Group emails – A Hacker’s or Spammer’s Goldmine
Group emails are prime targets for acquiring a large number of email addresses from a single email that can be sold to those who wish to use those addresses for somewhat criminal activities such as email phishing. (pronounced fishing- as in to catch a sucker)
“Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Phishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.” (Quoted from Wikipedia)
Sound familiar? Have you got an email from BMO, BCHydro, Telus, or Shaw or any other reputable institution telling you that you are in arrears or asking you to update your account information?? These people get the email addresses from group emails, just like the ones that you send out and receive on your computers for Sorority business.
All it takes is one computer to have acquired a piece of malware that was uploaded when you clicked on an ad or followed a link for information about something you were interested in. These are usually any site that accepts payments online. All you have to do is look, and malware can be uploaded to your computer, and it’s not just cookies that get uploaded. Forward or reply to the group email, and you just sent the malware to that person on that list.
That malware can reside quietly on your computer for a very long time (minutes, hours or days). It sits in the background looking at the traffic coming into your computer, specifically, emails. When it gets a group email, it scrapes and harvests the list of addresses and sends the list of to some obscure account, and you didn’t even know it happened.
How to prevent this – good quality security software, not the freebee stuff. There is a reason that it is free, it only looks for the obvious, not the subtle. Norton, AVG and MacAfee all have paid versions that upgrade daily and look for the latest and toughest and clean it out of your system as soon as it is found. This is the key, it may have been on your computer for a few days before it was discovered on the internet.
No matter how good the security software, it may take a few days before it is discovered and in the meantime, it’s checked all your email and sent reports home.
The easiest and a very simple way to avoid this problem of scrapers and harvesters is to use some simple email etiquette.
Put the group list in the Bcc. and send the document (To:) yourself. The list of email addresses are not contained in the source code of the email.