Friday, February 3, 2012

Avoiding Email Spam: How much are we to blame?

Update: BBC's Click programme featured a story on how cyber-criminals are using a sophisticated method to steal money from our bank accounts online on Saturday, Feb 4, 2012. Try and catch it before Sunday Feb 5th or go to the BBC Click section for more information. It is yet another proof of how important a good, updated anti-virus program is for our online security.

I recently sent a mass mail highlighting my monthly posts in which I also mentioned I would write about the tax benefits of life and health insurance products. Within 24 hours I get an unsolicited advertisement from an insurance company. How did the insurance company find out what I had written?

Last year, I had written a post about how one can get more job offers just by inserting relevant keywords in your resume/cv. Read the post here. It’s pretty obvious to me that spammers are using a similar keyword recognition technique to send targeted advertisements to email users. And it is using some of our own infected computers to send spam!

Firstly, some background. I sent my mass mail using Gmail. Google does not sell personal information to private parties as its business model depends on inserting relevant text ads alongside the mails we read. Google also has a powerful spam filter and it also allows us to report spam. So how did I get the very relevant advertisement despite that?

This is what I think happened. I sent a mass mailer that contained a lot of email addresses. Even if one of my recipient’s computer was infected with a virus, that computer could have been used as a zombie spam sending machine to automatically send spam to all the listed contacts. Cyber criminals use a network of such zombie computers called a ‘botnet’ in order to scan emails for keywords and send spam. In my case it was an ad related to insurance products.

You might get a travel or horoscope or some other tempting ads based on the keywords of your emails. The good news is that there is no need to be worried about cyber criminals. If we take some simple precautions like updating our anti-virus regularly, the criminals have no way of getting hold of our computers. It’s as simple as locking the door before leaving home!

Any internet user’s computer, at home or office, is vulnerable if the anti-virus program is not updated regularly. In fact office computers are notorious breeding grounds for ‘botnets’ because companies care more about profits than security and they have a habit of waiting for an unfortunate incident to happen before taking action. More over, our browsing habits also attract a lot of spam especially when we use our emails unnecessarily online. Also, cyber criminals are getting more and more intelligent. I was taken aback by how relevant the spam was to the mail I had sent!

So, as always, prevention is better than cure. And awareness is the key to prevention. Nobody educated me about the origin of spam. I know it because I’m interested in technology generally. I also watch BBC’s technology programme Click which almost a year back demonstrated how cyber criminals get hold of computers that do not have adequate anti-virus protection. The programme became controversial because Click got hold of a botnet of virus-infected computers even though it was for a brief period. It destroyed the botnet later.

There are simple ways of spam-proofing our emails. I encourage you to follow these guidelines for a spam-free email experience:

  1. Use a good email service like Gmail. Do not delete suspicious mails and advertisements but use the report spam option. Google automatically moves all such mails to trash. Moreover you also help Google block spam proactively for other users! Advanced users can use filters to block specific emails.
  2. You could use a service called boxbe that only allows emails after entering an alphanumeric code. Boxbe is a good trap against machine generated spam but not suitable for users who are expecting a genuine job offer from a company. If the company that sends you a job offer by email does not bother to enter the alphanumeric code as required by boxbe you will not receive your mail!
  3. Use the BCC (Blind Carbon Copy) instead of To or CC option to send mass mailers to insulate yourself and others from infected computers. The BCC option allows you to send a group mail as if you are sending a personal mail.
  4. Read my guide on how to protect your computer with a good browser, anti- virus and an anti-malware program using free programs. Read it here.
 Share your experiences about email spam. Does it have a pattern? How do you take care of it?

No comments:

Post a Comment

Please share your views here.