spam

Document Sample
spam Powered By Docstoc
					What you can
– and can’t –   SPAM
do about it
SPAM Overview

  > SPAM
      Scope and cost
      Viruses
      Definition and examples (CCSF +)
  > Fraud and Phishing
      Types of phishing
      Some Examples
  > Spyware
      From annoyance to identity theft
  > CCSF’s Barracuda SPAM filter
  > Protecting yourself
                                         2
The Spam Problem
  > Spam = unsolicited email
     Ads
     Viruses
     Phishing
     spyware
  > The Problem
     Volume / Annoyance
     Cost-Shifting
     Waste of Resources
     Fraud
                               3
 Spam as % of total email

> March 2003 ― 45%   > Feb 2004 ― 62%




                                        4
 Spam today

> March 2003 ― 45%              > Feb 2004 ― 62%
> January 14, 2005:




From http://www.appriver.com/
- up-to-the minute statistics
                                                   5
Has this happened to you?

  > “Email undeliverable” notices
    for email you never sent?
  > Requests to confirm account
    numbers, PINs, Passwords?
  > “Microsoft” emails containing
    “updates” or “fixes”?
  > Administrator@ccsf.edu or
    “The ccsf.edu support team”
     messages

                                    6
“Email undeliverable”

  > Mail from “your” email address
    sent to people all over the world
  > Causes
      Mining: Spammers gather email
      addresses from
       • Intercepted email
       • Spyware planted on users’
         computers
      Spoofing: Spammers use your email
      address to disguise their messages

                                           7
“Microsoft” emails

  > Contain fake “updates” with viruses
  > Microsoft never uses email for
    updates
      http://office.microsoft.com/OfficeUpdate/
      http://windowsupdate.microsoft.com
  > Virus protection preinstalled on all
    CCSF computers
      Automatically updates for latest virus
      data
      Updates happen in background – no
      messages appear


                                                  8
Administrator@ccsf.edu

  > Messages claiming to come from our
    ITS admins
  > Ask for info because “account is
    expiring”
  > Verify by sending password
  > Unsigned (and misspelled)
  > Never genuine! We don’t:
      Email confidential security/personal info
      Send unsigned messages
      Misspell

                                                  9
Recent examples 1: CCSF “support”


   > The W32mydoom virus carried by
     this message sent to many CCSF
     email addresses
    Dear user of ccsf.edu,

    Your account has been used to send a huge amount of spam during the
    recent week.
    We suspect that your computer was infected by a recent virus and now
    runs a trojan proxy server.
    Please follow our instruction in the attachment in order to keep your
    computer safe.

    Virtually yours,
    The ccsf.edu support team.                                              10
CCSF’s policy….
> Users: Delete this virus/hoax
> Email Admin: Took action to block these
  messages as soon as known
> Our policy statement:
> CCSF PERSONNEL WILL NEVER SEND OUT A MESSAGE
  ASKING FOR ACCOUNT INFORMATION OR INSTRUCTING
  USERS TO OPEN AN ATTACHMENT THAT RELATES TO THEIR
  ACCOUNT THAT IS NOT PERSONALLY SIGNED BY A SYSTEMS
  ADMIN
  (i.e., with a name such as Shirley Barger, Anne
  Morris, Doug Re, whomever).
  "Virtually yours," "The CCSF Team", "CCSF
  Administrators" and such AIN'T our STYLE, and it
  won't be.
                                                       11
Recent examples 2: CCSF “user”


   > Email on Faculty Listserv from
     "Rbalestr“
   From: "Rbalestr" <rbalestr@ccsf.edu>
   To: "faculty@ccsf.edu".GWIA.sfccd@ccsf.edu
   Date: Saturday - September 18, 2004 6:50 AM
   Subject: Faculty: Re:

   jvwdtbyfru.bmp (3958 bytes) [View] [Save As]
   foto2.zip (36606 bytes) [View] [Save As]
   Mime.822 (57943 bytes) [View] [Save As]
                                                  12
Recent examples 2: Carried a virus


