Engineer rates

SOMEONE IS USING MY EMAIL ADDRESS - identity theft.

This link is for anyone who has found that their colleagues are getting email from them which they did not send.

WHY DO THEY DO IT?

Spammers know that if their victim sees an email from someone they know, they will have a better chance of the victim opening a spam email. Random spam from random sources has a hit rate of around 1 in 1,000,000 whereas spam from known sources has a hit rate of less than 1 in 100.

Ultimately this is about spammers attempting to get the victim to open spam.

HOW CAN THEY GET MY EMAIL ADDRESS?

Spammers need a way to find out who the victim is familiar with. They use a variety of techniques such as:-

When someone sends you a joke email (or any other form of junk mail), there is a chance the sender is also sending it to several other people at the same time. All the recipients will be able to see who else has got the email. If one of the recipients computers has a bug, it can extract the list of email addresses form the email. The bug can send this list to the spammers. The spammers then have a list of emails from people who are likely to know each other.

Another technique is for a bug to install itself on an end users computer and simply read their address book.

HOW CAN THEY GET A BUG ONTO A COMPUTER?

Once again, there are several techniques. One is through legitimate downloads which carry a payload. Let’s say the victim opens a page on a legitimate website which has a link to a less legitimate website. The content of this second website may be dubious. There may be inks to fantastic sounding programs designed to lure the victim into downloading them.

Another data capture technique is to ‘sniff’ emails running round the internet or attempts to log into various websites.

If someone uses a daft password, they are asking for trouble as some spammers can use robots to attempt to crack your password. Some systems such as Hotmail use unsecured passwords and so may be detected on the internet. Banks use secure passwords and are extremely difficult to detect on the internet. If an end use, uses the same password for an un secured system and a secure system, a listener will be able to attempt to use your unsecured password to access your bank. This is uncommon. Usually, someone will simply guess your details and transfer money from your account to theirs.

Once they get your email address and can link it to your colleagues, they add it to other lists and once they get a certain number, these lists are sold on to other spammers.