NinerNet Communications™
Blog

Corporate Blog

Why do I get so much spam?

14 February 2024 12:55:34 +0000

NinerNet hosts email. The one thing that this guarantees us is to receive complaints about spam. Unfortunately, we’re not a monolith like Google, so we need to reply to these. Try sending an email to support@gmail.com and see what you get. Silence.

So the point of this post is to try and help people understand why they get spam at all. This has nothing to do with your email hosting provider. Well, I can certainly guarantee that NinerNet is not selling your email address(es) to the spammers, otherwise we’d be rich! But we don’t need to sell your email address. If you create the email address your-common-first-name@your-domain-that-is-publicly-known.tld, bingo, the spammers have your email address. What about that support address above? That’s what’s called an RFC 2142 address. RFC 2142 (“Mailbox Names for Common Services, Roles and Functions”) outlines a list of email addresses that are supposed to exist on every domain, and one of them is support@. They are:

  • abuse@
  • ftp@
  • hostmaster@
  • info@
  • list@
  • list-request@
  • marketing@
  • news@
  • noc@
  • postmaster@
  • sales@
  • security@
  • support@
  • usenet@
  • uucp@
  • webmaster@
  • www@

You probably have one or more of those addresses on your domain. Congratulations! You’ve just painted a target on your back, or maybe seventeen of them to be precise.

Other ways spammers get your email address:

  • Websites: Don’t post your email address on the Web! Even on your own website. There are crawlers/spiders automatically collecting those addresses every minute of every day. If you post your email address on your own website, it will receive spam within days, maybe even hours!
  • Unscrupulous suppliers: This has always been a bugbear. Of course, if your supplier happens to have millions of customers, it would be tempting for them to sell your email addresses. Some disguise this as “sharing your information with trusted partner organisations”. Of course, their definition of “sharing” has a dollar figure attached to it, dollars they will never “share” with you.
  • Crackers: Ever had a virus on your computer? Your email address and the email addresses of all of your correspondents are probably not the only thing you’ve handed over.
  • Friends: You know that idiot friend or relative of yours that sends out joke emails with hundreds of email address in the “to” and “cc” fields? Yup, thanks Aunty Betty / Uncle Bobby.
  • Forwarding: This is one the things that has driven me crazy since the 20th century! It’s bad enough that your friend/relative has sent you the world’s funniest email joke in the history of humanity, but they copied it to a thousand of their closest friends and relatives by putting their email addresses — including yours! — in the “to” and/or “cc” fields so that everyone can see them! And then, to show how ignorant some of their friends and relatives are, some of them forwarded the same email with all of those addresses still exposed in the body of the message. Those email addresses are all then exposed to whatever malware comes along on any of the hundred or thousands of computers on which those emails are stored. But it’s not just ignorant friends and relatives that do this; I’ve seen supposedly professional IT people do this in professional, business emails!
  • Hacked databases: Related to the “unscrupulous suppliers” point above is the fact that the databases of said suppliers are hacked all the time.
  • WHOIS: If you’ve registered a domain, the domain registry likely has your email address in a publicly-accessible database called the WHOIS (“‘Who is’ the owner of this domain?”). Thankfully, when the GDPR was implemented in the European Union in 2018, the biggest registries in the world — the ones that run the gTLDs (generic top-level domains) — were forced to take their heads out of their nether regions and stop publishing that information. But sadly, some ccTLD registries still have their heads planted firmly where they’ve always been (can anyone say dot-zm?) and they still make this information freely available to spammers scraping the WHOIS, despite their feeble disclaimers.
  • Viruses and other malware: If one of your contacts’ machines or devices are compromised by a virus, one of the purposes of that virus is probably to spam you, or send copies of the virus to you.
  • Subscriptions: If someone is trying to get your email address for their newsletter, maybe they also want it to sell it.
  • E-cards: Awww, it’s so lovely to send your valentine (or wannabe valentine) a valentine “e-card” … or Christmas card, or birthday card, or …. You probably didn’t ask for their consent first though, so you’ve essentially just screwed (and not in the way you or your valentine want to on Valentine’s Day!) your valentine’s email address for the rest of his/her life, or the life of that email address.
  • Signing up for stuff: Whether it’s a free report or white paper or signing up for a class at a local community centre, you lose control of your email address the moment you give it out to anyone. Some websites exist simply for the purpose of collecting email addresses in this way, a cute, shiny bauble for your email address. Are you really going to read their hundreds of pages of terms and conditions to realise how your email address (and you) are going to be abused? Didn’t think so.
  • Phishing: Phishing emails essentially just try to trick you into doing something you normally wouldn’t do. Of course, they already have your email address from any of the methods listed here, but they want more than just your email address, and perhaps what they want are the email addresses of all of your contacts. Often they can get these if somehow you give them to them (LinkedIn) or they can get if you give them the password to your email account where you might have them saved.
  • Plug-ins and apps: Be very careful of plug-ins and apps that may be copying all of your contacts and sending them to whoever is controlling the app or plug-in. Be especially careful of apps and various social media websites (such as LinkedIn) that helpfully offer to send invitations to your contacts! We mention LinkedIn in this regard especially, for these three reasons:
  • Brute force: Besides the technique mentioned where spammers send to a list of common names on all domains, they can simply send to a@example.com, b@example.com and so on, and then start again at aa@example.com, ab@example.com and so on. The terms “brute force” and “dictionary attack” apply here.
  • Buying it: The other side of any of the above transactions happens when anyone who has obtained your address by one of the methods above sells it to willing buyers. You yourself have probably been spammed by people offering to sell you lists of email addresses, all of which would have been acquired by one or more of the techniques above.

