Tag Archives: scam

Beggar Spam

Posted on by
Comment

A new kind of spam makes me wonder how stupid spammers think we are.

To post a comment on any of my blog-based sites, you need to jump three hurdles:

  1. You need to get past Bad Behavior, a spam prevention solution that can identify bots. If Bad Behavior thinks the a page is being accessed by a spam bot, it simply does not allow that bot to comment. Does this work? Well, during the past 7 days, Bad Behavior has blocked 2,018 access attempts. Does that mean it has stopped all the bots? Sadly, it doesn’t. But it seems to do a pretty good job.
  2. You need to get past Akismet, the WordPress-provided spam filtering tool. Akismet takes the incoming comments that get past Bad Behavior and evaluate them to determine whether they might be spam. If it thinks a comment is spam, it gets put in a spam “bucket” (my term). Does this work? Well, in March it caught 3,830 spam comments, missed only 11 that I flagged as spam, and incorrectly marked only 3 good comments as spam that I rescued. It has caught a total of 54,048 spam comments since October 2008 — that’s just six months.
  3. June 30, 2014 Update
    I’ve finally gotten around to writing up the site comment policy on a regular page (rather than post) on this site. You can find it here: Comment Policy.

    You need to get past me. I read all the comments that Akismet approves and either approve them for posting on the site or mark them as spam that Akismet missed. In certain rare instances, I’ll delete a comment that might not be spam but is, in my opinion, inappropriate for the site. (You can read my comment policy, if you’re interested.) I also briefly review what Akismet has flagged as spam and occasionally rescue a non-spam comment from the spam bucket so it appears on the site.

If you’re not a blogger, you probably don’t realize how big a problem comment spam is. Simply said, if I didn’t have Bad Behavior to block the bots and Akismet to filter out spam comments, this blog would attract anywhere from 10 to 1000 spam comments in a day. Spam comment contents range from links to sites selling drugs or offering online gambling to simple attempts to get some “Google Juice” from links to specific sites. Some of it contains crude and offensive words and ideas. If I let it get by me and allowed it to be posted on my sites, it would likely offend most of my readers.

But lately, I’ve begun getting a new kind of spam: beggar spam. The content of the message goes something like this:

I do not believe I get only one chance in life. I am from Guinea so my English is bad. Please give.

WTF?

Of course, this kind of comment never makes it to my blog. It’s stopped dead by Akismet or me. After a while, Akismet will pick up the pattern that identifies it as spam and properly filter each beggar spam message into the spam bucket.

But the real question is this: do these spammers really expect blog readers — or bloggers, for that matter — to send money to some faceless beggar just because they asked for it? Does anyone actually send them money to give them the idea this ploy works?

Which brings up another thought: The Internet has made it so easy for people to try to suck money out of people that they’ll try anything, no matter how unlikely it is to work. Just get yourself an automated commenting bot, set its options to include the message and link you want, and let it go. Sixty seconds of effort and an Internet connection can flood the world’s blog (and spam filters) with millions of scam attempts. If even one of them is successful, the spammer is ahead of the game.

I wonder how much of the world’s Internet bandwidth is used by but spammers and con artists. I’m not just talking about comment spam here. I’m talking about e-mail from Nigerian princes and widows. I’m talking about responses to For Sale items on online services, where the buyer offers a certified check for more than the purchase amount and asks you to give the difference to his shipping agent. Or the people who e-mail legitimate companies, offering to pay more for services than advertised, with the difference going to a “logistics” agent.

I see how many of these things cross my path in a day or week or month. I’m just one relatively well-connected person. What of the people who are better connected than me? Or the ones that foolishly put their e-mail addresses, unencoded, on a Web site so the spam bots can scrape them up for sale to spammers? Or the ones with blogs at the top of Google’s page rank that get thousands of visitors a day?

How much of the Internet is wasted on fraud and spammy self-promotion?

Anyway, I’d love to get feedback from other bloggers or people experienced with spam. What’s the most ridiculous spam you’ve ever received? The one that made you think the spammer thinks everyone is a gullible fool? Use the Comments link or form for this post.

