Tutor Tips from ... the Computer Tutor

24 January 2004

Common Spammer Tricks and Tips to Avoid Them

Spammers are employing more advanced tactics and getting more aggressive in their spamming techniques. To understand how to stop spam, you should learn some of the tricks that spammers use to gain access to your Inbox.

Dictionary attacks:
 The spammer takes a "dictionary" of common words and names, combines them, and sends e-mail addressed to all different variations such as johndoe1@example.com, johndoe2@example.com, johndoe3@example.com. Spammers typically do this at leading e-mail providers that have a large base of users.

e-mail spoofing:
 The spammer trick of choice these days, e-mail spoofing, uses a faked e-mail header that makes an e-mail message look like the message came from someone or somewhere other than the spammer. It's fairly easy to make an e-mail appear that it's sent from your own address or a seemingly credible source. Spammers use spoofing to get you to open and respond to their mail. Remember, you should never respond to unsolicited e-mail.

Spoofing Popular Providers:
 Many spammers try to spoof or imitate popular Internet providers, such as AOL, Yahoo and MSN, in the hope that you will submit your personal account information. Please be aware that these companies will never ask you to e-mail your personal information such as your logon ID, password, social security number, credit card numbers, etc. If you receive an e-mail appearing to be from a service provider asking for this type of information, it is spam.

Social engineering:
 This ploy tricks users into opening the spam by pretending to know the person or trying to lure the person with a "personal" subject line. Typical subject lines include "Hey how are you?" "Urgent and Confidential," "We need to meet," "I have money for you," or "It snowed again." Avoid this trick by never responding to unsolicited e-mail and setting up blocked addresses.

Mining message boards and chat rooms:
 Do not post your e-mail address in public places -- treat it as you would your phone number. If your e-mail address appears on a message board, in a chat room, or any public place, spammers can use automated robots, or "bots," to search the Internet and grab your e-mail address.

Use a disposable e-mail addresses - one that you can create with a free online service, such as Yahoo, Juno, MSN, etc. - when visiting message boards and chat rooms. With a disposable e-mail address, you can monitor spam coming into that address and delete the account if it gets too much spam.

Open proxy, third-party servers:
 Open proxies are third-party servers that allow spammers to send mail while hiding their identities and Internet locations (IP addresses). Many spammers use these open proxy servers to help maintain anonymity.

Web beacons:
 An e-mail may contain an image that is invisible to the recipient – this is sometimes called an "invisible GIF" or "web beacon." Once the e-mail is opened, the spammer is alerted that your address is "live." Do not open e-mail messages that appear to be spam. Make sure you e-mail program is set to not automatically open your message.

Inserting random strings of text and characters:
 To try and get through spam-control filters, spammers will insert random strings of text throughout the e-mail to make the spam appear unique from other e-mail. Sometimes they do this with e-mail headers by adding spaces and characters like this: V_I_A_G_R_A. You can help fight this type of spam by not opening or responding to it.

Chain Letters:
 Many of us receive chain letters that invite you to forward the message on to your friends. Sometimes it will say you will get five cents for every e-mail or bad luck if you send to less than five people. These are hoaxes created to promote spam. Never forward these e-mails thinking you will receive money for each recipient of their e-mail.