Receiving more spam than email? Drowning in Amazon order cancellations? Wondering why your spam filter is so inefficient? I still believe I had the perfect solution when I suggested taxing email but no one seemed to like that idea. If you consider knowledge as power, I’m going to give you some power over these spammers.

When you signed up for your email you had to provide a username and an alias (nickname). Since I get enough spam as is and I don’t want to cause anyone else to be flooded in spam, I’ll use Borok, one of my gaming characters, as an example. It’s a given that once an email address shows up on the Internet, it will become the target of spam.

In my case, having an alternate email address is worth its weight in gold. I know Borok hasn’t signed up for WhatsApp service, Facebook or actively canceling Amazon orders. For those places that always demand an email address, using Borok as an address saves me lots of time. I just delete everything that comes to him.

Back to email, when you receive email, it always shows the alias of the sender, not the email address. If Borok, Borok@middleearth.com, picked his favorite fruit for his alias and sent you an email, you might think your favorite computer company sent you an email. Unfortunately for us, there are very few restrictions on the alias. While it’s possible to spoof the sender address, it’s a little harder.

With that in mind, let’s take a look at a few pieces of today’s spam. Keep in mind that both the email addresses and websites listed are almost certainly hacked. These are not the people causing you grief, they’re also victims. Just in case you can’t exercise enough self-control to avoid using a link to a known infected site, I also modified the names, 

What you see Sender Links
SupportFacebook gorleau@videotron.con xiguajiakss.con/

wp-content/themes/jackets.php

User Support garland@gcspotlightmag.con asalnulis.con/

wp-content/codifications.php

Support Facebook epsanfor@olemiss.con xiguajiakss.con/

wp-content/themes/jackets.php

Tyson Ross Operator gijuffx@sharewareconnection.con ilhankuyumculuk.coc.con/

interdependent.php

order-update @amazon.com order-update@amazon.con/ estudiomonchietto.con./repairman.php
auto-confirm @amazon.com auto-confirm @amazonmonuments.con obrainteractiva.con/lubbock.php
WELLSFARGO BANK info@gabsocial.gob.con No links – It came with a special information file for me to open

 

Looking at these you see that the alias has been selected to entice you into following the link. In all but two of them the sender is probably hacked email account. In the two emails ostensibly from Amazon, it appears that the sender field was also tampered with.  All of them are trying to direct you back to a php file in a hacked website.

Notice how the names of the php file are different. In most cases, it’s doubtful the website owner knows he’s been hacked. These php file names are crafted so as not to arouse attention in the Website operator. The website probably works perfectly unless you happen to get directed to that one specially crafted php file.

What happens then? To be honest, my desire for knowledge does not extend far enough for me to follow any of those links. They may just present me with ads for worthless junk or services but it’s far more likely that my system will become so badly infected that I would need to throw away everything but the monitors and start over (on second thought, I could tell my wife the monitors were also infected to justify upgrading them).

The bad part is that unless the website operators are scanning their website on a regular basis, they won’t even know they’ve become a vector for infection. I could write a nice email to the owner of each account telling them they were infected and give them the name of the file but I would more likely be ignored.

This isn’t stubbornness on the part of the website owners, just prudence. Did you ever hear of the do it yourself Windows virus email that went around a few years ago. You would receive an email telling you that your computer was infected. It gave the file name and told it was easy to identify because the icon was a teddy bear, something Microsoft would never do. Fortunately, all you had to do was delete the file. Yes, you guessed it, Microsoft had used the icon and it was a critical system file. Deleting it rendered your system useless.

I used to think that the email programs needed to make it easier for us to see the senders account but as you can see, it’s all too easy to spoof the sender address also. What we need is a spam repository. If you receive spam, you forward it to the repository. They would examine the spam and inform both the website owner and the hosting company of the infection. I know it opens the door to another form of abuse, false notifications, but we’ve advanced far enough that the hosting companies in particular could verify the message and notify you directly.

There’s no question that this would be costly but consider the cost if this is not fixed. What happens when your ratio of spam to real mail approaches 100 to 1? Think of these hacked websites as a disease carrier. With each additional carrier your chances of infection go up. How soon before people start abandoning the Internet completely as too risky?

On a final note, my website uses Wordfence to protect it from hackers. Over the last few years, I’ve watched Wordfence evolve from the provider of a simple firewall and file checker to someone actively involved in the community to stop the hackers. If you operate a WordPress website you owe it to your visitors to subscribe to their newsletter. It might save your site. I particularly enjoyed this week’s post, with a video showing the Hungarian police raiding one of the ransomware servers. I’ll never again be able to think of hackers as geeks living in their mother’s basement.

 

 

© 2017 – 2020, Byron Seastrunk. All rights reserved.