Tag Archives: spam

Beggar Spam

Posted on by
Comment

A new kind of spam makes me wonder how stupid spammers think we are.

To post a comment on any of my blog-based sites, you need to jump three hurdles:

  1. You need to get past Bad Behavior, a spam prevention solution that can identify bots. If Bad Behavior thinks the a page is being accessed by a spam bot, it simply does not allow that bot to comment. Does this work? Well, during the past 7 days, Bad Behavior has blocked 2,018 access attempts. Does that mean it has stopped all the bots? Sadly, it doesn’t. But it seems to do a pretty good job.
  2. You need to get past Akismet, the WordPress-provided spam filtering tool. Akismet takes the incoming comments that get past Bad Behavior and evaluate them to determine whether they might be spam. If it thinks a comment is spam, it gets put in a spam “bucket” (my term). Does this work? Well, in March it caught 3,830 spam comments, missed only 11 that I flagged as spam, and incorrectly marked only 3 good comments as spam that I rescued. It has caught a total of 54,048 spam comments since October 2008 — that’s just six months.
  3. June 30, 2014 Update
    I’ve finally gotten around to writing up the site comment policy on a regular page (rather than post) on this site. You can find it here: Comment Policy.

    You need to get past me. I read all the comments that Akismet approves and either approve them for posting on the site or mark them as spam that Akismet missed. In certain rare instances, I’ll delete a comment that might not be spam but is, in my opinion, inappropriate for the site. (You can read my comment policy, if you’re interested.) I also briefly review what Akismet has flagged as spam and occasionally rescue a non-spam comment from the spam bucket so it appears on the site.

If you’re not a blogger, you probably don’t realize how big a problem comment spam is. Simply said, if I didn’t have Bad Behavior to block the bots and Akismet to filter out spam comments, this blog would attract anywhere from 10 to 1000 spam comments in a day. Spam comment contents range from links to sites selling drugs or offering online gambling to simple attempts to get some “Google Juice” from links to specific sites. Some of it contains crude and offensive words and ideas. If I let it get by me and allowed it to be posted on my sites, it would likely offend most of my readers.

But lately, I’ve begun getting a new kind of spam: beggar spam. The content of the message goes something like this:

I do not believe I get only one chance in life. I am from Guinea so my English is bad. Please give.

WTF?

Of course, this kind of comment never makes it to my blog. It’s stopped dead by Akismet or me. After a while, Akismet will pick up the pattern that identifies it as spam and properly filter each beggar spam message into the spam bucket.

But the real question is this: do these spammers really expect blog readers — or bloggers, for that matter — to send money to some faceless beggar just because they asked for it? Does anyone actually send them money to give them the idea this ploy works?

Which brings up another thought: The Internet has made it so easy for people to try to suck money out of people that they’ll try anything, no matter how unlikely it is to work. Just get yourself an automated commenting bot, set its options to include the message and link you want, and let it go. Sixty seconds of effort and an Internet connection can flood the world’s blog (and spam filters) with millions of scam attempts. If even one of them is successful, the spammer is ahead of the game.

I wonder how much of the world’s Internet bandwidth is used by but spammers and con artists. I’m not just talking about comment spam here. I’m talking about e-mail from Nigerian princes and widows. I’m talking about responses to For Sale items on online services, where the buyer offers a certified check for more than the purchase amount and asks you to give the difference to his shipping agent. Or the people who e-mail legitimate companies, offering to pay more for services than advertised, with the difference going to a “logistics” agent.

I see how many of these things cross my path in a day or week or month. I’m just one relatively well-connected person. What of the people who are better connected than me? Or the ones that foolishly put their e-mail addresses, unencoded, on a Web site so the spam bots can scrape them up for sale to spammers? Or the ones with blogs at the top of Google’s page rank that get thousands of visitors a day?

How much of the Internet is wasted on fraud and spammy self-promotion?

Anyway, I’d love to get feedback from other bloggers or people experienced with spam. What’s the most ridiculous spam you’ve ever received? The one that made you think the spammer thinks everyone is a gullible fool? Use the Comments link or form for this post.

And don’t try to spam me, please. Your comment will never appear on this site.

Twitter is NOT a Popularity Contest

Posted on by
15

And Twitter is being destroyed by the people who think it is.

The other day, there was an update in my tweet stream from MrTweet. It said:

New Posting: Twitter & the Law of Reciprocity (Why you should be a generous Twitterer, and how to!) http://bit.ly/Ni5tb

MrTweet is the Twitter account name for an online service that supposedly helps you find Twitter users who are like you. I joined up a while back, interested in adding a few people that I might connect with to the list of people I follow. I don’t know what MrTweet’s algorithms are like, but it didn’t come up with any matches. Still, there were few incoming tweets on that account, so I kept following it. That’s how I received the above tweet.

I followed the link. The blog post that appeared, “Twitter & the Law of Reciprocity,” included the author’s opinion of Twitter: “People may not like it, but Twitter is as old-fashioned a popularity game as high school is…”

WTF?

Is that what people think? Or, more likely, is that what people have turned Twitter into?

The post went on to provide tips for increasing the number of people who follow you, prefaced with this word of warning:

This isn’t a magic “popularity” ingredient, nor can I ensure you’ll get followers by the droves if you take my advice. This IS however, a philosophical theory that can bring you benefits if you understand it and are able to take advantage of it in your self-promotional efforts.

Among the pieces of advice were to reciprocate follows. That means if someone follows you, you should automatically follow back. It doesn’t matter who the person is, where he’s from, what he tweets, what his motives are, or how well you could possibly connect with him. Just follow him blindly.

This advice made me sick. It’s this attitude that’s turning Twitter into a meaningless waste of bandwidth, full of self-promotional links and blatant advertising.

Not long afterward, I caught wind of a new site called TweepMe. This is a pure piece of automated trash with just one goal in mind for the user: increase follower count. Here’s how it works: you sign up, providing both your Twitter user ID and password. You’re automatically followed by everyone else who signed up and you automatically follow all of them. So if TweepMe has 1,000 members, you automatically have 1000 followers. Ready for the punchline? The service is free to start out. Afterwards, you pay for your membership (and new followers).

Holy f*cking cow! What moron is so desperate for followers that he’d pay to get them? Oh, yeah. These morons.

Twitter logoHas everyone forgotten the original purpose of Twitter? It’s a social networking site, a way to connect with people you know. It’s “microblogging.”

If you’re a Twitter member, log out of your account on Twitter and go to http://www.twitter.com/. Here’s what you’ll find right on the Home page, under “What is Twitter?”:

Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?

I don’t see anything in there about selfishly eating up bandwidth to create hundreds or thousands of meaningless connections to strangers whose only interest is to do the same.

Tell me something: are these thousands of strangers you’re collecting as followers your “friends, family, and co-workers”? Are they likely to ever fit into any of those categories? Do you even care about them?

Why the hell are you “collecting” them, like a kid collects pretty rocks at the beach?

Have you read Jennifer Leggio’s excellent post on ZDNet, “I am popular on Twitter. Here’s why this means nothing.“? She echoes my sentiments exactly.

While I’ve been watching the growth, use, and misuse of Twitter for some time now, the childishness of follower collectors has only been a source of amusement for me. Until now.

The increase in demand on Twitter’s systems and bandwidth may be causing service outages. While that was bad enough as Twitter went through its growing pains, it truly sucks if it’s caused by what one Twitter user, @pageoneresults, refers to as a “Twitter Self Replicating Human Virus.” While I don’t usually link to SEO sites (I don’t believe in messing with Google search results), Edward Lewis’s blog post, “TweepMe Twitter Application,” is more than just an angry rant. It provides a wealth of information about what TweepMe is, how it works, how it can be compared to trojans and viruses, and how the idiots who initially signed on can make a clean break with it. He also opines about TweepMe’s possible role in recent Twitter outages:

There appears to be a bit more with this TweepMe application that many have overlooked. The thing is growing exponentially. It is a Twitter Self Replicating Human Virus. If it continues at its current rate, it may even hamper the performance of the Twitter pipelines. Whale Watchers are claiming that TweepMe is behind the recent Fail Whale sightings on Twitter although none of us can be sure of that.

Personally, I’m saddened by what is happening to Twitter. Since becoming an active Twitter user two years ago, I’ve always thought of my Twitter friends as “water cooler buddies.” I work in a home-based office and spend most of my days alone. Having the 100 people I follow in the Twitterrific window on my computer’s desktop gives me the social interaction I need during the day to keep my sanity. While some of these people are friends — including folks I was very close to 20 or more years ago! — others are people I met through Twitter. I’ve made good, solid connections with quite a few of them. I’ve met several of them in person and can now consider them real friends.

To me, that’s what social networking is all about. Twitter makes it easy. It enhances my life.

So you can imagine my anger and frustration when I see blog posts and Web services created with the sole purpose of increasing follower count, wasting bandwidth, and undermining Twitter’s original purpose and goals.

How Not to Get Caught in a Phishing Net

Posted on by
1

Don’t get fooled.

Today I got an e-mail message from American Express. It said, in part:

During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To American Express Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
American Express , Billing Department.

The type was tiny, which is probably why I didn’t notice the typos and spelling/grammar mistakes. Or perhaps I didn’t notice them because I’ve become so accustomed to skimming incoming mail rather than reading it.

The message looked official. It had the Amex logo and used their normal color schemes. But what really made it look genuine was the note near the bottom:

E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the American Express mentioned above can be accessed by typing https://www.americanexpress.com directly into your browser.

