SPAMWhat you can

– and can’t – do about it

2

SPAM Overview

> SPAM   Scope and cost  Viruses  Definition and examples (CCSF +)

> Fraud and Phishing  Types of phishing  Some Examples

> Spyware  From annoyance to identity theft

> CCSF’s Barracuda SPAM filter> Protecting yourself

3

The Spam Problem

>Spam = unsolicited email  Ads  Viruses  Phishing  spyware

>The Problem  Volume / Annoyance  Cost-Shifting  Waste of Resources  Fraud

4

Spam as % of total email

>Feb 2004 ― 62%>March 2003 ― 45%

5

>Feb 2004 ― 62%>March 2003 ― 45%>January 14, 2005:

Spam today

From http://www.appriver.com/ - up-to-the minute statistics

6

Has this happened to you?

>“Email undeliverable” notices for email you never sent?

>Requests to confirm account numbers, PINs, Passwords?

>“Microsoft” emails containing “updates” or “fixes”?

>Administrator@ccsf.edu or“The ccsf.edu support team” messages

7

“Email undeliverable”

>Mail from “your” email address sent to people all over the world

>Causes  Mining: Spammers gather email

addresses from• Intercepted email• Spyware planted on users’

computers  Spoofing: Spammers use your email

address to disguise their messages

8

“Microsoft” emails

> Contain fake “updates” with viruses

> Microsoft never uses email for updates  http://office.microsoft.com/OfficeUpdate/   http://windowsupdate.microsoft.com

> Virus protection preinstalled on all CCSF computers  Automatically updates for latest virus

data  Updates happen in background – no

messages appear

9

Administrator@ccsf.edu

> Messages claiming to come from our ITS admins

> Ask for info because “account is expiring”

> Verify by sending password> Unsigned (and misspelled)> Never genuine! We don’t:

  Email confidential security/personal info

  Send unsigned messages

  Misspell

10

Recent examples 1: CCSF “support”

>The W32mydoom virus carried by this message sent to many CCSF email addressesDear user of ccsf.edu,

Your account has been used to send a huge amount of spam during the recent week.We suspect that your computer was infected by a recent virus and now runs a trojan proxy server.Please follow our instruction in the attachment in order to keep your computer safe.

Virtually yours,The ccsf.edu support team.

11

CCSF’s policy….

> Users: Delete this virus/hoax> Email Admin: Took action to block these

messages as soon as known> Our policy statement:> CCSF PERSONNEL WILL NEVER SEND OUT A MESSAGE 

ASKING FOR ACCOUNT INFORMATION OR INSTRUCTING USERS TO OPEN AN ATTACHMENT THAT RELATES TO THEIR ACCOUNT THAT IS NOT PERSONALLY SIGNED BY A SYSTEMS ADMIN (i.e., with a name such as Shirley Barger, Anne Morris, Doug Re, whomever). "Virtually yours," "The CCSF Team", "CCSF Administrators" and such AIN'T our STYLE, and it won't be.

12

Recent examples 2: CCSF “user”

>Email on Faculty Listserv from "Rbalestr“

From: "Rbalestr" <rbalestr@ccsf.edu> To: "faculty@ccsf.edu".GWIA.sfccd@ccsf.edu Date: Saturday - September 18, 2004 6:50 AM Subject: Faculty: Re:

jvwdtbyfru.bmp (3958 bytes) [View] [Save As] foto2.zip (36606 bytes) [View] [Save As] Mime.822 (57943 bytes) [View] [Save As]

13

Recent examples 2: Carried a virus

>Email on Faculty Listserv from "Rbalestr“

From: "Rbalestr" <rbalestr@ccsf.edu> To: "faculty@ccsf.edu".GWIA.sfccd@ccsf.edu Date: Saturday - September 18, 2004 6:50 AM Subject: Faculty: Re:

jvwdtbyfru.bmp (3958 bytes) [View] [Save As] foto2.zip (36606 bytes) [View] [Save As] Mime.822 (57943 bytes) [View] [Save As]

File carrying a Virus!

14

Other examples….

Fake craigslist msg w virusFrom: administration@craigslist.org To: johnkerry@whitehouse.gov Subject: Important notify about your e-mail account. Hello user of Craigslist.org e-mail server, Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information. Pay attention on attached file. For security reasons attached file is password protected. The password is "13545". Cheers, The Craigslist.org team

March 2004

15

Fraud

>Fake Subject lines disguise content

>“Remove” links gather addresses

>“Spoofing” of identity  Fake From: addresses in email

  Disguised server sources implicate innocent parties

>False claims, phishing

16

Phishing

>Attempts to gather confidential information  Credit card #s  PINs  Account #s  Passwords

>May use original site’s graphics

>Return addresses/links mimic originals

Since August 2003, most major

banks in the USA, the UK and

Australia have been hit with

phishing attacks

17

Confirm account numbers

>“Phishing” for confidential information

>Growing fraud phenomenon> International>Recent organized crime

involvement>Spam for

  Siphoning money  Identity Theft

18

Unsophisticated Phishing

19

Sophisticated Phishing

20

New Tsunami phishing scams

From USA TODAY (Edward Iwata and Martin Kasindorf)

The FBI is investigating dozens of bogus Web sites that prey on potential tsunami donors by mimicking sites of well-known charities, FBI Special Agent Tom Grasso said Monday. Con artists also are using variations of the Nigerian "419" scam.... The e-mail authors claim to be government officials, bank officers and poor farmers who have lost loved ones in the tsunami.

