In Search of Sir Spamalot

By Carl Weiss

The Holy Hand Grenade of Antioch, originated f...
The Holy Hand Grenade of Antioch, originated from Monty Python and the Holy Grail. (Photo credit: Wikipedia)
Everyone remembers the 2005 musical comedy Spamalot along with its irreverent send up of the Arthurian legend.  Directed by Mike Nichols, the Broadway production garnered three Tony awards and grossed more than 175 million dollars.  Flash forward nearly ten years and the term can be applied anew, only this time without coconut shells substituting for horses or the Holy Hand Grenade of Antioch.  What I am referring to is online spam.

What Constitutes Spam?  (And I’m not talking about the kind that comes in a can.)



Ever since the Internet was begun there have been a number of individuals who weren’t willing to play nice with all the other children.  Spammers have been the bane of many people’s existence online, especially in terms of using the worldwide web as a kind of email assault weapon,.  How big of a problem is spam mail? 

According to securelist.com as of August 2013:
·  The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.
·  The level of phishing increased tenfold compared with July, and averaged 0.013%.
·  Malicious attachments were found in 5.6% of all emails, an increase of 3.4 percentage points compared to the previous month.

Add to this the fact that not only have malicious emails increased during the past year, but spammers have become much craftier, using everything from “Back to School” themes during August and September, to other lures relating to everything from popular holidays, sports, lifestyle, age and gender slants. 

Recent spam trends have included fake airline ticket offers, cruise ship deals and other inducements targeted toward people looking to take a vacation.  A number of these emails were even made to look as though they had been sent by legitimate companies such as Delta Airlines, Royal Caribbean Cruise Line or shipping companies such as FedEx, UPS and DHL.

“Fake notifications often utilize the names of popular international delivery services such as FedEx, UPS and DHL. They tell recipients that a courier failed to deliver their parcel due to an incorrect delivery address. To get the parcel, the recipient should print out the attached document and call the company's office or confirm specified data, including the delivery address. Malicious files can also hide in fake documents supposedly containing detailed information about the parcel, which does not in fact exist. Spammers try to make their fake notifications look legitimate and typically use not only an apparently real sender's address but provide non-existent order information, genuine contact details from official websites and a copy of a privacy notification letter.”

There Ought to Be a Law

While there are indeed a number of laws on the books in the US, the problem begins with trying to determine where the spam originated.  In fact the preponderance of spam originates from foreign shores.  A number of spammers also use proxy servers, slave drives and other forms of subterfuge to cover their trail.  There are a number of state, national and international laws in effect to prosecute these crimes. However, this type of subterfuge not only makes it difficult to prosecute the offenders, it makes it nearly impossible for the average citizen to seek any sort of redress should their system be compromised by malware.



An Ounce of Prevention is Worth a Pound of Cure

The first line of defense in the fight against spam is to never open an email from an email address with which you are unfamiliar.  This doesn’t guarantee success either, since email addresses can be pilfered and/or spoofed.  So if your best friend sends you an email that goes something like, “Check out this blog/offer/link,” don’t go there since your friend’s address has in all likelihood been compromised.  The quickest way to infect your system with malware is to get you to accept a link.

Also look for odd word choices or misspelling since people to whom English is a second language frequently have a hard time getting a fluent grasp on our native tongue.  If the message tells you that you have either won some contest that you never entered, or are about to be penalized due to an implied negligence, don’t fall for this trick. (Note: The IRS does not notify you by email.)  When in doubt, call the company from which the notice was purportedly sent or talk to an expert such as your business partner, accountant, or attorney if you need to check out any offer’s validity.  Never click on a link due to any emotional response.

Do not fall for an unsubscribe that requires you to enter your email address.  This is just a ruse designed for you to verify that your address is active.  There are dozens of ways for a spammer to get your email.  They can purchase a list or they can use a bot to trawl your site looking for contact information.  Don’t make spammers lives easier by signing up to win a free iPad.  Guess what, the only winner is going to be the spammer.

Need to leave your contact info on your website?  No problem.  If you use Gmail, you can create a number of subsidiary email addresses that you can use and eventually change once the spammers get hold of them.  Here’s a tip from WikiHow:

Have one main account, and then make a separate account for different purposes (one for friends, one for entertainment sites, one for your financial websites, etc.).
·         In gmail, you can add a "+" button to your email address. For example, you can signup for newsletters like JohnDoe+Newsletters@gmail.com if your email address is JohnDoe@gmail.com
·         Set all those addresses to forward the mail to your main account so that you do not have to check multiple accounts.
·         If you start receiving spam through one of your alternates, you can trace it to one of your disposable addresses and simply delete that account.

You Need More than One Line of Defense

While most email systems come with a spam filter, this is not nearly enough to protect your system from malware.  I recommend you not only invest in a first rate virus and malware protection system, but you should also invest in a secondary adware/malware system such as Malwarebytes or Advanced System Care.  Today one level of defense is insufficient to protect your system and your data.  Better to pay a few dollars now than many thousands of dollars should your security be compromised.

If you haven’t realized it already, spam is not going to go away.  If anything, it is becoming ever more prominent, effective and insidious.  While laws will continue to be created, these will have little or no effect slowing much less stopping those who wish to spam a lot.  Unlike the Knights of the Round Table, the call to arms when it comes to spam is not ‘One for all and all for one.”  It’s more like, “Every man for himself.”  That being said, it is up to every individual to defend themselves against this ilk since the courts are for the most part stymied by the international nature of this techno crime.  Where’s the Holy Hand Grenade when you really need it?


When Carl Weiss isn’t tilting against technological windmills, he helps clients learn how to start working the web to win.  He is also co-host of the weekly online radio show of the same name that airs live every Tuesday at 4 pm Eastern.

No comments:

Post a Comment