The hint that this wasn’t as legitimate as it seemed came when I pointed to the link to supposedly update my account information. The URL that appeared in a yellow box in my e-mail client consisted of an IP address followed by /home.americanexpress.com/.

Of course, the e-mail message wasn’t real. When I typed http://www.americanexpress.com/ into my Web browser and logged into my account, there was no indication of any problem.

Phishing, Defined

Wikipedia, everyone’s favorite online encyclopedia, defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one.

My spam protection software is very good at weeding out phishing attempt messages, so I rarely see them. This one almost fooled me. If I’d been suckered in like so many probably were today, I would have clicked the link and entered my American Express login information in the screen that appeared. That information would have been captured in the phishing net and used to access my American Express account online.

It Isn’t PayPal

One of the Web sites I maintain is for a friend of mine who makes and sells helicopter ground handling wheels: HelicopterWheels.com. He’s an older guy who’s only been using computers for a few years. When I set up the original site, he asked me to set up online ordering. I’ll be the first to admit that I know little about setting up ecommerce solutions. So I set him up with the easiest and most secure method of accepting payments that I knew: PayPal.

Now PayPal has a bad reputation with some folks and I’m really not interested in hearing reader complaints about it. I use PayPal for my online ordering needs and although it isn’t a perfect solution, it does work and it seems safe enough to me.

Unfortunately, my friend received an e-mail message telling him that he had to verify some PayPal settings. The message was a phishing scam and my friend fell for it. He got hit for a bunch of money — which I’m not sure if he recovered. He immediately blamed PayPal and had me take the Buy Now buttons off his site.

I felt bad for him. After all, I’d recommended PayPal. But I’m also not the kind of person who gets sucked in by phishing schemes. I assumed he wasn’t either. I was wrong.

Don’t Get Caught

So here’s the only rule you need to prevent yourself from becoming the victim of a phishing scam:

Never click a link in any e-mail message.

If you get a message from your bank or credit card company or PayPal or any other service that requires you to enter a user ID and password to access it, do not click any link in that message. Instead, go directly to the site by typing the URL into your browser’s Address bar or using a Bookmark/Favorite that you’ve already set up. If there is a legitimate problem with your account that requires your attention, you’ll find out after logging in the safe way.

Of course, there are plenty of clues that can help you identify phishing attempts:

  • Messages not addressed to your name. For example, Dear Cardholder instead of Dear Maria Langer.
  • Typographical, spelling, and grammar errors in the e-mail message. Do you think American Express would spell regularly wrong?
  • Messages sent to an e-mail address that you did not register with the organization supposedly sending the e-mail message to you. For example, the message I got today was sent to my Flying M Air e-mail account, which is not on file with American Express.
  • URLs that point to IP addresses rather than recognizable domain names. For example, http://35.32.185.43/account rather than http://www.americanexpress.com/account.

But you don’t have to worry about any of this. Just follow the golden rule listed above. Here it is again, in case you’ve forgotten: Never click a link in any e-mail message.

If you follow this rule, you should stay safe from phishing schemes.

Got a story to share? Use the Comments link or form for this post to speak your piece.

Fighting Twitter Spammers

Posted on by
1

Fighting a new kind of spammer.

Twitter logoI’m an avid Twitter user with 5,000+ tweets to my name since I joined up over a year ago. I tweet from my computer, usually using Twitterrific, and from my Treo smartphone, usually using text messaging. I don’t follow tweets via text message, but while I’m out and about, I occasionally will use the Treo’s Web browser to see if I’m missing anything interesting among the people I follow in the Twitterverse.

If you know Twitter, you know that you can select whether you should be notified by e-mail when you get a new follower. I have this option turned on. Each time someone follows me, I get an e-mail message with a link to his/her page. In the past, this has enabled me to identify new, interesting people to follow.

Twitter, like all online services, has abusers. In the old days, this was limited to people who tweeted more promotional material and links than real “What are you doing?” content. These people used bots to follow everyone they could. And there were just enough idiots out there to follow them, making them look somewhat legit.

For new followers, I’ve always applied the 10% rule. I wrote about this rule in my post, “Twitter Sluts.” This rule states that if the Twitter member is following more than 10 times the number of people who follow him, he’s following indiscriminately and is probably abusing the system. In reality, he’s not “following” anyone at all. He’s just trying to get suckers to follow him.

Now there’s a new breed of spammers. They set up a Twitter account and post a single tweet with something like “This make money fast plan really works: http://www.somebogusplan.com/.” Then they use bots to follow every person who tweets.

People like me, who want to find new, interesting people to follow, get the notification in e-mail and click the link to check out the user’s Twitter page. What I see is the promotional link and stats that include thousands of people being followed and only a few idiots following in return.

