The latest hacking incident comes from a group of hackers who have yet to be indentified hitting the jobs section of the Washington Post website. The hackers made away with over 1.2 million user account data mostly consisting of names and email addresses.

Representatives from the Washington Post have assured users that the worst result from the hacking attack would be a series of spam emails. Even still, the theft of any personal data makes people uneasy in any situation even if the data stolen is limited to names and email addresses. Who wants their email address publically listed or exploited by cybercrooks?

Washington Post executive Beth Diaz, wrote in a letter to those who may have been effected by the recent hacking incident:

“As a general matter, you should always avoid opening suspicious or unsolicited e-mail, never respond to or click any links in spam, and avoid providing personal or financial information in an e-mail – especially credit card information, bank account information, passwords, and ID numbers.”

All computer users, no matter what news outlet they have registered with, should always be aware of how to protect themselves from identity theft that may root from solicited spam emails. Who knows, the hackers that attacked the Washington Post may attempt to trick users with emails masked as ones from the Washington Post where it asks for additional personal information.

Do you ever fear that your personal information may be compromised in a hacking attack and it leads to a massive influx of spam email? What do you do to limit the amount of spam that makes it to your email inbox?

Senior analyst at Symantec Hosted Services, Paul Wood, noted that three of the largest spamming botnets curtailed their activity around the Christmas holidays. Mr Wood added that even notorious spambots such as Rustock, which at its peak is responsible for up to 48% of all spam, was only responsible for 0,5% of global spam in December. Other spamming botnets that went quiet include Xarvester and Lethic. Mr Wood noted that there have been huge drops in spam levels in the previous years however; he continued to say that “usually they have been associated with the botnets being disrupted. As far as we can tell Rustock is still intact.”

In this case it seems as though the controllers of Rustock and other spambots purposefully decided not to swamp the internet with spam this festive season. So the question is, why? According to research, spamming is still a very profitable business despite the stigma that comes with it; so why would spammers let profitable events like Christmas pass by and not maximize on the opportunity?

It could be that spammers have finally grown a conscience (which is highly unlikely) or they are regrouping and plotting the biggest spam campaign ever! Scary though isn’t it, makes you want to go out there and get the latest spam repellent before its too late! But on a more serious note, Carl Leonard, a researcher at Websense observed a new trend in spamming that might be the answer to the drop in e-mail spam. Mr Leonard said “There have, however, been signs that spammers are turning to alternative methods to e-mail for distributing their messages, such as Facebook and Twitter.” According to Mr Leonard, in December following a published list of possible passwords, Twitter accounts were hijacked and used to distribute diet pill spam.

Of course, for now, all of this is just speculation as nobody really knows the actually reason behind the drop in spam. So don’t get rid of that anti-virus or spam filter just yet, but go ahead and enjoy the low spam levels because you never know when the next spam attack will hit.

The following is a list of subject titles used on the said spammed e-mails:

• Win millions this Halloween!!!
• “xxxxx” Halloween Series Campaign Vol1
• Halloween Treat Bags, Home Decorations, and More
• Open this! $1 Million Prize
• Halloween Special! Up to 85% off ink and toner
• Halloween E-card – no cost
• Low Price Sexy Halloween Costumes SALE !!! Free Shipping , Free Gift

These e-mails may have a legitimate appearance but don’t be fooled by this mimicry. It is best to delete these e-mails without opening them, but if you do open one of them you will notice that it will request personal information from you -Phishing scam alert! They will claim that you have to provide such information in order to purchase the Halloween product, enter a competition or join a club.

Providing your personal details is the last thing you should do. Once a cyber-criminal has your details you can expect anything from being bombarded with spam e-mails to being a victim of Identity theft and fraud. Avoid becoming the next victim and be cautious with unsolicited e-mails this Halloween.

Naturally, a recipient of this e-mail will be concerned and click on the provided link. The link will direct a recipient to a malicious website that will attempt to install a fake PDF reader. On successful installation, a connection will be made to a Russian based website where numerous harmful files will be secretly installed onto a victim’s machine.

Finally the victim will be redirected to another malicious website containing the dangerous Zeus Trojan. Zeus will target a victim’s passwords for banking websites, as well as credit card information. The fake e-mail is being distributed by the Zbot (short for Zeus botnet) which is made up of a number of infected computers that have no idea they are involved in criminal activities.