And don’t try to spam me, please. Your comment will never appear on this site.

Credit Card Stolen?

Posted on by
Comment

But merchandise is being sent to the cardholder’s address?

Here’s a weird thing I’m hoping a reader can shed some light on.

A friend of mine just called me. He said that he was checking his bank account online today and found about 10 transactions for items he did not buy. All the transactions apparently came through on his Debit card.

So his card number was stolen and the thief was on a shopping spree, right?

Well, not so fast. He tracked down a number of the items ordered and discovered that they were being shipped to his address.

It seems that it’s either a bad joke or the thief plans to steal the delivered stuff off his doorstep when it’s delivered.

Has anyone out there ever heard of anything like this happening? Any advice I can pass on to him?

He’s not worried about the money — the bank has already told him they’ll reverse the charges to his account. I’m just trying to understand the scam. This is a new one to me.

Beware of the Latest Scam

Posted on by
3

Confirmation e-mails from sites you never joined.

Yesterday, I got an e-mail message that went something like this:

From: [omitted]
Subject: Member Confirm
Date: August 20, 2007 9:05:49 PM MST
To: [omitted]

Welcome,

Thank You for Joining Web Cooking.

Confirmation Number: 769799922
Temorary Login: user4129
Password ID: qb371

Your temporary Login Info will expire in 24 hours. Please login and change it.

This link will allow you to securely change your login info: http://[IP address omitted]/

Thank You,
Membership Support Department
Web Cooking

Trouble is, I haven’t signed up for any Web site with that name using the e-mail address the message was sent to. And although the clickable URL was very tempting to check out — after all, I could have forgotten that I’d signed up for something — I was hot and tired and ready to call it quits for the day.

This morning, I got a very similar message sent to the same e-mail address from another site. That’s when I became sure that something was up.

You see, just the other day, I was listening to the Future Tense podcast while washing my helicopter. One of the stories was about the “Storm Virus,” which is being spread by e-mail. One of the ways they spread this virus is by sending you an e-mail with a link to a Web site. Idiots click this link and go to a Web page, which then takes advantage of security holes in the visitor’s brower to infect the computer. You’ve probably gotten one of these messages — they often lure you by telling you that someone has sent you an electronic greeting card.

Apparently, they’ve come up with a new way to lure you to a site.

So my word of warning here — do not click any link in an e-mail message you receive unexpectedly from someone you don’t know.

And if anyone else has more information about this virus or new series of e-mail spam cons, please do use the Comments link or form for this post to let us know. Thanks.

Commercial Airline Travel Blues

Posted on by
2

At the mercy of misguided authority — and other minor inconveniences.

I flew to Austin, TX today. Well, that’s not exactly true. I wasn’t doing the flying. I was a passenger on a Southwest Airlines 737.

Dangerous Substances and Implements

I hadn’t been on a commercial airliner since last November and I’d forgotten what a pain in the neck it could be. Back then, Mike and I were flying to Florida for a week and we checked our luggage, so all the liquids/cremes/gels nonsense didn’t apply to us. Since those days, most airports have relaxed many of their restrictions on these things. But Phoenix has not. It still limits your liquids/cremes/gels carry-on to 3 ounce bottles that must fit in a clear plastic bag that they provide. They call it 3-1-1, but I have no clue what the 1 and 1 are supposed to stand for.

I had a tube of toothpaste, a tiny bottle of eye drops, 4 disposable contact lenses (in original packaging), and an almost spent tube of face cream. It was tucked into my backpack, along with a change of clothes, some PJs, my 12″ PowerBook, and a bunch of chargers and AC adapters.

I decided that I was going to take my chances with the X-Ray machine. Phoenix could save a plastic bag. If security found my liquids/cremes/gels a hazard to airline traffic, they could keep them.

And that’s what was going through my mind as I waited on line at security.

