WOUGNET - Women of Uganda Network [Logo]

       
The WOUGNET website is under re-development.
Your input and suggestions on changes we need to make are most welcome.
Please send comments to techsupport@wougnet.org.
Thank You!


Women of Uganda
Organisations
In Parliament
Publications
Women Studies

Sarah Ntiro Award

Commonwealth Women's Network
 
Action Alerts
Speak Out!
16 Days of Activism against Gender Violence
 
Support
TechTips
WebDesign
WorldSpace
Satellite Radio
Program (WSRP)
 
ICT Policy
ICT Policy Issues in Uganda
ICT Policy Training
ISUG Forum
Uganda National
ICT Directory
Open Source
World Summit on the Information Society (WSIS)
WSIS - Uganda

World Summit Awards (WSA), Uganda
 
Links & Resources
Women & Gender
Agriculture
Business
Development
Education
Environment
Health
HIV/AIDS
Human Rights
ICT-Related
Intl. Women's
Organizations
General Resources
Add Link
 
News & Events
News & Events
Submit News
IARW conference
WOUGNET Presentations
WOUGNET Projects
 
WOUGNET
Contact Us
About WOUGNET
WOUGNET Membership
WOUGNET Mailing List
WOUGNET List FAQ
WOUGNET Update Newsletter
Search WOUGNET
Home

        
               
WOUGNET - Women of Uganda Network
                


ONLINE SCAMS AND SPAMS

Prepared by Craig Knott, Netaid.org volunteer

This two part TechTip installment will introduce you to the most common, and possibly most irritating scams out there today on the world wide web. It will cover what to look out for, and go into some detail on how to get around them. Part I addresses online scams and Part II addresses spam.

Modern mass production techniques have helped drop manufacturing costs across the board, no more so than where electronic and technological goods are concerned. The price of these has plummeted drastically over recent years and as a result we have seen cheaper PCs and access to the Internet. Sadly, there are a few out there who take advantage of peoples inexperience with this technology and try to scam them out of, in some cases, many thousands of pounds. This article has been designed to show you what to look for and how best to avoid these fraudsters.

In case of any queries or requests for tips, please write to techtips@wougnet.org.

Part II: Spam And How To Beat It

Email is one of the most useful tools that net users have available. You can use it to arrange meetings, make contacts and keep up-to-date with others. How is it, then, that more and more of us find that, instead of using it as the great social or business tool it's become, we spend almost as much time sifting through the unsolicited messages in our mailboxes, offering Viagra, body enhancements, cheap mortgages or the opportunity to assist money launderers? From a small trickle a few years ago, the volume of unsolicited email has grown exponentially, and some researchers now believe that each of us spends many minutes every day filtering out these unwanted messages. A whole mass-mailing industry has grown up, with a range of products designed to make it simple for people to send bulk email to tens of thousands of addresses in a very short time.

Regulation is very hard, with senders and recipients often in different countries, so what can you do?
There are an increasing number of tools available to help work out which email is necessary and which is junk. You can allow only email from specific people to reach you, you can use a confirmation-based system or employ automatic filtering - at prices that can vary from nothing to several pounds per month per mailbox. Hotmail offer a free service allowing you to filter out up to 250 addresses of your own choosing. It may sound a lot, but I still receive upwards of 15 junk emails per day.

These tools are quite limited but there are also plenty of tips and tricks you can use to try and cut down on the number of people who can figure out your email address and use it to send you junk. Even assuming you're an innocent newcomer to the net you can still expect to find an astonishing variety of junk mail often verging on lewd. Alongside weight loss programmes of dubious efficacy you'll find plenty of offers regarding Viagra, enlargement of body parts or promotion of some of the less savoury adult sites on the net. Then there are offers of mortgage deals or loan consolidation, very often from foreign companies. And as well as the straightforward Spam mail, there are scams too. While you might think that most of these are so obvious that any fool can see through them, some are rather more clever.

Among these are scams that have recently been used to target users of sites such as eBay, Paypal and Nochex. The most common form is an email that appears legitimate, asking you to update your stored personal details and offering a link to do so. Usually, claims are made that you've been picked for a random security check, or that there's been some sort of computer failure that necessitates entering your information again. Clicking the link takes you to a dummy website with a look and feel very much the same as that of the target. So, lulled into a false sense of security, you fill in all the requested information. Needless to say, all the information you type in will be used for something else, and the first you may notice is the unauthorised charges on your credit card.

There is one type of scam though, which seems so transparent it's a wonder anyone is taken in - but they are, with depressing regularity. Commonly known as the Nigerian 419 scam or advance free fraud, these make claims about lost fortunes, and a desire to find someone who can help ship cash out of a country, in return for a split. Originally a postal scam operated from Nigeria, variations on these now crop up from all over the globe, including some topical Iraq-based ones. All you have to do is pay a certain amount up front, supposedly for bribes, and a large portion of the money will then be yours. Often, money might have belonged once to someone with your surname, or some other tenuous connection will be claimed.

Why Me?

One of the questions you'll undoubtedly ask yourself as you sift through the junk in your inbox is 'Why me?'