To avoid falling victim to this scam, iTunes customers urged to avoid accessing iTunes from their e-mail and go directly to the program instead.

The extremely low costs of sending e-mails as well as the vast amount of e-mails that can be sent by botnets, has encouraged spammers to continue using this tool for criminal activities. Spammers can use e-mail to execute the following malicious activities:

Distribute links to rogue websites
E-mails can and have been used to advertise and distribute links to websites especially created for criminal activities such as the selling of non-existent or counterfeit goods and services. This includes the notorious Canadian Pharmacy website and websites that offer fake antispyware applications and more. Once a user pays for a fake service or product, the cyber criminal will not only have his/her money but his/her banking details as well.

Execute Phishing scams
Phishing e-mails are often used to harvest confidential information out of recipients. These e-mails are often disguised and appear to have been sent by a legitimate source such as Facebook. They often require a recipient to provide private information such as passwords, credit card details or usernames in order to update an account.

Spread harmful attachments
Spammers can craft persuasive e-mails that prompt a victim to open an attachment that will actually do more harm to a system than good. Such e-mails can come with anything from crafty HTML Attachments to dangerous malware such as password-stealing Trojans.

So next time you see unsolicited e-mails in your inbox, remember just how much harm they can do to you and delete them as soon as possible. Do you know of any other malicious activities that criminals execute via e-mail?

The Zeus Trojan is mainly distributed via malicious websites and unsolicited e-mails. The latest scam used to spread Zeus involves fake LinkedIn e-mails. The e-mails are apparently invitation reminders from communication@linkedin.com. In order for a person to accept the invite they have to click on the provided link which is actually a dangerous trap.

Once the link is clicked on, the user will be redirected to a webpage which will display the message “Please waiting …. 4 seconds”. While this message is being displayed malicious activities are taking place in the background which the user is completely unaware of. The seemingly innocent webpage actually contains harmful JavaScript which is hidden in an iFrame that can detect which browser a victim is using as well as which applications are running.

The JavaScript will search the system for vulnerabilities or out dated software it can exploit in order to drop Zeus onto the system. Once Zeus is dropped you can only expect the worst; confidential information such as online banking details, passwords and credit card numbers will all be captured as soon as a user types the data into a webpage.

When it comes to the Zeus Trojan, it’s a case of prevention is better than cure. Avoid becoming the next victim of Zeus by keeping your computer software up-to-date, more especially if it is Adobe Reader, Flash or Java. Additionally practice extreme caution when clicking on links in unsolicited e-mails even if it appears to come from a legitimate source. Rather type out the URL yourself or go to the home page of the website.

There are a number of possibilities as to how spam is being sent from your e-mail address including these two common methods:

Your e-mail account was hacked
Spammers got a hold of your e-mail password either through an online phishing scam or with the use of a Dictionary or Brute Force attack. In this situation you will usually find the e-mails in your ‘Sent items’ as well. The best thing to do when your e-mail has been hacked is inform all your contacts that your account has been compromised so they should be cautious when handling e-mails from your account. Secondly and most importantly, change your e-mail password and your secret question.

The sent e-mails were spoofed
A spammer forged the ‘sender field’ in the spam e-mails and used your e-mail address. Are you wondering why they used your e-mail address? Well, substitute sender addresses are randomly chosen by spammers off a ‘Spammer’s List’ so don’t worry, you are not the main target. E-mails bounce back/are sent back to which ever address is in the ‘sender field’ if not delivered successfully- in this case, that would be your substitute address. It is for this reason that you would find non-delivery reports in your inbox or even find e-mails from yourself to yourself. Spammers can also use your e-mail as a reply-to address, this way all responses will be sent directly to you.

This issue is not that easy to resolve and changing your password will not help one bit. However, implementing a SPF record on your domain will prevent spammers and phishers from forging the ‘sender field’ because the forged e-mails will be caught in spam filters which check the SPF record. For those of you that do not know, SPF (Sender Policy Framework) “is an e-mail validation system designed to prevent e-mail spam by tackling source address spoofing, a common vulnerability. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific SPF record in the public Domain Name System (DNS). Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.”

I hope this helped you answer the question ‘Who is sending spam from your e-mail address?’ If you know of any other answers to this question feel free to share your knowledge with us.

