Of spam, junk, ham, phishing and unsafe websites

We think we can all agree on this:  while spam or junk emails are bad,  phishing emails are far worse.  What’s the difference between the two you might ask?  Succinctly,  the former just fills up your inbox with spam, unwanted, or junk mail. The latter can empty your bank account, compromise your financial status, credit rating  and even steal your identity, in extreme cases. Our website  PictureFrame.com.au  is safe, trusted reputable and with a long-established online presence.  As it features an Online Store interactive forms, dynamic content a Payments Processor and Customer Accounts, we have received more than our fair share of both. We draw hundreds of visitor to our site each month.

By far the greatest majority of these are genuine visitors ,they browse for   photo frames  and picture frames to order and buy online.  But some are not genuine visitors. They snoop,  probe and persist,  creating false Accounts, spammy Testimonials,  junky Reviews, phishing  messages and infective emails. We would like to share our experiences on what we have learned about Spam, Junk, Ham, Phishing and Unsafe Websites.

Spam or junk email are mostly all those unsolicited emails that want you to click their links for you to visit sites where,  they hope, you might buy their goods or services.  If you’ve ever visited poorer countries,  where vocal street vendors,  loud urchins or vociferous touts try to get you to buy goods from them, it’s the same concept.

They’re aural nuisances, and you can ignore them,  so no great harm done there. Spam or junk emails are their electronic equivalent. But these are still unwanted, so how to prevent, manage or at least, effectively limit these?  A first line of defence is to install in all your devices a reputable Anti-Virus programme configured for regular, automatic updates which will help in blocking or quarantining disreputable sites.

The Anti-Virus will either block, disallow, monitor, warn, vet or filter a disreputable site from being visited by your browser and your  email client from receiving spam, malware or phishing emails.  A second defence is installing an good anti-spam filter for your email client.

Our Administration has found SpamBayes a good workhorse to keep spam under control.  The programme is free and downloadable at: http://spambayes.sourceforge.net/   SpamBayes gets better the longer you have it checking all your incoming messages. Every day the average  person receives about  100 to 150 spam emails, or 54,750 junk per year.

SpamBayes trains itself to classify as all incoming emails as 'spam', 'good or 'suspect' .  It redirects all messages to three, disparate mail folders without interrupting client or user operation.  We find that with a combination of Anti-Virus and Spam Filter, 99.9% of all incoming emails are automatically and correctly handled and sorted by the programmes.

So out of the original, hypothetical suspicious 54,740 emails , only  about 5 or 6 get through, which we think, is pretty good.  As to the 5 or 6 that did get through, please do keep on reading.

Ham is simply internet slang for good emails. This encompasses all those emails and messages that are neither spam or phishing. In other words, it's all hose emails from legitimate recipients, contacts, lists and subscriptions, even those which you may have long forgotten.

Frequently users think they’re being spammed when they don’t instantly recognize or remember the names or addresses of the senders. But just as often, it’s an email from a long-forgotten site or forum from which you retrieved or downloaded files or documents and which automatically subscribed you as part of the agreement to grant you access. A good way to minimize superfluous ham is stop accessing, downloading or unwittingly subscribing to all those ubiquitous, free games, screensavers and widgets found all over the web. Most, if not all of those of “freeware” sites have small print agreements, or pre-checked checkboxes,  allowing them to use, share and distribute your email address as often an however they see fit.

Unlike spam or junk, these emails are far nastier. In essence, they disguise themselves as your friend, or acquaintance, to win your confidence and trust. Often these emails seem to come from someone you know, your own Bank, ISP,  Energy Supplier or favourite Department store.

They ask, invite or require you to click their links for you to go to sites where, they will trick you into giving, revealing,  or entering your credentials. Credentials are like the keys to your house, you just don’t lend those to strangers. You only lend them to family, friends, or people you trust, for obvious reasons.

We produce below two examples of such emails we received.  The first one below was purportedly our own Bank, the NAB, a very, Australian Bank. But our Staff is trained to inspect email links and when receiving any emails from anyone. As a first step,  we hover the mouse over any embedded links and check them.

Any revealed link address must make sense and in the example below they do not, because:  a) The protocol is insecure (http)  b) the text link doesn’t even mention NAB and c) the address site’s top level domain name is the United Kingdom.

 

Another example is the one below allegedly from our ISP provider, Telstra. Again, when inspected, the link address aroused suspicions because:  a) The protocol is insecure (http)  b) the text domain name is not Telstra, c) the address site’s top level domain name is Russia and d) the file extension identifies it as Microsoft system screensaver file.

 

A variant ( there are many ) of the above is to attach a malicious file to the phishing email.  Below is an example received a while ago, allegedly, from the Australian Tax Office,  at Tax Returns time.

When perused, rather than just viewed,  the email was assessed as being spurious because: a) The ATO would contact our Accountant, not ourselves,  for any taxation query and  b) the TaxReturn.htm, when scanned by our Anti-Virus, was found to be a disguised, downloadable, .zip file.

Under no circumstances should users click to open or even  preview attachments, even those ending with familiar file names, such as .doc , .pdf , or even .jpeg  because any and all of these can be spoofed.

One way that works for us, and has never failed,  is to submit any suspicious files, attachments or objects to our Anti-Virus Selective Scan and scan it.  Relevantly, Administrators can prevent automatic download of email attachments by tweaking their  Email Client Security Settings. Some common and recommended Microsoft Outlook Automatic Download prevention settings are shown below:

In this blog, Spam, Junk, Ham, Phishing and Unsafe Websites, we would like to add that, in addition to the security issues of embedded links and malicious content , messages often contain links to, or direct users to certain websites or web addresses that are unfamiliar to them.

And just as often , we are wary of going there and ask ourselves, is such and such website safe to visit? Fortunately there are good and free tools to help us evaluate visitation risks. One of the most useful we found, and easy to understand, is:  brightcloud.com   As an example, below is their independent evaluation of our website:

And below is a very different evaluation of a rather suspicious, if not downright risky, overseas website:

In conclusion, and while we are not experts in these fields, we feel the tips and suggestions in this blog, Of Spam, Junk, Ham, Phishing and Unsafe Websites, can be of use to Email Client Administrators, internet users and site visitors, with their electronic correspondence, internet security and safer browsing experiences.