Tag Archives: spam

Beggar Spam

Posted on by
Comment

A new kind of spam makes me wonder how stupid spammers think we are.

To post a comment on any of my blog-based sites, you need to jump three hurdles:

  1. You need to get past Bad Behavior, a spam prevention solution that can identify bots. If Bad Behavior thinks the a page is being accessed by a spam bot, it simply does not allow that bot to comment. Does this work? Well, during the past 7 days, Bad Behavior has blocked 2,018 access attempts. Does that mean it has stopped all the bots? Sadly, it doesn’t. But it seems to do a pretty good job.
  2. You need to get past Akismet, the WordPress-provided spam filtering tool. Akismet takes the incoming comments that get past Bad Behavior and evaluate them to determine whether they might be spam. If it thinks a comment is spam, it gets put in a spam “bucket” (my term). Does this work? Well, in March it caught 3,830 spam comments, missed only 11 that I flagged as spam, and incorrectly marked only 3 good comments as spam that I rescued. It has caught a total of 54,048 spam comments since October 2008 — that’s just six months.
  3. June 30, 2014 Update
    I’ve finally gotten around to writing up the site comment policy on a regular page (rather than post) on this site. You can find it here: Comment Policy.

    You need to get past me. I read all the comments that Akismet approves and either approve them for posting on the site or mark them as spam that Akismet missed. In certain rare instances, I’ll delete a comment that might not be spam but is, in my opinion, inappropriate for the site. (You can read my comment policy, if you’re interested.) I also briefly review what Akismet has flagged as spam and occasionally rescue a non-spam comment from the spam bucket so it appears on the site.

If you’re not a blogger, you probably don’t realize how big a problem comment spam is. Simply said, if I didn’t have Bad Behavior to block the bots and Akismet to filter out spam comments, this blog would attract anywhere from 10 to 1000 spam comments in a day. Spam comment contents range from links to sites selling drugs or offering online gambling to simple attempts to get some “Google Juice” from links to specific sites. Some of it contains crude and offensive words and ideas. If I let it get by me and allowed it to be posted on my sites, it would likely offend most of my readers.

But lately, I’ve begun getting a new kind of spam: beggar spam. The content of the message goes something like this:

I do not believe I get only one chance in life. I am from Guinea so my English is bad. Please give.

WTF?

Of course, this kind of comment never makes it to my blog. It’s stopped dead by Akismet or me. After a while, Akismet will pick up the pattern that identifies it as spam and properly filter each beggar spam message into the spam bucket.

But the real question is this: do these spammers really expect blog readers — or bloggers, for that matter — to send money to some faceless beggar just because they asked for it? Does anyone actually send them money to give them the idea this ploy works?

Which brings up another thought: The Internet has made it so easy for people to try to suck money out of people that they’ll try anything, no matter how unlikely it is to work. Just get yourself an automated commenting bot, set its options to include the message and link you want, and let it go. Sixty seconds of effort and an Internet connection can flood the world’s blog (and spam filters) with millions of scam attempts. If even one of them is successful, the spammer is ahead of the game.

I wonder how much of the world’s Internet bandwidth is used by but spammers and con artists. I’m not just talking about comment spam here. I’m talking about e-mail from Nigerian princes and widows. I’m talking about responses to For Sale items on online services, where the buyer offers a certified check for more than the purchase amount and asks you to give the difference to his shipping agent. Or the people who e-mail legitimate companies, offering to pay more for services than advertised, with the difference going to a “logistics” agent.

I see how many of these things cross my path in a day or week or month. I’m just one relatively well-connected person. What of the people who are better connected than me? Or the ones that foolishly put their e-mail addresses, unencoded, on a Web site so the spam bots can scrape them up for sale to spammers? Or the ones with blogs at the top of Google’s page rank that get thousands of visitors a day?

How much of the Internet is wasted on fraud and spammy self-promotion?

Anyway, I’d love to get feedback from other bloggers or people experienced with spam. What’s the most ridiculous spam you’ve ever received? The one that made you think the spammer thinks everyone is a gullible fool? Use the Comments link or form for this post.

And don’t try to spam me, please. Your comment will never appear on this site.

Twitter is NOT a Popularity Contest

Posted on by
15

And Twitter is being destroyed by the people who think it is.