Some of the spam e-mails came from the fake email addresses of former Ambassador to the UN John Bolton, a Rev. John Best or the deceased former White House press secretary Tony Snow. The spam e-mail was designed to convince recipients that they had won loads of cash and then trick them into first paying taxes owed on the money. Once a victim sent the money for the purported taxes, the scammer would come up with a way to ask for even more money.

The victims of this scam lived as far away as Dubai, and one Iowa woman was swindled out of over $123,000. The two Nigerian-born men were charged for wire fraud at the Brooklyn federal court and denied bail as potential flight risks.

Today we are going to look at five ways to help you keep off the ‘Spammer’s List’ without spending a fortune.

1. Take note of checkboxes:
At the bottom of most sign-up or registration pages there is an option to share your e-mail address with third parties or not – be wise and check the option to NOT share your address. Different websites use different text to say the same thing and confuse users, for example:

• “YES, I want to be contacted by select third parties concerning products I might be interested in.”
• “NO, don’t give away my email address”

In the first example a user should not check the checkbox and in the second example a user should check the check box.

2. Disguise your e-mail address:
I would just tell you to avoid Newsgroups, Blog Comments and Forums; however in this day and age such a request would be treason. When posting on such websites, instead of providing your e-mail address as is, disguise it so that only a human can decipher it. For example instead of Jacky@gmail.com (sorry if this e-mail exists) you could change it to jacky@Gdelete_thisMAIL.com. So when the obscured e-mail address is harvested by a spambot any message sent to that address will bounce back, but when a human wants to send you an e-mail they will see that all they need to do is remove ‘delete_this’ in order to send you an e-mail.

3. Don’t use your primary e-mail address:
When signing up or registering on websites (e.g. social networks, forums or even when commenting on articles) avoid using your primary e-mail address. Such websites are often targeted by hackers who steal e-mail addresses and sell them to cyber criminals/spammers for a profit. Here are some good alternatives to using your primary e-mail address:
Create a secondary e-mail that you provide on social websites.
Create a disposable e-mail address that you can terminate once you detect spam e-mails.

4. Create a Brute Force immune e-mail address:
Spammers often use Brute Force attacks to systematically guess user’s e-mail addresses and passwords. For example, if you own a Yahoo account, spammers will simply add a number of likely names to the domain name; e.g. lisal@yahoo.com or jblack@yahoo.com (once again sorry if these addresses exist. See how easy it is?). The only way to defeat the Brute Force attack is to use the unpredictable. You could segment your e-mail address with an underscore or numbers e.g. lisa_l@yahoo.com. Or you could use more than one word thus creating a long email address e.g. ladybirdlisa@yahoo.com.

5. Don’t click on the ‘unsubscribe’ link:
If you know that you did not subscribe for an e-mail but you find an ‘unsubscribe’ link at the bottom of it, the last thing you should do is click on the link. The moment you click on the link you will be confirming that your address is active and automatically adding yourself to the dreaded ‘Spammer’s List’. The best thing to do is NEVER respond to spam e-mails.

By taking note of these five points you are well on your way to preventing spam e-mails from intruding your inbox. Do you find these points helpful? Do you know of any other ways to stay off the ‘Spammer’s List’?

Once you are logged into your Gmail account all you need to do is click on the phone icon and a dialer will open up in the same window. However, if you do not have the voice and video browser plug-in, you will have to download and install it in order to make calls.

You have the option to dial numbers with your mouse or on your keyboard. By typing a name out, the dialer will automatically go through your contact list and grab the number under the name you typed out. Once you have got your number all you need to do is click the “Call” button at the bottom and you are connected. The dialer window will also display a user’s calling credits in dollar amounts at the top of the window. Credits for international calls can be purchased from Google Check-Out.

So far people are happy with the quality of the Gmail voice calls. The calls connect quickly and the sound is clear with headsets, built-in microphones and speakers. This new feature runs with Voice over Internet Protocol technology, and it offers FREE calls to U.S. and Canadian numbers. Other countries don’t get free calls, however they do get low call rates.

Gmail’s voice calling feature managed to log more than 1 million calls in the first 24 hours; a clear indication that users are loving it. Google is ever ready to infiltrate new markets and it has already used Gmail to enter the instant messaging and bookmarking market (e.g. Gtalk and Google Buzz). Voice calls is the new target market and if the first figures are any indication Skype will soon have a competitor in Gmail.