Electronic Spamming, Spoofing, and Phishing Information

Understanding the terminology

Spam is Unsolicited Electronic Communication

Spam is the abuse of electronic messaging systems to send unsolicited messages, which are generally undesired by the recipient. The most widely acknowledged form of spam is received as email intrusions, but the term can also be applied to other types of electronic media abuse, like: instant messaging advertisements, inappropriate newsgroup postings, search engine and keyword misdirection, unwanted mobile phone text messages, internet forum spam and uninvited fax transmissions.

Spammers flood our mailboxes because they, as advertisers, have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for or prevent their mass mailings. Spammers are taking over the internet because there are practically no barriers to such practices. So, the volume of unsolicited spam is growing practically exponentially. Many spammers are committing fraud by employing spoofing techniques, and the resulting damages are borne by the public, internet providers, and the web sites that are subject to fraud. Spamming will likely not be stopped until internet standards have evolved to the point where all electronic communications can be instantly verified.

Spoofing is Electronic Identity Theft

Email spoofing is the creation of forged email using somebody else's IP address, web domain, and a stolen or faked email name. This means that the spoofing email that you receive will appear to be from a legitimate web site, but in fact that mail did not even come from or pass through that domain or web host which is being spoofed. The spammer who created the spoofed email simply inserted the IP addresses of legitimate sites into their mail header information so their email will be accepted by your mail server and passed on to you. That is their goal, to get their email in front of your eyes, and they do not care which valid web site owner they burn to make that happen. The spoofer does not care if the "borrowed" email address gets blacklisted because of the spoofing attack, because they do not own it - they faked the source location of the message. Routers use the "destination IP" address in order to forward packets through the Internet, but cannot validate the "source IP" address. That address is only used by the destination machine when it tries to respond back to the source address.

Email spoofing is an integral part of many network or email attacks that do not need to see responses or need to have an email reply, this is called blind spoofing. Generally the email itself will direct you to the web site or product that they are trying to place before your eyes. That is why email spoofing is used to deliver spam and phishing attacks.

Phishing is Electronic Fraud

Phishing is a criminal activity using electronic misdirection techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Ebay, Paypal, and online banks are the most targeted companies. Phishing is typically carried out using email or an instant message, and usually directs users to a falsified web site that may appear legitimate.

Measures are underway to deal with the growing number of phishing attacks that include: legislation, email user notification, and the development of stricter internet email standards and verification techniques. Laws already exist to prosecute phishers, the technology simply needs to catch up with the speed of the perpetrators to help us stop them and capture them.

More about Spam in the form of Spoofing Attacks

Email Spoofing is the latest trend by those who send spam email. It is the practice used by spammers to falsify the header information in their email messages. By forging the header information, they can make the email appear to come from where ever they choose.

Spammers are now routinely stealing the web site identities of businesses on the web, and using them to send millions of pieces of junk advertising and offensive emails. They generally do this because they have previously been caught and blacklisted for their practices, so email from their sites is not accepted by many parts of the internet. They resort to web site identity theft to get their (unwanted) messages out.

The average person on the internet doesn't yet understand what's happening here, and many legitimate companies are being damaged, blacklisted, and victimized by spoofers.

When you receive any spam email, do not assume that it is easy to know who sent it. The current state of technology and internet standards make this very difficult to stop. Such spam is coming to you from the lowest, most despicable life form lurking on the internet, and we ask that you do everything in your power to report the actual perpetrators of this activity.

These attacks often come from outside the United States, but there are many spammers in the US as well, and we pursue each lead we get to report spammers. Please let us know if you receive any spam email that appears to be from any site that you know is legitimate.

Help stamp out these annoying and destructive practices! Please read on to further understand more about how you can be a part of the solution.

Steps to Protect Yourself and Ways You Can Help

When you receive any spam email, please follow these steps:

Use caution with spam messages: Do not assume that the message originated from the site that it appears to be from. In some cases it is not even safe to open these messages, as they may contain viruses. It is also best to not reply to the message, because that may allow the spammer to validate that yours is a valid email address. In Outlook and Outlook Express, it is possible to look into a message header without opening the message, if you need to. If you understand the process of opening the headers and examining them, without opening the message, identify the offending party and report them or send us the information and we will.
Never reveal personal information: Never respond to requests for personal information, passwords, or login IDs. Scam artists send out email messages where they try to appear to be from a legitimate source like Ebay, PayPal, or even your bank, and they will direct you to click on their link which will take you to a fake web site that is designed to look like the real one. They are only trying to get you to use your login and password so they can capture that information and steal from your accounts. Even if you do get a message from someone that you have an account with, do not use the link in the email to log into the account, NO MATTER HOW REALISTIC IT LOOKS. Manually type in the correct web address or use a bookmark/favorite saved link that you KNOW is correct.
Do NOT buy anything that comes in a spam email message, no matter how great a deal appears. This may eventually convince spammers and spoofers that spam does not work, and it may die out. Remember that a number of spammers and spoofers are being paid by other businesses to flood you with unwanted email, if we all stop buying from those businesses, the spammer's source of income will dry up.
Report the abuse: Using the email address on our "Contact Us" link, send us a copy of the email as an attachment; that will preserve as much of the header information as possible. If you cannot figure out how to do that, simply forward the email message to us. That will allow us to open the header, find the offending IP address, and try to get them shut down by reporting them to the network or web host where they reside.

REMEMBER, even though links in an email message may look correct, spammers and spoofers have hidden fraudulent links under the text and graphics in their email messages that are designed to take you to bogus sites that may look correct but is usually set up to steal your private information. Unfortunately, this is too easy to do, and many people are fooled by links that look legitimate. Always be careful to know exactly who you are dealing with on the internet, when in doubt, do not use the links or the web sites you are directed to.