The other day, there was an update in my tweet stream from MrTweet. It said:

New Posting: Twitter & the Law of Reciprocity (Why you should be a generous Twitterer, and how to!) http://bit.ly/Ni5tb

MrTweet is the Twitter account name for an online service that supposedly helps you find Twitter users who are like you. I joined up a while back, interested in adding a few people that I might connect with to the list of people I follow. I don’t know what MrTweet’s algorithms are like, but it didn’t come up with any matches. Still, there were few incoming tweets on that account, so I kept following it. That’s how I received the above tweet.

I followed the link. The blog post that appeared, “Twitter & the Law of Reciprocity,” included the author’s opinion of Twitter: “People may not like it, but Twitter is as old-fashioned a popularity game as high school is…”

WTF?

Is that what people think? Or, more likely, is that what people have turned Twitter into?

The post went on to provide tips for increasing the number of people who follow you, prefaced with this word of warning:

This isn’t a magic “popularity” ingredient, nor can I ensure you’ll get followers by the droves if you take my advice. This IS however, a philosophical theory that can bring you benefits if you understand it and are able to take advantage of it in your self-promotional efforts.

Among the pieces of advice were to reciprocate follows. That means if someone follows you, you should automatically follow back. It doesn’t matter who the person is, where he’s from, what he tweets, what his motives are, or how well you could possibly connect with him. Just follow him blindly.

This advice made me sick. It’s this attitude that’s turning Twitter into a meaningless waste of bandwidth, full of self-promotional links and blatant advertising.

Not long afterward, I caught wind of a new site called TweepMe. This is a pure piece of automated trash with just one goal in mind for the user: increase follower count. Here’s how it works: you sign up, providing both your Twitter user ID and password. You’re automatically followed by everyone else who signed up and you automatically follow all of them. So if TweepMe has 1,000 members, you automatically have 1000 followers. Ready for the punchline? The service is free to start out. Afterwards, you pay for your membership (and new followers).

Holy f*cking cow! What moron is so desperate for followers that he’d pay to get them? Oh, yeah. These morons.

Twitter logoHas everyone forgotten the original purpose of Twitter? It’s a social networking site, a way to connect with people you know. It’s “microblogging.”

If you’re a Twitter member, log out of your account on Twitter and go to http://www.twitter.com/. Here’s what you’ll find right on the Home page, under “What is Twitter?”:

Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?

I don’t see anything in there about selfishly eating up bandwidth to create hundreds or thousands of meaningless connections to strangers whose only interest is to do the same.

Tell me something: are these thousands of strangers you’re collecting as followers your “friends, family, and co-workers”? Are they likely to ever fit into any of those categories? Do you even care about them?

Why the hell are you “collecting” them, like a kid collects pretty rocks at the beach?

Have you read Jennifer Leggio’s excellent post on ZDNet, “I am popular on Twitter. Here’s why this means nothing.“? She echoes my sentiments exactly.

While I’ve been watching the growth, use, and misuse of Twitter for some time now, the childishness of follower collectors has only been a source of amusement for me. Until now.

The increase in demand on Twitter’s systems and bandwidth may be causing service outages. While that was bad enough as Twitter went through its growing pains, it truly sucks if it’s caused by what one Twitter user, @pageoneresults, refers to as a “Twitter Self Replicating Human Virus.” While I don’t usually link to SEO sites (I don’t believe in messing with Google search results), Edward Lewis’s blog post, “TweepMe Twitter Application,” is more than just an angry rant. It provides a wealth of information about what TweepMe is, how it works, how it can be compared to trojans and viruses, and how the idiots who initially signed on can make a clean break with it. He also opines about TweepMe’s possible role in recent Twitter outages:

There appears to be a bit more with this TweepMe application that many have overlooked. The thing is growing exponentially. It is a Twitter Self Replicating Human Virus. If it continues at its current rate, it may even hamper the performance of the Twitter pipelines. Whale Watchers are claiming that TweepMe is behind the recent Fail Whale sightings on Twitter although none of us can be sure of that.

Personally, I’m saddened by what is happening to Twitter. Since becoming an active Twitter user two years ago, I’ve always thought of my Twitter friends as “water cooler buddies.” I work in a home-based office and spend most of my days alone. Having the 100 people I follow in the Twitterrific window on my computer’s desktop gives me the social interaction I need during the day to keep my sanity. While some of these people are friends — including folks I was very close to 20 or more years ago! — others are people I met through Twitter. I’ve made good, solid connections with quite a few of them. I’ve met several of them in person and can now consider them real friends.

To me, that’s what social networking is all about. Twitter makes it easy. It enhances my life.

So you can imagine my anger and frustration when I see blog posts and Web services created with the sole purpose of increasing follower count, wasting bandwidth, and undermining Twitter’s original purpose and goals.

How Not to Get Caught in a Phishing Net

Posted on by
1

Don’t get fooled.

Today I got an e-mail message from American Express. It said, in part:

During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To American Express Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
American Express , Billing Department.

The type was tiny, which is probably why I didn’t notice the typos and spelling/grammar mistakes. Or perhaps I didn’t notice them because I’ve become so accustomed to skimming incoming mail rather than reading it.

The message looked official. It had the Amex logo and used their normal color schemes. But what really made it look genuine was the note near the bottom:

E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the American Express mentioned above can be accessed by typing https://www.americanexpress.com directly into your browser.

The hint that this wasn’t as legitimate as it seemed came when I pointed to the link to supposedly update my account information. The URL that appeared in a yellow box in my e-mail client consisted of an IP address followed by /home.americanexpress.com/.

Of course, the e-mail message wasn’t real. When I typed http://www.americanexpress.com/ into my Web browser and logged into my account, there was no indication of any problem.

Phishing, Defined

Wikipedia, everyone’s favorite online encyclopedia, defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one.

My spam protection software is very good at weeding out phishing attempt messages, so I rarely see them. This one almost fooled me. If I’d been suckered in like so many probably were today, I would have clicked the link and entered my American Express login information in the screen that appeared. That information would have been captured in the phishing net and used to access my American Express account online.

It Isn’t PayPal

One of the Web sites I maintain is for a friend of mine who makes and sells helicopter ground handling wheels: HelicopterWheels.com. He’s an older guy who’s only been using computers for a few years. When I set up the original site, he asked me to set up online ordering. I’ll be the first to admit that I know little about setting up ecommerce solutions. So I set him up with the easiest and most secure method of accepting payments that I knew: PayPal.

Now PayPal has a bad reputation with some folks and I’m really not interested in hearing reader complaints about it. I use PayPal for my online ordering needs and although it isn’t a perfect solution, it does work and it seems safe enough to me.

Unfortunately, my friend received an e-mail message telling him that he had to verify some PayPal settings. The message was a phishing scam and my friend fell for it. He got hit for a bunch of money — which I’m not sure if he recovered. He immediately blamed PayPal and had me take the Buy Now buttons off his site.

I felt bad for him. After all, I’d recommended PayPal. But I’m also not the kind of person who gets sucked in by phishing schemes. I assumed he wasn’t either. I was wrong.

Don’t Get Caught

So here’s the only rule you need to prevent yourself from becoming the victim of a phishing scam:

Never click a link in any e-mail message.

If you get a message from your bank or credit card company or PayPal or any other service that requires you to enter a user ID and password to access it, do not click any link in that message. Instead, go directly to the site by typing the URL into your browser’s Address bar or using a Bookmark/Favorite that you’ve already set up. If there is a legitimate problem with your account that requires your attention, you’ll find out after logging in the safe way.

Of course, there are plenty of clues that can help you identify phishing attempts:

  • Messages not addressed to your name. For example, Dear Cardholder instead of Dear Maria Langer.
  • Typographical, spelling, and grammar errors in the e-mail message. Do you think American Express would spell regularly wrong?
  • Messages sent to an e-mail address that you did not register with the organization supposedly sending the e-mail message to you. For example, the message I got today was sent to my Flying M Air e-mail account, which is not on file with American Express.
  • URLs that point to IP addresses rather than recognizable domain names. For example, http://35.32.185.43/account rather than http://www.americanexpress.com/account.

But you don’t have to worry about any of this. Just follow the golden rule listed above. Here it is again, in case you’ve forgotten: Never click a link in any e-mail message.

If you follow this rule, you should stay safe from phishing schemes.

Got a story to share? Use the Comments link or form for this post to speak your piece.