Some info on recent spam

I've seen a lot of discussion recently regarding an influx of spam seemingly originating from *.wemystic.com, pnc.si, tenova.com, and now waveapps.com. All of these are from valid domains with valid websites, mostly behind the Cloudflare content delivery network and their emails are mostly backed by GoogleUser email servers.

But that doesn't necessarily mean they are real, it just means that the spammers have done a good job of hiding themselves. Many spammers use malicious software to infiltrate an email server. It uses valid email addresses that pass certain validation tests on the email server they've targeted to send their spam, including SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) - these fool the email server into allowing a spammer to appear like a valid email user. On the receiving side it also fools spam detection software into thinking it's valid, making it difficult to trap and filter out. There are other tells involving rDNS (Reverse-Domain Name System) (and others), but I don't want to over-complicate this.

Making matters worse, the email servers provided by Google (aka googleuser) to third party users (such as those listed above) have been more or less overrun by Chinese 'spambots' over the past year and Google isn't doing much if anything about it. These are essentially robots that are flooding the internet with an immense amount of spam, consisting of mostly of fake phishing emails designed to get your login credentials to a specific site or attempt to sell you something as a third party partner. How those spambots get installed is another story, since these guys have gotten really good at hiding malicious code and 'plugins' that are used by various websites (as well as phone apps). They've also gotten real good at scanning the entire internet looking for websites with poor security protocols and taking advantage of any security vulnerabilities that aren't patched. They're also getting good at using AI to create spam that appears like normal email to the commonly used spam filtering software, such as SpamAssassin.

To say this is a huge problem would actually be an understatement. I received 37 spam emails yesterday on my private, non-HughesNet email server, originating from various sources, mostly from googleuser and Asian domains, as well as normal user ISPs. The key was that a lot of it was similar-looking stuff, indicating that it was all botnet-generated spam from malware-infested websites and people's phone apps.

So enough of the mind-numbing background of how it gets there, here's what you can do to protect yourself:

1. Stop using your email address as a UserID: Many of these operate off of bulk lists of email addresses that were either found on the dark web or purchased from a company that you've used that address as your userid. I can tell you that HughesNet did not sell their email list, otherwise I'd be inundated like the rest of you, and I'm not. I have my own website-based email server and rarely use my HughesNet address except for the occasional discussion with HughesNet personnel. So what's happening here is the former. Chances are you have a Facebook account or some other social media account that your userid is your HughesNet email address, and it's been sold to nefarious people by that company. Once it's out there, it's out there and there's nothing more you can do about that. But, you can ensure it doesn't get worse by using something other than your HughesNet email address when signing up for things.

2. Block whole domains, not email addresses: Amanda has already provided a process by which you can block email from a specific domain - not the whole email address, just the part to the right of the '@'. Spammers usually rotate what they use on the left side of the '@' so entering the whole email address will be fruitless. To enter the whole domain is usually done by simply entering something like `@*.wemystic.com` or `@wemystic.com`. The asterisk in the first one can indicate that anything ('sm', 'e', 'email') will fit the pattern for email domains that have two dots. Doing this should filter everything coming from that domain.

3. Don't open unsolicited email: If you get any of these emails - don't open it. Just adjust your filtering if necessary, then delete it, and forget about it. If you happen to open it by mistake, don't click on any embedded links or open any attachments. Nine times out of ten those links will either validate you as a real email address, or worse, much worse, bring you to a site that will install a keylogger on your computer. A keylogger records every userID and password you use and sends it to someone that can hack your credit cards, bank accounts, or other financial institutions. Don't click anything in an email! Segue to...

4. Use 2FA (2-factor authentication) for added protection: As an additional precaution, it is highly recommended that you use some form of 2FA to access these kinds of sites. A good example is using Google Authenticator, which is the software equivalent of an RSA keyfob that generates a six-digit code every minute. If the six-digit code doesn't match, they're not getting in. Last week I got repeated emails telling me someone was trying to hack and change the password to my Instagram account (which I rarely use anymore). I added 2FA to the account and the emails suddenly stopped. Again, segue to...

5. Delete all unused or dormant accounts: As I previously mentioned, unscrupulous companies sell user information for added revenue. Social media companies are notorious for this. If there's something you're not using or don't plan to use, delete the account. The next time they cull their user list for sale you won't be on it. And lastly...

6. Remember to change your passwords regularly and try not to reuse them: Look, I stink at this too. We all do. But once your userid/password pair is on the dark web there will be a ton of misanthropes trying to hack your accounts. You just make it that much easier for them if all of them use the same password. At least don't use the same pair you use for your bank login that you use for Facebook - that would be inviting disaster.

There are lot of other common-knowledge/common-sense things I could add here, but I'll not bore you with them. Feel free to ask me any questions if you have any. I usually check in here in the mornings and try to reply if I can.