By Robb Hicken/ BBB’s chief story teller
The email caught Steven Miller, vice president – Total System Services Inc., a little off guard.
“Welcome to Private Hacking and Carding Forum” was the introduction on the email. Simple enough, and intriguing.
Which is the point of this blog – never click-through on links included in emails. And, yes, I’ll repeat. Never click-through on links in emails. The delete key is exactly what that is for. If you don’t know who sent the email to you, press the delete key.
The email Miller received came from an address with a .su extension. .su was assigned as the country code top-level domain for the Soviet Union on Sept. 19, 1990. It remains in use today, even though the Soviet Union itself no longer exists, and is administered by the Russian Institute for Public Networks (RIPN, or RosNIIROS in Russian transcription).
In this case, the email asks readers to click-through to w-w-w-dot-cpro-dot-su (we spelled it out so no one will mistakenly click the link, ending up on the scam site), to talk about various payment options.
When you click-through (DO NOT CLICK THROUGH) it pulls up the words – “It Works!”
The email has been identified as a spam bot – phishing to connect to real email addresses. If you click-through your validating your email address. In this case, chief storyteller Robb Hicken’s email address.
As the number of people online grows, marketers are increasingly using email messages to pitch their products and services. These unsolicited email messages are referred to as “spam.” Usually email marketers buy a list of email addresses from a list broker, who compiles it by gathering addresses from the Internet.
If your email address appears in a news group posting, a web site, in a chat room, or in an online service’s membership
directory, it may find its way on to these lists and into the hands of scam artists.
“We’re getting a lot because of the crawlers that they’re using now,” Miller says. “We have a couple of addresses that are being hit a lot now.”
A common method is the use of special software known as”crawlers”, “harvesting bots” or “harvesters”, which spider Web pages, postings on Usenet, mailing list archives, internet forums and other online sources to get email addresses from public sites and locations.
Businesses can use a couple of methods to secure their sites that disarms web crawlers, asking instead for a series of questions or words before the email address is provided.
Check your email account to see if it provides a tool to filter out potential spam or a way to channel spam into a bulk email folder. You might want to consider these options when you are choosing which Internet Service Provider (ISP) to use.
Bottom line: If you don’t recognize the email address, “DELETE IT.”