Until I got to the front of the line and started wondering whether I still had that mini Leatherman tool in my purse. I’d bought the tool back in my turbine helicopter days, when I needed a screwdriver to open the battery compartment on the Long Ranger I flew at the Grand Canyon. SInce then, the tool was always shuffling around from one place to another. I wasn’t sure if it was in my purse.

Security brought good news and bad news. The good news is, they either didn’t find my liquids/cremes/gels or didn’t care about them. The bad news is, they did find the Leatherman tool. But, of course, that’s good news, too. I would have been more worried if it were in there and they didn’t find it.

The Leatherman cost me $34 in 2004 and I wasn’t about to leave it for the security people to fight over. So I got an escort back into the insecure area and a special yellow card that would allow me to come back to the front of the line. I also got directions to the Information desk, where a Indian woman would help me mail my Leatherman home.

I waited behind a man buying stamps for postcards. When it was my turn, the Indian woman weighed my leatherman and gave me a padded envelope and 3 39¢ stamps. I gave her $2.79.

“The mailbox is on the second level,” she told me. Go down one level and go out door 23 on the north side. It’s to the left. You’ll have to walk a little.”

That was the understatement of the day. The mailbox was on the opposite end of the terminal. I think that if I’d walked in a different direction, I probably would have run into a post office sooner.

Back at the line, I was able to get to the front with my yellow card. Then I faced the X-Ray machine again. Would they confiscate my liquids/cremes/gels?

No.

I felt bad for the folks who had unpacked these dangerous substances and revealed them to the world.

East by Southwest

Southwest Airlines LinePart two of my commercial airline travel day came when I arrived at the Southwest Airlines gate for my flight. That’s when I remembered why I’d stopped flying Southwest years ago. No assigned seats.

At the gate were three signs on poles: A, B, and C. And at each sign was a line of passengers. I got on what I thought was the end of line A but was then directed back behind 20 more people who were fortunate enough to have seats on line.

Whatever.

The pre-board line was surprisingly long. On it were folks in wheel chairs, a family with a young child in a stroller, and some older people who looked perfectly fit to me. I guess that when you get to be over a certain age, you can get special treatment if you push hard enough for it.

The pre-board folks disappeared into the plane and they started on line A. I handed over my boarding pass — didn’t need it since it didn’t have a seat number on it — and followed the people in front of me. I was very surprised to get a seat at a window in row 3. Apparently most folks don’t want window seats. Most aisle seats in the front half of the plane were full.

The older folks who had been on the pre-board line were sitting right in front of me.

Planes on LineAlthough we taxied right to the runway for departure, when we turned the corner I saw at least a dozen airplanes in line behind us. I guess that’s why the captain was taxiing so quickly on the ramp.

It was a great flight. Short and smooth. I had two glasses of orange juice, a bag of honey roasted peanuts, and a bag of Ritz crackers. I listened to podcasts: Wait Wait Don’t Tell Me, Wired News, and Alt Text.

It was clear through Arizona and into New Mexico. I had a great view of the north side of El Paso. Then the tiny clouds started up, casting oddly shaped shadows on the desert terrain below them. We flew over the oil fields — mile after mile of sand colored squares, connected by dirt roads. The clouds thickened until I could no longer see the ground at all. Then we started our descent. I heard the landing gear lock into place long before I saw the ground again. It was wet.

As I was getting off the plane, I noted that the folks in front of me who needed extra time to board needed no extra time to get off the plane. They were out the door almost before the jetway had rolled to a complete stop. I bet they have a handicapped sign for their car’s rear view mirror so they can use handicapped parking, too.

Austin’s airport terminal looks like a great place to hang out. I’m sure I’ll get a good opportunity tomorrow, while I’m waiting for my return flight.

Unless I decide to spend that time standing on line.

Car Rental Scams and Beyond

The Hertz car rental guy tried hard to sell me the insurance coverage, using the usual scare tactics. I resisted. He then tried to sell me a whole tank of fuel for the car, warning me that I’d pay $6.69 a gallon if I didn’t return it full. I doubt if I’ll drive more than 20 miles, so I told him I’d return it full.

