spam to businesses and consumers have been
estimated at USD 8 billion/year. Pressing
doesn't recover those costs.