Ever posted a message to a Usenet discussion group or a mailing list that's archived on the web and consequently available via Google? Do you have a web page? Have you ever been in a chat room or have been a little incautious when signing up for websites and not checked their privacy terms to see what they'll do with your email address?

But what if you've never ever posted anything anywhere, never put your email address on a web page and never signed up for anything, and you're still receiving junk email? You can still become a target via what's called a 'dictionary attack'. If there are enough users in a big domain - like AOL or Hotmail - then there's a good chance that most of the common names and words in the language will be valid email addresses. You can extend it, too, by putting two words together, or a name and an initial, like 'jsmith' or perhaps a year; all the spammer has to do is try it once, see which addresses are rejected, and the rest are worth sending things to in future.

Stopping It

So now you know how people can get your address, what can you do to stop it and get your inbox back under control?

First things first, the bad news is that if your address is on lots of lists then your best solution may be to accept that you need to change your address, and try hard to keep the new one junk-free. If you don't do that, you can still cut down on the junk, but it's a lot easier if you start with a clean slate. If you want to take part in discussions on the net, whether in chatrooms, message boards or Usenet groups, it's worth creating a new ID and email address to use just for that.

Sometimes, of course, you have to give your email address to people, often as a condition of signing up for something. In that case, if you can create additional addresses with your account, it's often worth doing so. That way you can work out who's passed your address on. For example, if you signed up for something on the Wougnet website, you might create a special address like Nigel.wougnet@your-isp.com.

Filtering

These simple tricks will help stop your address being spread about, but what about getting rid of the mail that's already being sent to you?

First rule is: never reply. Even if they say that replying will take you off their list, don't - unless it's a reputable company or someone else you've already done business with. More likely, such links and reply addresses will just confirm that your address works. If your email program provides such a facility, bounce the message back to the sender, so that it looks invalid.

The next thing to do is to spot them when they hit your inbox. Sometimes that's easy - anything with words like 'Viagra', 'enlarge' or 'lolita' is likely to be junk. Sadly though, there's a lot of Spam that uses subjects like 'Re: last night' or 'Hey there' to try and make you think it's a part of an ordinary email exchange. There is a wide range of solutions you can use, including software on your own PC, or choosing an email provider that uses their own or third-party filters like Brightmail or Messagelabs.

You can add Messagelabs services to a corporate email system and, at a few pounds a month per mailbox, it will probably pay for itself in time saved. It's also worth considering packages like Mailwasher (www.firetrust.com) to help filter and reject messages, or Spamcop (spamcop.net), which will collect messages from your mailbox and filter them into a new mailbox on their server for $30 (£19 approx.) per year. You can also use databases from organisations like Spews (www.spews.org). These provide lists of known spammers, the companies and ISPs that support them.

Fighting Back

So far, we've looked at ways of filtering junk email out, but is there anything you can do to get back at the selfish fools who send it?

The most important lesson is that, no matter how tempting it is, don't send huge files or viruses back to the sender. Very often the address that a junk email purports to come from isn't real. It's likely to belong to another unwilling recipient, or to be completely forged.

You can try forwarding the junk back to 'abuse' or 'postmaster' at the domain the email came from, and they'll be able to track down information by looking at the message headers.

If the email is an incitement to commit fraud, along the lines of 'please help me get these millions out of the country following the tragic death of someone with a surname spookily similar to yours,' inform your Police Force as soon as possible. For the time being, the only types of junk email that the police are able to deal with are fraud and child pornography - but that may change. Already, some states in the US prohibit the sending of junk email to their residents, and there have been some successful prosecutions, although nowhere near enough to make a difference.

The best response for many people is to help report spammers, either via email if you can work out where it was sent from, or via websites. For example, the Spamcop website has a reporting system which feeds directly into its real-time blacklist, ensuring that once a sending host is listed, people using the black list won't receive any more Spam from it. At the Mail Abuse Prevention System (www.mail-abuse.org), you can find plenty of other tools to help you track down the senders. But for most people, we reckon the solution is to use some of the tools we've looked at earlier. If you can, choose an email provider that offers filtering and tagging of messages. If not, pick a tool like Mailwasher or Spampal to clean up your mailbox for you.

At the very least, set up filters in your mail program to move the email you care about into one place, and leave everything else in a folder of its own to look at another time. Above all, no matter how tempting the offers you receive, don't reply!

General Do's And Don'ts

  • Always use a disposable address for postings in online forums like newsgroups, chatrooms and message boards. You can abandon it if it gets too Spam-filled, and give genuine correspondents your real address.
  • Never reply to a junk email, or click the Unsubscribe links. Consider reporting it via Spamcop.
  • When you sign up on a website, check carefully to make sure if you have to opt-in or opt-out of receiving email, as it's not always clear. And consider using a unique address for each site, if you can.
  • If you manage your own mail servers, consider installing software like Spamassassin, using Spews filtering or signing up for a service like Messagelabs mail filtering.
  • If you run your own business, make sure you genuinely have the consent of customers before sending them email. Assuming that you have their implied consent is likely to cause you more problems than directly seeking it.

    If you take all of this advice into consideration I am more than certain you can enjoy many hours of uninterrupted internet use.

    Happy surfing.



    • TechTips main page



    Featured on WOUGNET mailing list: August 12, 2003