If even one of the above applies to you, you have signed the warrant to have your email address spammed, but chances are that you have committed several of the above, compounding the problem. Again, it’s not your email provider’s fault that you get so much spam.

How can I receive less spam?

Two VERY effective ways to avoid spam are to use “supplier addresses” and rotating temporary email addresses. Let me explain both:

  • Supplier addresses: For many years I’ve operated a system of what I call “supplier addresses”. If I’m dealing with Twitter, for example — not that I use their name because they were mentioned in recent news about a data leak — I create the email address “twitter@mydomain.com”, and I only give that address to Twitter, nobody else. (Actually, don’t create a new email address, just create a free alias for the email address that will receive email from that supplier.) Yes, I have the email address my-common-first-name@mydomain.com, but the only people who get that email address are my family, friends and existing clients. Nobody else on the planet gets that address, and I certainly don’t enter it into a form field on a web page and I don’t post it on the Web! So if Twitter (in this example) sells my email address or is hacked, I know exactly who let my email address into the wild. To be frank, that hasn’t happened to me many times, but I quickly realised that it does happen, so the email aliases I create now all include a number (e.g., twitter123@mydomain.com). If the email address is compromised I just change the number and inform Twitter by changing it in my account with them and kill the old alias. My numbering follows a system, but you can make your own rules.
  • Rotating temporary email addresses: I link above to the service that NinerNet provides, but at this point it’s a very limited, non-automated service with very few customers. However, it’s not rocket science and you can do it yourself on your own domain. For example, if your primary address is bob@yourdomain.com, create a free alias for this month called “bob2402@yourdomain.com” on that address. I also create one for last month and one for next month, to ensure continuity when the month changes over. (The numbers in this example are obviously two digits for each of the year and the month.) Now you can give out the temporary alias to whoever you want with no concern at all about being spammed. Want to download that “free” white paper? Give them your temporary alias secure in the knowledge that when (not if) they start spamming you it will probably be after that email ceases to exist. Then at the beginning of next month, just delete one alias and create the next. In February I will have an alias for last month (2401), this month (2402), and next month (2403). On 1 March I will delete the January alias and create the April (2404) alias. If you have a contact form on your website for new customers to contact you, reply from this month’s temporary alias until they become a new client. At that point you obviously have to throw caution to the wind and start using your “real” email address, but you’ve already done a lot to hugely reduce the amount of spam you will receive from not following any precautions at all.

With a little imagination — but feel free to contact NinerNet if you need help — you can apply the above principles to all of the email addresses in your company, whether it’s just you or you have a thousand employees. They will drastically reduce the amount of spam you and your employees receive, before your email service provider’s anti-spam system even kicks in.

They key point here is that you need to practise “email hygiene”. How is your email hygiene?

Email restrictions reminder, Phishing

13 December 2022 05:00:02 +0000

As Christmas rapidly approaches, we’d like to remind you of two limitations to keep in mind with respect to sending email, and to implore you once again to take phishing scams seriously.

Sending limits

Within the last year or two we have had to implement a limit of sending to 300 email recipients per day per email account. This is a limit that hardly anyone runs up against, but it does happen. The reason for this is quite simple: email accounts are hacked when a computer or phone is compromised, and the person or organisation who has compromised the account then uses the account to send spam or phishing messages. If there was no limit on how many messages can be sent in a day they’d send millions! If this happens, our IP addresses are blacklisted and then none of our clients can send any emails outside of our network.

With this limit in place messages to only 300 recipients can be sent, and by the time the 24 hours are up a compromise will have been noticed, and the password for the email account can be reset. (We often notice these spam runs when they are in progress, and they are shut down before more than a few dozen are sent.) Experience has shown that if 300 such messages are sent, that seems to be just below the point at which damage to our IP addresses’ reputation is done. We experimented with a limit of 400, but damage was still done.

If you’re going to send messages to a few hundred or thousand of your customers we suggest the following:

  • If you regularly want to send that many emails we strongly recommend that you use a company such as Mailchimp.
  • If you have a one-time need to send a lot of emails, break your list up into groups of 300 (or just under 300) and send that many a day.

Please note that however you chose to send mass emails you must have documented proof that you’ve received permission from the recipients to send them non-personal emails like this. If you don’t have that permission, then don’t send them those emails. It’s quite simple. If you don’t have permission you cannot defend yourself against accusations of spamming, and you risk your account being suspended and removed.