   > Email on Faculty Listserv from
     "Rbalestr“
   From: "Rbalestr" <rbalestr@ccsf.edu>
   To: "faculty@ccsf.edu".GWIA.sfccd@ccsf.edu
   Date: Saturday - September 18, 2004 6:50 AM
   Subject: Faculty: Re:       File carrying a
                               Virus!
   jvwdtbyfru.bmp (3958 bytes) [View] [Save As]
   foto2.zip (36606 bytes) [View] [Save As]
   Mime.822 (57943 bytes) [View] [Save As]
                                                  13
Other examples….
Fake craigslist msg w virus
From: administration@craigslist.org
To: johnkerry@whitehouse.gov
Subject: Important notify about your e-mail account.
Hello user of Craigslist.org e-mail server, Your e-mail
account will be disabled because of improper using in
next three days, if you are still wishing to use it, please,
resign your account information. Pay attention on
attached file.
For security reasons attached file is password protected.
The password is "13545".
Cheers, The Craigslist.org team                                14
Fraud

  > Fake Subject lines disguise
    content
  > “Remove” links gather
    addresses
  > “Spoofing” of identity
     Fake From: addresses in email
     Disguised server sources
     implicate innocent parties
  > False claims, phishing
                                     15
Phishing
  > Attempts to gather
    confidential information
     Credit card #s
     PINs
     Account #s
     Passwords
  > May use original
    site’s graphics
  > Return addresses/links mimic
    originals
                                   16
Confirm account numbers

  > “Phishing” for confidential
    information
  > Growing fraud phenomenon
  > International
  > Recent organized crime
    involvement
  > Spam for
     Siphoning money
     Identity Theft

                                  17
Unsophisticated Phishing




                           18
Sophisticated Phishing




                         19
New Tsunami phishing scams

From USA TODAY (Edward Iwata and Martin Kasindorf)

 The FBI is investigating dozens of bogus Web sites that
 prey on potential tsunami donors by mimicking sites of
 well-known charities, FBI Special Agent Tom Grasso said
Monday.
 Con artists also are using variations of the Nigerian "419"
scam.... The e-mail authors claim to be government officials,
bank officers and poor farmers who have lost loved ones in
the tsunami.


                                                            20
Phishing increases




> From latest AntiPhishing.org report
    December 2004
                                        21
Phishing updates

  > http://antiphishing.org/
     Up-to-date examples and
     descriptions of phishing scams
     Examples: Amazon, eBay, AOL,
     Washington Mutual…
  > http://survey.mailfrontier.co
    m/survey/quiztest.html
     Good information provided after
     you take a quiz based on actual
     emails, real and fraudulent

                                       22
Spyware

> Programs installed secretly on your
  computer as you browse the Internet
> Purposes:
    Pop up ads; change home page
    Capture keystrokes as you enter passwords,
    logins, etc
    Gather Info about
     • browsing habits
     • email addresses/passwords/credit card #s
                                              23
Combating Spyware
 > Combat with free programs:
     Spybot Search and Destroy
     (www.safer-networking.org)
     Ad-Aware (www.lavasoft.com)
 > Yahoo: New free toolbar contains
   anti-spyware program, popup-blocker
 > Microsoft: Beta tool for Windows
   http://www.microsoft.com/athome/security
 > Summary info at
   http://www.ccsf.edu/vfascio/spampage
                                              24
CCSF: New Spam filtering

  > Barracuda Spam-filter
     Applied starting November 2004
     GroupWise email only
      • MUCH less Spam in Mailbox
        >Separate Quarantine area
        >Quarantine message once a day
      • User control over Spam
        >Whitelist: Addresses always allowed
        >Blacklist: Always blocked


                                               25
CCSF (informal) Spam stats

  > 2003: 25-50% filtered out
      • ½-1 hour/day of GroupWise
        administrator’s time
  > March 2004: 65-75% filtered
  > Feb 2005: 80+% filtered
      • 118,000+ messages a week!
  > Current: 6000 + domains /
    addresses blocked
      • List grows daily

                                    26
Barracuda’s 4 categories

  1. Definitely Spam/Virus
      Not allowed through system
  2. Likely to be Spam
      Sent to your Quarantine area for
      you to review/delete/allow
  3. Maybe Spam
      Tagged with [BULK] in Subject
      Sent to Mailbox
  4. Not Spam  Sent to Mailbox

                                         27
Quarantine message: Web




  > Once a day, you’ll see this message
    (Web client)
  > You can take limited action – but …

