Outsmart scanners

SAN FRANCISCO (10/20/2003) - Always be suspicious of e-mail asking for personal information. When in doubt, contact the company directly to confirm the correspondence and find out whether the e-mail or Web site link is legit. Report violators to your ISP and the Federal Trade Commission.

This weekly online column chronicles the spam wars and offers advice. Send your spam gripes, questions, and tips to spamwatch@pcworld.com. As always, your comments and suggestions are welcome. Return to the SpamWatch page for more articles.

Not only can spam annoy you, but now it can also be used to steal your identity and rip you off.

Got a message from a retailer or financial services firm, asking you to confirm your e-mail or physical address, password, and more? Be wary: It's probably a "phishing" lure. Spammers are increasingly using this technique to con you into handing over personal information.

This class of junk e-mail routes its victims to Web sites that mimic those of legitimate companies like Best Buy Co. Inc., EBay Inc., and Citigroup Inc. Fraudsters operating the fake Web sites ask to "confirm" personal and account information--and then they rip you off.

Junk e-mail filters can't always identify these bogus pitches, primarily because the crooks create e-mail and sites that look very convincing.

But businesses and law enforcement agencies are fighting back. Not only are authorities making arrests, but also spam-filtering software firms like MailFrontier Inc. are starting to address the problem. MailFrontier recently updated its Matador (US$30) spam filter to identify phisher spam and automatically report it to the FTC.

On another front, Amazon.com Inc., EBay, Microsoft, and security firm Cyveillance have teamed to fight phisher fraud. They recently formed a working group, the Information Technology Association of America, to seek technology solutions to fight phisher fraud.

How Phishers Hook Victims

Despite publicity about phisher scams, Internet users still fall for the cons, says Todd Bransford, vice president of product marketing at Cyveillance. His company identifies and gathers data on phisher scams and bogus sites, and supplies the information to MailFrontier.

Phisher victims are among those who lost $5 billion to identity theft crimes in 2002, according to the Federal Trade Commission. Bransford says phisher scams are currently the fastest growing form of fraud on the Internet.

The only ones more concerned about phisher scams than worried Web surfers are the businesses being misrepresented.

"Nothing can undermine the trust of consumers and businesses more than sites that con customers out of their account information," says Hans Peter Brondmo, senior vice president at Digital Impact, a permission-based e-mail marketing firm.

Authenticating E-mail

The ability to spoof messages is the Achilles heel of e-mail, Brondmo says. As a member of the Network Advertising Initiative, an e-mail marketing trade association, Brondmo's Digital Impact and other members like AdForce and DoubleClick are working to make it possible for consumers to verify the source of e-mail.

"If you can shine a bright light on all senders of e-mail it becomes a lot harder for scammers to hide in the dark corners of the Internet," Brondmo says. Advertisers with the NAI and businesses represented by the ITAA have a vested interest in making sure consumers don't lose faith and begin disregarding even legitimate pitches.

No standards yet exist for recipients to authenticate e-mail. Tools are available, such as encryption and public key infrastructure technologies that support digital signatures. But these aren't practical for sending bulk e-mail, and most people lack the patience to use them. What's more, any widespread use of authentication is likely to draw close scrutiny from free speech and privacy rights activists.

With phisher scams still presenting a genuine threat to consumers, the only defense is advice: Don't bite when someone goes phishing.


Q. I use Outlook Express, and it beats me how you can move any kind of e-mail without "opening" it. I mean, just click on it with either the right or left mouse button and bingo, it opens. How can you not open it?


A. One way is to change the Layout option in Outlook Express and remove the Preview Pane. The trade-off is that you'll have to double-click messages to view them. To do this, go to View and select Layout. Next, uncheck Show Preview Pane and click Apply.

Q. I have my own domain name that I use to send e-mail to family members on America Online. Suddenly they've stopped receiving my e-mail. I have no problem sending e-mail to non-AOL friends. AOL is blocking me and I can't get it to unblock me.


A. America Online is the ultimate spam magnet and consequently has one of the most restrictive spam filters. It blocks on average 2 billion spam messages each day before e-mail even reaches members' in-boxes.

AOL says that if it is blocking your e-mail, it's because you are sending e-mail from a server (or ISP) unknown to AOL, you have violated AOL's unsolicited bulk e-mail policies, or members have complained that you're sending spam.

Don't bother complaining to AOL by e-mail, because your e-mail is being blocked. Review AOL's policies in detail on its Postmaster.Info page. You may also call AOL's Postmaster Hotline to ask to be removed from its Block List. You can reach the Postmaster Hotline at +1-703/265-4670 or +1-888/212-5537.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AdForceAmazon.comAmerica OnlineAOLCitigroupCyveillanceDigital ImpactDoubleClickeBayFederal Trade CommissionFTCITAAMicrosoftNAI

Show Comments