21

Phishing increases

> From latest AntiPhishing.org report  December 2004

22

Phishing updates

>http://antiphishing.org/   Up-to-date examples and

descriptions of phishing scams  Examples: Amazon, eBay, AOL,

Washington Mutual…

>http://survey.mailfrontier.com/survey/quiztest.html   Good information provided after

you take a quiz based on actual emails, real and fraudulent

23

Spyware

> Programs installed secretly on your computer as you browse the Internet

> Purposes:  Pop up ads; change home page

  Capture keystrokes as you enter passwords, logins, etc

  Gather Info about• browsing habits• email addresses/passwords/credit card #s

24

Combating Spyware> Combat with free programs:

  Spybot Search and Destroy (www.safer-networking.org)

  Ad-Aware (www.lavasoft.com)> Yahoo: New free toolbar contains

anti-spyware program, popup-blocker> Microsoft: Beta tool for Windows

http://www.microsoft.com/athome/security > Summary info at

http://www.ccsf.edu/vfascio/spampage

25

CCSF: New Spam filtering

>Barracuda Spam-filter  Applied starting November 2004

  GroupWise email only• MUCH less Spam in Mailbox

>Separate Quarantine area>Quarantine message once a day

• User control over Spam>Whitelist: Addresses always allowed>Blacklist: Always blocked

26

CCSF (informal) Spam stats

>2003: 25-50% filtered out • ½-1 hour/day of GroupWise

administrator’s time

>March 2004: 65-75% filtered>Feb 2005: 80+% filtered

• 118,000+ messages a week!

>Current: 6000 + domains / addresses blocked

• List grows daily

27

Barracuda’s 4 categories

1. Definitely Spam/Virus  Not allowed through system

2. Likely to be Spam  Sent to your Quarantine area

for you to review/delete/allow

3. Maybe Spam  Tagged with [BULK] in Subject  Sent to Mailbox

4. Not Spam Sent to Mailbox

28

Quarantine message: Web

> Once a day, you’ll see this message (Web client)

> You can take limited action – but …

29

Accessing Quarantine: Web

> For more control:  Scroll to end of message

  Click link at end: “click here”

> Takes you to your quarantine area  See all quarantined messages

  Act on them

30

Quarantine message: Windows

> Once a day, you’ll see this message (Windows client)

> Click long link at end> Tip: Click first or last lines > Takes you to your quarantine area

  See & act on all quarantined messages

31

Quarantine area

> Deliver  Just deliver the mail. Make no change to filtering

parameters.> Whitelist

  Deliver and always allow message from this sender> Delete

  Just deletes without changes to filtering parameters.

> Classify as Not Spam  Deliver message and updates Spam filter.

> Classify as Spam  Delete and update Spam filter

32

Barracuda tips

>Look at the Barracuda SPAM message regularly

>Go to your SPAM link>Delete Spam>THEN:

  DELETE Barracuda SPAM report messages

  They are big!  Fill up your email space unless

deleted

33

Be Vigilant

> Protect your email address - treat it like your phone number.

> Never email passwords, credit card numbers, or other personal information.

> Don't post your email address in public places.

> Never respond to unsolicited email or click on a URL or web site listed in spam.

> Never forward spam chain letters.

34

Protect against viruses

> Don’t open suspicious attachments – even from friends

> Check to see if they have actually sent attached docs

> At CCSF:   Desktops automatically update Virus SW

  Laptops: Lucky owners must actively keep CCSF virus SW updated (Windows and Mac)

> At home: Get a Virus checker  Keep it updated!

35

Virus Vigilance

>Look at email attachments  Suspicious signs:

• Nonsense names• Names ending with any of the

following: .zip .scr .pif .exe .vbs .com

36

Protect against Spyware>Use at least one Spyware catcher

  Free: Ad-Aware (Personal edition)http://www.lavasoft.com

  Free: Spybot Search and Destroyhttp://spybot.safer-networking.de/

  Free (So far): Microsoft betahttp://www.microsoft.com/athome/security/spyware/

  Not Free: SpySweeper ($30/yr)http://www.webroot.com

  Mac: MacScanhttp://macscan.securemac.com/

37

Don’t contribute to Spam

>Use the BC email field for groups outside CCSF  BC Field hides addresses

  May help get msgs to Yahoo, Hotmail recipients

  Helps prevent address capture by spammers

38

Don’t look like Spam

If you want people to read your email messages

> Make your email Subject lines count  CNIT 3/22 meeting minutes

  Not: Info

> Don’t use suspicious Subjects:  Hi!

  Pix

  Re:

> Don’t leave subjects blank

39

Spam / Spyware Resources

>Search on Spam facts>Your ISP for Spam info> http://www.pcwebopedia.com/quick_ref/SpamGuide.asp

> http://biz.yahoo.com/pfg/e15credible/index.html (Suze Orman on Spam Scams)

> For fun: http://www.mailmsg.com/SPAM_python.htm

> Spyware: http://www.microsoft.com/athome/security/spyware/

40

Identity Theft Resources

>Search on Identity+theft athttp://www.sfgov.org/  Prevention tips

  What to do• to find out if your identity has been stolen• after the fact

> http://www.fightidentitytheft.com/  Good clearinghouse of information

41

Updates

> General:  http://news.yahoo.com/fc?tmpl=fc&cid=34

&in=tech&cat=spam_wars Excellent updated news links site

  http://www.spamanti.net/en/  http://www.microsoft.com/athome/security/

  Good source for Windows OS updates and general information

> Phishing and Organized crime  http://www.ftc.gov/ftc/consumer.htm

  Government site on many aspects of spam and crime

42

Final note

>From CAUCEthe Coalition Against Unsolicited email

>http://www.cauce.org/

According to the European Commission, the costs of spam to businesses and consumers have been estimated at USD $8 billion/year. Pressing <DELETE> doesn't recover those costs.