Obvious spammer.

This wouldn’t be so bothersome if it were just one or two of these abusers a week. But I’m getting 2 to 5 of them a day. Following up on these people is becoming annoying.

While I could turn off notifications, I’d also miss out on the real Twitter users who are legitimately following me, people who I might want to follow. So that’s not an option.

Now the folks at Twitter have a technique in place to report spammers. It requires me to go to a feedback page, fill in a form with a number of fields that don’t apply, and put in the spammer’s account name. The entire process takes about 3 minutes to complete — when my currently funky Internet connection cooperates. With 5 spammers a day, that’s 15 minutes of my day pissed away on report spammers.

I don’t know about you, but my time is more valuable than that.

While I could simply ignore them, I’ve taken to using the Block button at the bottom of the user’s Twitter page to block them. This feature is designed to prevent the person from bothering me again or from seeing my tweets. But I think that if enough people do this and if the folks at Twitter occasionally glance at who’s being blocked by more than 5 or 10 people, it could be a quick and effective way to identify spammers. Just two clicks — Block, then a confirmation I want to block — the job’s done.

Of course, if the folks at Twitter installed a “This is a Spammer” link on the user’s page, it would make it clear what we’re all trying to say. I’ve put that in as a suggestion, but am still waiting.

The folks at Twitter have enough on their hands right now, just trying to keep Twitter up and running smoothly 24/7. I hope that when they’re done with that daunting task, they’ll tackle this one.

But they should keep in mind that once they put controls in place to prevent spamming, they’ll have a lot less activity on the site to worry about.

Another Comment Policy

Posted on by
Comment

And you thought mine was strict.

Reader comments are often what can make a blog far more interesting than it would be without comments. In fact, the commenting feature of blog software can create a community at a blog when regular readers and commenters add their two cents to blog posts.

Unfortunately, not everyone has something of value to add to a conversation. And that doesn’t stop them from adding it.

Comments Here

I review every single comment posted to this blog, so I know the full range of comment quality. Tossing aside the hundreds of daily automated spam comments caught by my spam protection software and the obvious attempts of human readers to redirect my blog’s readers to their sites, the “real” comments can be informative, helpful, interesting, funny, or thoughtful. But they can also be sarcastic, nasty, rude, or offensive.

June 30, 2014 Update
I’ve finally gotten around to writing up the site comment policy on a regular page (rather than post) on this site. You can find it here: Comment Policy.

I state my comment policy in various places throughout this site, including here. Although I occasionally do have to delete a comment that’s overly offensive or one that’s sure to generate a nasty argument, in general, this site has a great group of regular readers and commenters that don’t need to be watched over as if they’re poorly behaved children.

As an example of how much commenting can contribute to a blog, check out one of my posts, “The Helicopter Job Market,” which has accumulated almost 50 comments in just over a year. Many of these comments offer helpful insight to helicopter pilots and wannabes. They’ve created a conversation that just keeps growing — indeed, five comments have been added to that post in just the past week.

Anyway, I welcome comments and won’t prevent one from appearing unless it’s either offensive or totally self-promotional. Get a conversation going. I really enjoy it. And reader comments are often what trigger me to write new blog posts.

A Comment Policy From Down Under

Today, while in search of both images from the Iran missile photo controversy, I stumbled upon an article on the Herald Sun Web site. It showed both photos and provided some commentary about the situation. It mentioned that Iran was firing more test missiles today. The thought that if they kept firing missiles for tests they might run out came to my mind. Since the article had a comment field, I decided to voice that unlikely but amusing thought, mostly to lighten things up.

I posted the comment and submitted it. On the confirmation page, the following comment policy appeared:

Please note that we are not able to publish all the comments that we receive, and that we may edit some comments to ensure their suitability for publishing.

Feedback will be rejected if it does not add to a debate, or is a purely personal attack, or is offensive, repetitious, illegal or meaningless, or contains clear errors of fact.

Although we try to run feedback just as it is received, we reserve the right to edit or delete any and all material.

What I like about this comment policy is how clear it is. It’s warning commenters, almost up front, that what they submit may not appear at all or as it was submitted. I like the second sentence/paragraph. (Oddly enough, the commenter before me said “I Still dont Belive USA went to the Moon” and I’m wondering how that got through the moderation process, being that it’s pretty much meaningless, contains clear errors of fact, and does not add to the debate, but I guess that’s just my opinion.) I find the third sentence/paragraph bothersome, mostly because I don’t believe in editing someone’s comment. If it needs editing, it probably shouldn’t appear at all.

Up for Commenting

Anyway, I’m just tossing this out there, mostly to see what visitors here think about it.

Commenting is one of the good and bad things about blogging. On this site, I really enjoy most of the non-spam comments we receive. As long as you keep commenting, I’ll keep writing.