Aiding the Enemy: Have You Become an Unwitting Email Spam Accomplice?

7 ways you may be providing addresses for email spam: Internet Scambusters #399

There’s no end to scammers’ ingenuity when it comes to harvesting addresses for their email spaham (misspelled intentionally). Like: roping you in to help them.

You may not realize that when you forward messages, use someone else’s PC or click on a malware link, you could be handing over valuable email addresses to spammers.

In this issue, we explain 7 ways email scam artists use you to do their work — and how you can avoid becoming their unwitting accomplice.

And now for the main feature…

Aiding the Enemy: Have You Become an Unwitting Email Spam Accomplice?

Over the years, Scambusters has been a pioneer against spam, including helping to highlight the growth of email spam — some of it just digital junk, others armed with malware or peddling bogus offers.

Anti Spam: How to dramatically reduce the amount of spam you’re receiving

And we have provided advice in a previous article, Stop Spam!, on actions you can take to prevent your email address from falling into the wrong hands or cut the possibility of a hit by filtering out the spam emails.

But that’s not the end of the story. Not by a mile.

You probably think of the spam scam artists as your enemy. But did you know that you could actually be helping them with their evil trade?

You may be surprised at how easy it is for them to collect information from a few simple things you might do without realizing you’re helping them.

This is how they do it… (Note for Mac users: All of these apply to Mac users as well, except that #4 and #5 have not been problems for Mac users so far. That means this issue is for Mac users as well.)

1. Collecting Addresses from Emails You Forward

Most people forward emails. But some seem obsessed with the idea of passing on jokes, photos, sensational or bizarre stories or pleas for help.

In particular, they’re just suckers for forwarding those email spam messages that urge you to pass them on to 10 other people, to show you care, or face dire consequences.

Apart from bogging down the Internet, many of these willing forwarders don’t realize they’re also passing around lists of email addresses.

Just think of how many of these you’ve seen where the names of previous recipients are still in the body of the message, which may eventually fall into the hands of spammers.

In some cases, spammers actually offer prizes if you not only forward the email to your 10 buddies but also “cc” it back to them.

Of course, you don’t get a prize — the spammer gets that: his list of addresses.

Action: We definitely advise against forwarding unnecessary stuff, especially chain letters that urge you to pass them on to others or face disaster.

But if you really must join this hoopla, delete any previous email addresses from inside the message and use the “bcc” (blind carbon copy) line for the addressees you send to.

Of course, there’s no guaranteeing they’ll delete your address which will now be inside the spam email if they pass it on!

2. Online Petitions

Ever received one of those?

You’re asked to “sign” a petition in a message by adding your email address, then forward it to others and sending a copy to the “organizer.”

What you’re doing is passing around a list that could contain hundreds or thousands of email addresses that could be nothing more than a harvest for email spam.

Action: In the rare instance the petition is legitimate, it has little or no value and no legal status. If it’s a scam, you will have passed it back to the “organizer” who’s merely after those addresses. Just don’t sign or circulate.

Here’s an interesting article that explains why online petitions don’t work: Internet Petitions.

3. Using a Public PC

If you use a PC that’s also available to others to check your email — say in a library or at school/college, or even a friend’s computer — you usually get access to your address book online.

If so, bear these points in mind:

* The PC could be infected with a virus that is capable of harvesting addresses from browser pages, including your email service provider.

* If you fail to log out of the email service after using such a PC to check or send messages, another user has access to your account to collect addresses for spam emails or even for identity theft.

Action: Don’t use a public PC for email unless it has up-to-date anti-virus software installed, always log out of your email service and, if you can, shut down the browser after use.

4. Your PC as a Zombie

“Zombies” are PCs that have been infected with a virus, enabling the scammer to use your computer to fire off thousands of spam emails without you ever knowing — unless you know what to look for.

We covered this subject in some depth in a previous issue of Scambusters: Spam Update: How You May Unknowingly Be Contributing to the Spam Problem.

Not only are you helping the crook to spread his email spam to innocent victims, but you are also helping to conceal his identity by letting him use your PC — and all for free!

Action: Heed our oft-repeated warning about opening attachments, even those that come from people you know.

Malware can also be transferred to computers if/when you use file-sharing programs (for downloading music and video, for example), or even when you insert someone’s CD or USB drive into your PC.

Never do any of these things unless you have an up-to-date anti-virus program on your PC.

5. Malware Reads Your Address Book

If a scammer can get you to open an attachment or click on a link to download spyware or other viruses onto your PC, this may provide access to all sorts of confidential information, including your email address book.

The crook then has two options: either to send spam email directly from your PC to all your contacts, or to transmit the address list back to the scammer who may then either use it or sell it to others in the email spam business.

Action: Follow the same tips above in “Zombie” PCs.

6. Forwarding a Web-Based Message

Thousands of legitimate websites offer you the opportunity of forwarding a news story, joke or other item to someone else you think might be interested in it.

But a few of them keep that address and add it to lists they eventually sell to email scam artists.

Others exist purely for that purpose. They may forward a joke or thought for the day to your chosen recipients or they may not, but the main thing is they added you to their collection of email addresses.

Action: The only way to be 100% sure this doesn’t happen is to not use this forwarding option.

Instead, copy the website address from the address bar (highlight it and copy and paste it into an email that you send out yourself).

7. Passing Your Own Mail List to Others

If you organize an event or operate a website that collects attendees’ or users’ email addresses, you have a valuable asset that some people are prepared to steal.

Hardly a day passes when we don’t read about a list server being attacked by hackers, and hundreds or thousands of email addresses stolen.

But even a hand-written list of conference attendees has value, especially as it will contain details of people who all share a particular interest in whatever subject the event covers.

Action: Keep written lists constantly supervised. Online, you may be limited by who owns the server you use. Impose your own security where possible and choose server owners who use encrypted address storage.

You can avoid most of the address-stealing techniques outlined in this issue simply by using up-to-date anti-virus software and taking a couple of sensible precautions before forwarding messages.

Do this and you’ll be playing your part in slowing the insidious spread of email spam.

That’s all we have for today, but we’ll be back next week with another issue. See you then!