Spam FAQ (Part 3)
As of November 2006, I've been getting a number of questions about spam that aren't covered in the previous FAQs on the subject, so I'll cover them now.
Why do so many spam messages come as graphic files these days?
Because spam filters are getting too good at blocking text-only spam. Some desperate spammer decided to convert their advertising text into an image, because at that time, spam filters didn't look at images. The trick caught on quickly.
But why are these graphic spams getting harder to read, with scratchy lines, crooked text, and weird-colored backgrounds?
Because many spam filters do look at images now. This is a classic case of the spam "arms race": spammers come up with a new tactic, spam filters start blocking it, so spammers change tactics, et cetera, ad nauseam. This is the reason spam filters can't catch all spam. It also leads to weird-looking spams that nobody in their right mind could possibly mistake for legitimate business offers, yet for some reason enough people keep falling for it that the spammers make a profit.
What's with these spams telling me to buy stock in some company I never heard of?
This is an old stock market scam called the "pump and dump". The scammer buys up a lot of shares of a very cheap stock, then publicizes a claim that the company is about to be bought, or unveil a new product, or some other indicator that the value is about to go up. Investors see these (often phony) announcements and buy the stock, which inflates its price, and the scammer happily sells at a profit. Often this is only pennies per share, but with thousands of shares, it adds up fast.
Why are there so many of these all of a sudden?
Until just a few months ago, stock spams were a fairly small percentage of all spam. Then in July, a scholarly paper was published indicating that using email for "pump-and-dump" scams actually yields a sizable profit. This got a lot of spammers excited, and they jumped on the bandwagon. Hopefully people will learn not to trust stock tips sent to them out of the blue, just like most people have learned not to trust email from widows of Nigerian millionaires. Unfortunately, if the Nigerian fraud is any guide, the stock market spammers will still keep trying new variations even when their efforts have become a joke.
What are some other common spam-scams I should watch out for?
Phishing scams are still very common. They have gotten trickier than they used to be; for instance, you might get an email that seems to be from PayPal, claiming you have made a purchase (often something expensive or pornographic), and that you should click a link if you want to cancel. They are designed to scare you into thinking you're about to lose hundreds of dollars or get on some weird porn company's mailing list; people who are scared or angry are more likely to click a link without thinking.
Also, though these are not scams, you should be on the lookout for emails claiming to be from "firstname.lastname@example.org" or other official-sounding WOU email addresses that don't really exist. Often they will say that your email account has been disabled, or that you have just changed your password, or something like that. They will ask you to run an attachment in order to get your account working again, or go back to your old password. But if you fall for it, your computer gets infected by a virus, and may start sending out spam. If you are ever in doubt about email that seems to come from UCS, please forward it to email@example.com!
What? A virus might make my computer send spam?
That's right. Viruses and worms used to be all about doing damage, or just making the writer feel powerful. But now, with so much money in spam, spammers are hiring virus writers to help them out. If your computer gets infected by one of these nasties, you might not notice anything but a bit of slowness; they are designed not to be obvious. Behind the scenes, though, these viruses put your computer under the control of the spammers, who give it a list of addresses and tell it to start firing away behind your back.
How do I keep that from happening?
The main way to be safe is not to click links or attachments in email messages, unless there isn't even a shadow of a doubt that the message might be a trick. Also, don't install software unless it is from a reputable company; if in doubt, go to your favorite search engine site and search for the name of the company or the program, before installing it. Browser toolbars seem to be especially common vehicles to infect your computer with nasty stuff, so be especially careful with them.
How do I know my Thanksgiving turkey isn't carrying any viruses?
Make sure to follow the cooking instructions carefully, and... oh, never mind, that was a joke. That brings this FAQ to a close; I hope you enjoy your Thanksgiving vacation!
University Computing Services 503-838-8154 | or e-mail: firstname.lastname@example.org