December 31st, 2007
by
Brett Bumeter
Sometimes website owners will incorrectly be associated and reported as a spammer. (I’m talking email spam here.)
Unfortunately it is all to easy for an email spammer to simply code your email address into the header of an email, even though they are actually sending the email from some other email account and then your email account gets associated with grand titles like term life insurance quotes or the latest Brittany Spears viral image teaser of the day or sometimes it is used in PayPal or Ebay phishing emails.
I’m sure you have probably seen an email that appears to be coming from someone or some site that you know, but if you dig into the properties of the email address, the real email address is something entirely different.
The issue is that some hosting companies will receive a spam complaint and simply shut down your account without doing the appropriate level of due diligence.
This afternoon, I came across some good technical advice to both help you prevent this from happening in the first place and the right responses to que your webhost up with to defend against your account being shut down inappropriately on a forum at Lunar Pages.
You may not be doing anything that can be reasonably construed as spam, but are you absolutely certain that your account and site haven’t been hacked? Could code have been inserted into your site to generate spam? Have you confirmed that there are no changes to your files that were not made by you, or without your knowledge and consent? You’re going to have to go through your files with a fine tooth comb looking for unexplained changes. I find it handy to do a weekly ls -alR of all my files (via cron) to flag changes — if you haven’t been doing that, it’s a lot more work for you to find what’s changed.
You should ask LP if they have any logs of outgoing mail from your account, which might give you a hint as to what got hacked. It’s also very possible that some jackass has simply forged your email address to their spam, and you’re paying the price (even though the spam never went through your account). Demand that LP produce the “spam” emails, with full headers, so they can be examined to find out exactly where they came from. If they won’t, tell them you’ll see them in court if they try to close your account. They need to learn that some twit claiming you’re spamming is not sufficient grounds to disrupt your business — they need to prove it’s originating from your account. It may or may not cut any ice with them that you didn’t know about it, but if you can show you’re taking steps to stop it and prevent future problems, they should relent.
Spam Suspension Warning??? from the Lunar Forums
July 14th, 2007
by
admin
Just wanted to share a warning about a Spoof Email pretending to be from Ebay that is re-circulating the net in a slightly altered form. The email message pretends to be from ebay and like all these phishing emails encourages you to sign in and fix something on your account.
Other than the fact that ebay never sends these types of messages, I was tipped off by the fact that it was sent to an email address of mine that is not associated with an ebay account at all.
I have no idea who the FPA is supposed to be.
The actual link (if you click on it in the email and I definitely do not advise clicking on it in any situation not even to see what is on the other side) points to the following address:
http://fl-65-40-13-231.sta.embarqhsd.net/ws/aw-cgi/eBayISAPI.php?MfcISAPICommand=SignIn&co_partnerId=2&pUserId=&siteid=0&page
Type=&pa1=&i1=&bshowgif=&UsingSSL=&ru=http%3A%2F%2Fwww.ebay.com&pp=&pa2=&errmsg=&runame=&ruparams=&
ruproduct=&sid=&favoritenav=&confirm=&ebxPageType=&
existingEmail=&isCheckout=&migrateVisitor=
That sure does not look like an ebay address even though they disguise it to look like
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn
The email message looks like this
Here is a link to an older version of this spooffing email dated from just a couple weeks ago, so it looks like the scammers are already adapting.
Reporting Phishing or Spoof Emails from ebay
Ebay provides the following site to accept reports from people around the world about spoofing and phishing attacks and other issues. You can also do a google search on the keywords ebay report phishing and look for the Security and Resolution Center at ebay which is a couple clicks away.
These types of things typically appear to be sourced out of Russia, but it is just as possible that someone from any where in the world is just using a host that allows this type of behavior from within Russia. It could just as easily be someone next door, in the next state or even a teenage prankster on a Kissimmee vacation with her parents just seeing what they can do. Regardless, of where they are or who they are it is very dangerous for a person to fall victim to this type of action. If you click on this type of link, contact the credit bureaus and take steps to protect your credit. Then do a top to bottom spyware and virus check on your machine.
March 5th, 2007
by
Brett Bumeter
Have you ever wondered what to do when you receive
Spam or an abusive e-mail?
Well I apparently won the UK national lottery today, according to an e-mail I received from a BellSouth.net address. So I did a quick Google search on “report abusive e-mails” and “BellSouth” used in a keyword search and I came across a page that offers a quick tip on what to do to report abusive e-mails.
BellSouth newly rebranded as AT&T, provides a page titled report e-mail fraud.
It lists the BellSouth address for our reporting spam or phishing spam. And it provides a non-BellSouth address for reporting bank scams. The BellSouth addresses for spam that comes from BellSouth e-mail addresses. And the other address is for addresses from other sources.
BellSouth also provides instructions on how non-BellSouth members can deliver reports about these abuses to BellSouth.
Here are three of the primary examples that they offer:
