Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 15 December 2016 09:05

Warning – the latest spam scam is 'unsubscribe'

By

The latest “seasonal” scam is to link a “payload” to unsubscribe buttons. It starts with a socially engineered phishing campaign sending out copious legitimate looking newsletters or e-zines, typically on topics relevant to your interests.

Faced with an ever-increasing, bulging, email inbox and a bit of spare time over the holidays you may do the right thing and try and clean up the inbox, junk, and clutter. But cybercriminals are way ahead of you. Please note that this advisory is most relevant to Windows and its built-in mail client or Outlook/Exchange.

The first scam comes when you select the unsubscribe button; Internet Explorer opens (not the later more secure Edge), and you are taken to a fake website that asks you to confirm your email address.

It is seemingly innocuous but it has also confirmed your email address is alive and captured leaked metadata from your browser like your IP address, location, operating system and more.

One of three things can happen. Either a drive-by payload (see infographic at the end of the article) will infect your system, or a pop-up questionnaire/video/message appears that won’t let you exit the screen until you click a button which can install malware, or if you are extremely lucky you actually unsubscribe.

The success of this scam depends on how old your Windows is, whether it, and IE have been patched, if you have anti-virus/malware/spam software installed and a few more things. But wait there is more, and that comes from actually “opting out”.

The next trick is that unsubscribing simply confirms your email address is alive – cybercriminals get paid more for “clean” spamming lists, and you have just made them some cash. Most “spam” actually has overly obvious “opt-out” buttons because they want you to tell them you are alive.

The best thing you can do with spam is a) don’t open it and b) mark it as junk, so it goes to a junk folder. But wait there is more.

As your junk folder grows so too does the amount of storage it uses. Spammers are aware of this, so it is in their interests to mercilessly spam you until you are forced to empty your junk and clutter folders.

It is good email hygiene to look at both of the above boxes regularly. I get about 1000 junk/clutter emails a week, so it takes a little time. After you have sorted by subject, moved any wrongly sin-binned emails back to your inbox (and right clicked to unblock them) it is time to delete.

The best way is to press Control-A (select all), and the press SHIFT and Delete keys. The Shift key is important as it permanently deletes the email instead of moving the emails to Deleted items which still chews up storage space. But wait there is more.

Most spammers have set up receipt tracking. When you press Shift-Delete, you will invariably get a dialogue box asking to send a receipt confirmation. Look for the “No to All” button and press that.

Other good Inbox habits

Most spam includes a tracking mechanism like a single pixel transparent gif file that phones home if opened – all that does is confirm your address, what type of PC you have and gives valuable metadata to the cybercriminal including that you have opened it so they may also make money from displaying advertising.

If you must open a suspect email, first move it to junk where images and links are disabled or converted to text. If its not junk you can move it back to the inbox and all disabled items are restored.

Avoid any email from an unknown sender if it has a “paperclip” denoting an attachment – a sure sign that it has a java or macro initiated malware attachment.

Out of Office (OoO) is also a great way to tell spammers that your address is alive. While this is a necessary tool avoid its use, especially during the holiday season as it can tell people that you are away and your home may be empty.

Finally, some sage words this Christmas

If your Windows device does something strange, has random pop-ups, stops responding, is slow, or asks to install some software you have not specifically downloaded – don’t panic. Instead, pull the “plug” – switch it off. That will usually stop the spread of malware in its tracks.

If you think you have malware, or if you just want to clean up your device, there are two highly effective things you can do.

First, download the free Wise Disk Cleaner from this link. A small word of caution, decline to install any “free offers” that may pop up during installation.

Run Diskcleaner in its most aggressive mode – tick all the boxes on the “Common Cleaner” page. It’s a very safe program that I have used for many years, and it will usually find gigabytes of stuff.

Next download the free version of Malwarebytes from this link. It will place a file called mb3-setup.exe in the downloads folder, and all you need to do is find it and open it. Again decline to install any added value software.

It takes some time to run but it will root out any last malware and clean it.

Merry Christmas, happy holidays, and have a wonderful 2017.

web threats infographic image

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments