Photo from sxc.hu user trohaa

Between my digital camera having video recording capabilities and cutting clutter, I decided to sell my barely used HD video camcorder on Craig’s List. Or rather, the camcorder posted it begging for a home that will take good care of it and use it often. Within hours of posting, an email comes in from Walt Julius asking if the item is still for sale. After confirming, he replies [edited for readability]:

Thanks for you reply, i am located in Kansas, i really need to buy this and send to my friend schooling outside the state as a Gift to him, i have been trying to buy this on eBay but is very stressful buying on eBay and i will not want to miss out on this opportunity so am making you an offer of [deleted] to rap the sale off.

I will be paying through PAYPAL because i have a verified account with PayPal. So kindly get back with your PayPal email address so i can make payment into your PayPal account. Once payment clears, shipment will be handled by me through my personal FedEx account, so you don’t have to pay for shipment. Get back to me if my approval is granted. I would like to see the pictures please.

Sounds OK so far. I take pictures and record a couple of videos. Though I spend more time than I’d like doing this, it turns out to be a good thing. I find out the battery doesn’t last long and needs replacing. The camcorder works fine while plugged in. I send him the pictures, let him know about the battery and lower the price to make up the difference to replace the battery.

Then comes the kicker … [email edited for readability]

I have just made out the payment online now. Go and check the mail you used in opening your PayPal account I believe the confirmation mail must have been sent there check the in box trash or the spam message you should be able to see it there. I wanna let you know that i am having some little problems with my FedEx account as i checked it online now and i was asked to reactivate it so i cant do that now as i have to sort one or two thing out with them. So i am sorry as i wont be handling shipment through my FedEx account again.

So, pls get the postage cost to the following address via post office (USPS EXPRESS MAIL) and ship out the item via post office (USPS) asap cos i have told Ryan to be expecting it. I have also included $100 extra for the shipping. i think that should be enough for you to ship.

Ryan Coker
[address deleted]
Country: Nigeria

Let me know how much it costs you to ship.After you ship get back to me with the amount you used in shipping. I am really sorry for the inconveniences. Please get back to me asap.

Suspicious. Without looking at the email, I sign in PayPal and see a balance of zero. I never click PayPal emails — not even legitimate ones — because it’s often used in phishing. Whenever I receive a PayPal email, I go to PayPal and check there. No clicking on links.

Your cover is blown, Mr. Julius or whoever you are. Curious, I look for the emails and sure enough, phishy. The “From” says, “Service@PayPal” with the email address coming from “in.com”. Here are the subjects of the three emails I received:

• **PAYMENT CODE CONFIRMED(Routing Code: [deleted])**CONFIRMED
• **ASSURANCE OF TRANSACTION AND PROMPT SHIPMENT***
• !!!PENDING FUND ALERT!!!

Just when I thought it was over and I’d never hear from him again, another email came in after I told him the email wasn’t from PayPal and no money came in:

i will confirm from paypal now because my money as been deducted, dont worry go and send the it item to the address i receive from my friend now, he has called me he told i told him u have send it through fedEx please do so.

I didn’t reply.

What threw me off about the whole thing was the response to something I posted (and a Gmail address, too) and then his responding to multiple messages. I share these names because they’re fake and to help others who may encounter them. When I figured it all out, I searched the web to see if others had reported a similar incident. It’s often an eBay scam.

I forwarded the three messages to spoof@paypal.com who confirmed they’re phishing attempts. Anytime you get something like this, please forward it to PayPal. I won’t explain the other mistakes he made as I don’t want to help the phishers improve their scams.

Stay safe out there.

What tips do you have for protecting yourself online?

Copyright secured by Digiprove © 2011 Meryl Evans

How to protect your business

by Meryl K. Evans and Tamara Halbritter

Spam is not just an inconvenience. For legitimate businesses, it steals productivity, may erode your brand and rob you of revenue. Consider the following: In 2001, a European Commission study found the average worker spent 10 minutes a day sorting through unwanted solicitations. This figure could be quadrupled twice over by now.

According to this same study, the world’s Internet subscribers fork over $8.8 billion dollars a year just to glimpse these box cloggers with nauseating headlines like, “Get Rich Quick,” “Tired of your current job?” or “Free offer for (your name).” Not to mention the plethora of porn, useless items and limited time vacation packages.

The Business Software Alliance estimates that worldwide piracy-related losses to software industry were about $11 billion in 2001. That’s just software alone.

Many companies have no idea their products are being sold on the black market or their customers are tangled in credit card frauds thinking they ordered something from their organization and are about to receive zip. These shifty sales schemes cost companies billions of dollars each year in lost customers and sales of products and services.

In this article, William Plante, ASP director for Symantec Corporation, and Robert Alberti, CISSP, president of Sanction, Inc., provide information about how spam crimes are perpetrated. They explain what you need to know about spam and how to protect your organization against this persistent threat.

The ever-increasing spam scam

While Aunt Margaret may have served Hormel canned pork (SPiced hAM referred to as Spam), Robert Alberti, a security expert, says, “Like it or not, you knew what was in it. With Internet spam (unsolicited bulk email or unsolicited multiple postings to one or more Usenet newsgroups), you don’t always know what you’re getting. Some spam messages are convincing. Some are plain annoying. Whether spicy or not, many of them result in criminal offenses on a worldwide level.”

