PDA

View Full Version : Email scam



Steve
September 21st, 2002, 11:12 AM
I just received an Email from Togo, West Africa. It is a variation of the Email bank scam that has been going on for some time. A large sum of money, no rightful owner, provide us with a bank account #, some up front cash, and we will share millions with you. All other Emails I have received of this type (different countries but all from the continent of Africa) have been through my work address but this time it came through my USMS alias. Has anyone else received this type of scam through their @USMS.org alias?

cinc3100
September 21st, 2002, 12:42 PM
Yes, its common. They think americans are gullible.

KenChertoff
September 21st, 2002, 01:16 PM
Not that particular scam, but I have received other spam though my usms.org alias.

coachbrad
September 21st, 2002, 10:15 PM
Yes, since I have "enlisted" in the forums, I have been heavily spammed. And it seems that both my usms.org address and my "real" address are now on the spam hit list. It is quite annoying. I might suggest that our webmaster try to shove a filtering package into the database project somehow...I know I would be thankful! Or maybe we simply only allow relays from "known" or "trusted" domains (if that can even be figured out!).
:confused:

matysekj
September 22nd, 2002, 10:08 AM
Originally posted by coachbrad
Yes, since I have "enlisted" in the forums, I have been heavily spammed. And it seems that both my usms.org address and my "real" address are now on the spam hit list. It is quite annoying. I might suggest that our webmaster try to shove a filtering package into the database project somehow...I know I would be thankful! Or maybe we simply only allow relays from "known" or "trusted" domains (if that can even be figured out!).
:confused:

Just to clear up a few things...

If you would like to figure out where spammers got your email address, your first step would be to do a Yahoo or Google search on your email address. Any pages that show up are potential sources for spammers to harvest. Brad, your "real" address shows up in a Cleveland triathlon page, the June Lake Erie LMSC newsletter, and in the LMSC handbook. It is absolutely NOT available via these forums in any way, nor is the mapping from your alias to your "real" address.

Our server is NOT an open relay. It is tested regularly to ensure this.

We do filter out known spam domains from sending mail to any @usms.org addresses. There are over 3100 domains on the filter list.

The email bank scam where you're offered millions of dollars in bank transfer from some African country has been around for some time. The people who send these emails out tend to use new addresses from free email services to send these out every time (e.g. Yahoo, Excite, HotMail). If you forward the message with the full header to the Abuse department of the originating domain (e.g. abuse@hotmail.com), the account will be cancelled. However, given the volume of the spam they send out, chances are that the account has already been cancelled by the time you've done this. There is no way for us to filter out email addresses that we don't know about, and it generally isn't worth the effort to add these one-time addresses to our filter since the account no longer exists by the time we would do that.

I will be adding additional protection for usms.org aliases listed in our public searchable database soon. The idea is to require a passcode to be entered before viewing database search results. The passcode would be readily available, but automated robots that search web pages for email addresses wouldn't be "smart" enough to do this. This will be done some time in October. Protecting PDF files like those found in the LMSC handbook is a different story that needs more thought. We may just want to remove that particular portion of the LMSC handbook from the web site.

coachbrad
September 22nd, 2002, 09:26 PM
Thanks, Jim. I hadn't thought of doing a search on my own e-mail address...quite interesting when you see the results.

Brad Biddle
September 23rd, 2002, 12:12 PM
Not to drift too far off a USMS or swimming-related topic, but apparently people are still falling for this African e-mail scam; this weekend a story ran of a woman who just embezzeled $2 million from her law firm employer as part of this scam:

http://www.freep.com/news/locoak/checks21_20020921.htm

On the spam front, there are lots of good anti-spam resource sites online, including, e.g.,

http://spam.abuse.net/userhelp/

But spam really is an intractable problem; once your address gets out there, you're hosed. Look forward to an education in how to make millions working from home, the activities of certain hot young coeds, and various penis enlargement products.

(One last link: for those who have become familiar with the regular spam topics, SatireWire's spam poetry contest is very funny:
<http://www.satirewire.com/features/poetry_spam/poetryintro.shtml>. The poems are made entirely from phases out of spam e-mails.)

--Brad

pbsaurus
September 23rd, 2002, 03:26 PM
I really miss Satirewire. Why did he have to retire!