Right now I’m sitting in a nice little room at the Marriott Springhill Suites. I have an Internet connection, a fridge, a microwave, and a king sized bed with a pillowtop mattress. Outside my window is a tree — not a parking lot! It sure beats the place I stayed in last time I came to Austin.

Travel isn’t so bad. I’ll live.

E-Mail Addresses on Web Sites

Posted on by
Comment

Why you shouldn’t include a link to your e-mail address on your Web site.

Many people — including me! — use their Web sites as a kind of global calling card, a way to share information about themselves or their companies with others all over the world. It’s common to want to share your contact information with site visitors — particularly potential customers — so they can contact you. This is often done through the use of a mailto tag. For example, e-mail me! which appears as a clickable e-mail link.

Unfortunately there are people out there who want your e-mail address, people who want to scam you into sending money to Nigeria, advertise their online casinos, sell you prescription drugs, show you their porn sites — the list goes on and on. If you have your e-mail address on any Web site, you probably already get a lot of this spam. That’s because of computer programs that crawl through Web sites and harvest e-mail addresses that are included in the otherwise innocent mailto tag. Heck, they even harvest addresses that aren’t part of a mailto tag, so just including your e-mail address on a Web page without a link can get you on a bulk e-mail list.

So what’s the solution? There are a few.

One popular and easy-to-implement solution is to turn your e-mail address into a text phrase that a site visitor must see and manually type in to use. For example, me@domain.com becomes me at domain dot com or meATdomainDOTcom. You get the idea. Someone who wanted to send you an e-mail message, would be able to figure that out — if he couldn’t, he really shouldn’t be surfing the ‘Net anyway — and manually enter the correct translation in his e-mail program. But e-mail harvesters supposedly can’t figure this out (which I find hard to believe) so the e-mail address isn’t harvested.

Another solution is to use an e-mail obfuscation program. These programs take e-mail addresses and change or insert characters to make them impossible to read. The e-mail addresses look okay on the site — to a person viewing them — and work fine in a mailto link — when used from the Web site. WordPress plugins are available to do this. I don’t use any of them, so I can’t comment on how well they work. But they must be at least a little helpful if they’re available. You can find a few here, on the WordPress Codex.

The solution I use is form-based e-mail. I created a Contact Form with fields for the site visitor to fill out. When the form is submitted, a program processes it and sends it to my e-mail address. Because that address is not on the Web page that includes the form — or on any other Web page, for that matter — e-mail harvesters cannot see it. As a result, I’m able to provide a means of contacting me via e-mail that keeps my e-mail address safe from spammers.

The program I use is called NateMail from MindPalette Software. it’s a free PHP tool that’s easy to install and configure. But what I like best about it is that you can set it up with multiple e-mail addresses. Use a corresponding drop-down list in your form to allow the site visitor to choose the person the e-mail should go to. NateMail directs the message to the correct person. You can see this in action on my other WordPress-based site, wickenburg-az.com, in its Contact Form. If you want a few more features, such as the ability to attach files to an e-mail message, MindPalette offers ProcessForm for only $15.

Other WordPress users are likely to have their own favorite methods of protecting their e-mail addresses from spammers. With luck, a few of them who read this will share their thoughts in the Comments for this post.

One more thing…this doesn’t just apply to WordPress-based sites. It applies to all Web sites. And a contact form tool like NateMail will work with any PHP-compatible Web server.

If you’re already getting spam, using one of these methods won’t stop it. It’ll just keep the situation from getting much worse. Your best bet is to change your e-mail address and protect the new one. In my case, that’s a big pain in the butt — so many people I need to be in touch with have my e-mail address and, worse yet, I often use it as a login for Web sites I visit (which does indeed make the spam situation worse). I’m working on a plan to phase out the bad addresses and replace them with ones that I protect. Until then, I have to rely on the spam-catching features of my ISP and my e-mail software to sort out the bad stuff — currently about 20-40 messages a day — so I don’t have to.