Producers of a popular product, a drug like Retin-A, a best-selling software program or a service such as a vacation package, are all economically affected by spammers. When people buy these knock-offs, legitimate companies lose money. Alberti continues, “When people order something and don’t receive it, your company gets a bad name.”

Two ways spam costs billions of dollars annually

William Plante, who formed and chaired Symantec’s Brand Protection Taskforce, classifies the costly effects of spam on businesses as: 1) brand erosion and 2) revenue erosion.

Brand erosion. When someone receives spam for a particular product, repeatedly, they get irritated with a deluge of “buy, buy, buy.” Unfortunately, this person usually doesn’t realize the messages are coming from people not authorized to sell these products. A company’s brand name can be tarnished when its customers pay for a transaction, believing it’s legitimate and then receive nothing. Eventually, they may find out you were not the responsible party, but their image of you has already changed for the worse.

Revenue erosion. When customers buy imitations or illegitimate versions of your product, this decreases the revenue flow to your organization. Spammers make their money through revenue erosions. Spam Filter Review published figures stating an estimated 12.4 billion spam e-mails are sent each day and spam comprises 40 percent of all email. Obviously, their return on investment is high. Once they get hooked, most spammers continue scamming until they’re booked for fraud.

The bad taste of e-organized crime

Most spammers are calculated members of organized crime and continue to spread it. Besides sending missives under aliases (the FTC calls this false representation, which is a crime), two of the other crimes related to spam are felonies and fall in these categories: 1) pirating or bootlegging software or other products (people think they are buying a legitimate copy, but the one they receive is illegitimate); and 2) credit card fraud (never shipping the item). Information, such as credit card numbers, is sometimes transmitted over an unsecured network during these transactions. The numbers can be easily stolen and later sold to other criminals on the black market.

Plante draws on his own company’s experience for his diligence in helping stop spam. In 2002, $41 million or nearly 600,000 boxes of quality counterfeit Symantec software such as Norton AntiVirus, Norton Personal Firewall and pcAnywhere were seized. Regarding the biggest software incident in the industry, Plant says, “That was a turning point for us. We didn’t want to ever be that blind or vulnerable to that problem again.” Since that time, his company has taken many steps toward putting spammers where they belong.

Putting spammers in the can

In legal circles, much time and attention have been spent on eradicating spam by going to the source of the spam itself, whether the message was sent from an individual disguised as another source or from a large mail group list through yahoo.com, excite.com or hotmail.com.

Instead of trying to legislate after the spam has been received, however, Plante recommends going to the end of the line, where the spammer gets paid. He describes the Internet as, “a wild frontier without much regulation.” He continues, “As soon as one e-commerce site closes down, another one opens up within hours. Because there are very few rules on the Internet, there are many ways spam can proliferate. Instead of stopping the spread of spam at the recipient, it’s much more effective to turn it back on the spammer.”

The Federal Trade Commission has passed laws strengthening criminal apprehension rather than regulating the actual sending of spam. This supports ending spam by following the money trail and hitting criminals hard in their money belts. If a spammer receives money, you can take legal action to stop the fraud, be it black market products or credit card fraud. Plant advises, “Once you stop their revenue stream, the spam will stop.”

Yet, while stopping one spammer is great, there are thousands out there. Due to the huge expense for businesses around the world, we urge organizations, whether small or large, to take action. One way to get started is by creating a task force.

Take action: Create a brand protection task force

A brand protection task force lets you fight back by protecting your brand and monitoring all spam-related activity. This involves setting up a process to handle spam complaints and organizing a team to tackle the spam problem.

A desirability assessment is one tool useful to a brand protection task force. The assessment asks your team these questions: Are you are household name? Has your product or services hit the level where spammers will want to steal them from you? How high is your risk for spam-related brand or revenue erosion?

Regarding determining your risk level, Plant says, “If your company is small and you don’t have a popular commodity, the chance of being affected by spam is less. You may want to put some things in place, but not create a full program.”

Once you assess the need for this kind of a task force, you can clarify your focus. This includes how you want to be set up organizationally, how involved each task member will be, and how much money you want to spend on the process.

With your task force in place, you’ll be ready to stop spammers in their tracks. Read the next article in this series from these security experts for five more strategies that will help you prevent brand and revenue erosion. You’ll even find out how your e-newsletter can help your campaign against spam. Watch for the article in the next issue of eNewsletter Journal.

William Plante is ASP director, Worldwide Security and Brand Protection for Symantec Corporation, the world leader in Internet security technology with a broad range of content and network security software and appliance solutions. In 2002, Plante formed and chaired Symantec’s Brand Protection Taskforce. In this role, he was responsible for developing Symantec’s strategy for identifying, assessing and countering counterfeit and piracy threats to the company.

Robert Alberti, CISSP, is the president of Sanction Inc., a team of highly-skilled business and technical experts who provide strategic, tactical and operational guidance for all levels of an organization. Alberti’s team keeps operations safer, more secure and working efficiently. Currently, he is writing a book about protecting the bottom line with business-driven security practices.

Meryl K. Evans is an editor, wordsmith and writer for InternetVIZ and other resources. The content maven is available for editing, writing and jazzing up articles and copy. Tamara Halbritter is a writer for InternetVIZ and other clients, an article and book editor for publishers, and is available to help you say what you mean. InternetVIZ is a custom publisher for companies wishing to find, acquire and retain customers through Internet newsletters.