                                          28
Accessing Quarantine: Web



  > For more control:
      Scroll to end of message
      Click link at end: “click here”
  > Takes you to your quarantine area
      See all quarantined messages
      Act on them


                                        29
Quarantine message: Windows




  > Once a day, you’ll see this message
    (Windows client)
  > Click long link at end
  > Tip: Click first or last lines
  > Takes you to your quarantine area
      See & act on all quarantined messages
                                              30
Quarantine area


  > Deliver
       Just deliver the mail. Make no change to
       filtering parameters.
  > Whitelist
       Deliver and always allow message from this
       sender
  > Delete
       Just deletes without changes to filtering
       parameters.
  > Classify as Not Spam
       Deliver message and updates Spam filter.
  > Classify as Spam
       Delete and update Spam filter
                                                    31
Barracuda tips

  > Look at the Barracuda SPAM
    message regularly
  > Go to your SPAM link
  > Delete Spam
  > THEN:
     DELETE Barracuda SPAM report
     messages
     They are big!
     Fill up your email space unless
     deleted
                                       32
Be Vigilant

> Protect your email address
  - treat it like your phone number.
> Never email passwords, credit card
  numbers, or other personal
  information.
> Don't post your email address in public
  places.
> Never respond to unsolicited email or
  click on a URL or web site listed in
  spam.
> Never forward spam chain letters.
                                            33
Protect against viruses

> Don’t open suspicious attachments –
  even from friends
> Check to see if they have actually sent
  attached docs
> At CCSF:
    Desktops automatically update Virus SW
    Laptops: Lucky owners must actively keep
    CCSF virus SW updated (Windows and Mac)
> At home: Get a Virus checker
    Keep it updated!

                                               34
Virus Vigilance
> Look at email attachments
   Suspicious signs:
    • Nonsense names
    • Names ending with any of the
      following: .zip .scr .pif .exe .vbs
      .com




                                            35
Protect against Spyware
> Use at least one Spyware catcher
   Free: Ad-Aware (Personal edition)
   http://www.lavasoft.com
   Free: Spybot Search and Destroy
   http://spybot.safer-networking.de/
   Free (So far): Microsoft beta
   http://www.microsoft.com/athome/security/spyware/

   Not Free: SpySweeper ($30/yr)
   http://www.webroot.com
   Mac: MacScan
   http://macscan.securemac.com/
                                                       36
Don’t contribute to Spam

  > Use the BC email field for groups
    outside CCSF
     BC Field hides addresses
     May help get msgs to Yahoo,
     Hotmail recipients
     Helps prevent address capture by
     spammers




                                        37
Don’t look like Spam

  If you want people to read your email
    messages
  > Make your email Subject lines count
      CNIT 3/22 meeting minutes
      Not: Info
  > Don’t use suspicious Subjects:
      Hi!
      Pix
      Re:
  > Don’t leave subjects blank

                                          38
Spam / Spyware Resources

  > Search on Spam facts
  > Your ISP for Spam info
  > http://www.pcwebopedia.com/quick_ref/SpamGuide.asp
  > http://biz.yahoo.com/pfg/e15credible/index.html
    (Suze Orman on Spam Scams)
  > For fun:
    http://www.mailmsg.com/SPAM_python.htm
  > Spyware:
    http://www.microsoft.com/athome/security/spyware/




                                                         39
Identity Theft Resources

  >Search on Identity+theft at
   http://www.sfgov.org/
      Prevention tips
      What to do
       • to find out if your identity has been stolen
       • after the fact
  > http://www.fightidentitytheft.com/
      Good clearinghouse of information




                                                        40
Updates

  > General:
      http://news.yahoo.com/fc?tmpl=fc&cid=3
      4&in=tech&cat=spam_wars
      Excellent updated news links site
      http://www.spamanti.net/en/
      http://www.microsoft.com/athome/security/
      Good source for Windows OS updates
      and general information
  > Phishing and Organized crime
      http://www.ftc.gov/ftc/consumer.htm
      Government site on many aspects of
      spam and crime


                                                  41
Final note

   > From CAUCE
     the Coalition Against
     Unsolicited email
   > http://www.cauce.org/

 According to the European Commission, the costs
 of spam to businesses and consumers have been
 estimated at USD $8 billion/year. Pressing
 <DELETE> doesn't recover those costs.
                                                   42

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:23
posted:7/24/2012
language:
pages:42