Also note that the limit is the number of recipients. If you send an email to Bob, copy it to Jane and blind copy it to Jim, that’s 3 of your 300 recipients (not “1 message”). If you send another email to the same people, that’s now 6. If you send one email blind-copied to 300 recipients, you’re done for the day and you can go home. 🙂

Sending restrictions

We often see clients trying to send emails with restricted attachments. Our mail server stops emails with executable attachments (.exe files, for example, but there are more and it’s not the file name extension that determines if a file is executable) and documents that contain macros, or scripts that can be executed when the document is opened. These cannot be sent by email because they could contain malicious code. If you want to send these files to someone else we suggest that you either use what’s called the “sneakernet” — put the file on a flash drive and walk it over (perhaps wearing “sneakers”) to the person you want to give the file to — put the flash drive in the postal mail, or upload the file to a website or file upload service from where someone can download it.

Many office-type documents — spreadsheets, word processing documents, slide shows, etc. — contain macros (scripts), which you may or may not be aware of, and if you’re trying to send them they will not reach the intended recipient. Sometimes when you create a PDF file from an office document the scripts are embedded in the PDF, and those will be blocked for the same reason.

All email services — even the biggest ones — have these restrictions so that the email service as a whole can still be useful to the people that use it. If we don’t stop these kinds of emails from going out, the recipients’ mail servers will stop them from coming in.

Phishing

We desperately want to remind you yet again — we know, it sounds like a recording — about email scams, and in particular “phishing” scams. These scams happen. They happen to you. They happen to our clients. 2022 was a record year for our clients, and not a record to be proud of. Just among the clients we know of, over US$100 000 was lost as a result of phishing scams. This is shocking; this is heartbreaking. It doesn’t need to happen.

Treat every email you receive — even this one! — with suspicion. Rather than looking for signs that an email might be a scam, just assume it is! Then look for the signs that it isn’t a scam. Instead of memorising an interminable list of things to look for that show an email is a scam, instead simply ask the message to prove to you that it really is from the person who claims to have sent it, and that the request it contains is legitimate. Did NinerNet really just send you the email you received that is asking you to verify your email password, or upgrade to some service that we don’t even offer? No, we didn’t send that email. We just don’t send emails like that, and neither does any other mail provider … or bank, or life insurance company, or …. Almost nobody sends a legitimate email claiming that you have to pay an invoice in a different way to how you’ve been paying that company for years! Yes, your suppliers do change banks occasionally, but if they do they will give you plenty of notice, not send you a frightening message out of the blue demanding that you send them money to a different destination or have your service cancelled. It just doesn’t happen like that in the real business world. THINK! BE SUSPICIOUS!

You should learn more about email scams and phishing. Read these links:

If you have any questions about any of the above, please do let us know. Thank-you.

We will have one more email for you before the end of the year, with information we’re excited about because we hope it will improve our email infrastructure in 2023. We hope you’ll like it too.

Yet another note about scam emails

19 May 2021 07:36:15 +0000
Phishing scam email, 2021-05-12.

Phishing scam email, 2021-05-12.

The scam and phishing emails continue to come in. The most recent example is particularly aggressive. Please do not fall for it.

NinerNet would never send out an email this aggressive or threatening.

Please review our last two blog posts about these kinds of emails. They are all 100% scams.

Another one of these emails had this “from” field:

From: Domain@nc036.ninernet.net, Admin@nc036.ninernet.net

The footer of the emails also contains a note that states, “example.com Webmail Support”, where “example.com” is the domain in the recipient’s email address. This is all automated, and doesn’t make it any more legitimate.

If you have any questions or concerns, please do contact NinerNet support. Thank-you.

Warning about sexual blackmail/extortion scam emails

13 April 2021 09:32:21 +0000

We have, in the past, warned of sexual extortion and blackmail emails. These reared their ugly heads in 2018, and have continued to circulate in various forms since. I have received them myself, and they are unnerving.

Today we warn you again, but with added urgency because we know of someone who has fallen for this scam. This is not unusual, because people fall prey to these scammers every day, but it is even more saddening when it’s someone you know.

Here is the email they fell for:

From: KJi
Sent: April 05, 2021 1:23 AM
To: Recipients
Subject: Evidences Against You

Hello,

It’s so shameful how people can’t be satisfied with their marriages.

We know you are cheating on your spouse and this has been backed-up with
evidences from your hacked mobile device for your fyi.

Just a little favor from you to me can go along way in esnuring things don’t
get bitter with your spouse finding out.

Kindly send an equivalent of 1200$ worth of bitcoin to this wallet
:bc1qt9fx8fz2fydy0q5h0ruvd30a7ujqxmx80hn3tn

Trust me, this is very little compared to what will happen if you don’t
cooporate with us and i believe you love your family no matter what.

In 48hrs time,if we don’t receive this token of 1200$ worth of btc from you,
you will receive pictures and screenshots via email and same will be sent to
your spouse as well.

Your time start counting now and note that any attempt to file a complaint
will not result to nohing as this e-mail cannot be traced and same as my
bitcoin id.

If, by any chance I find out that you have shared this message with anyone
else, I will make things go viral immediately

Rdgs,

KJ

Note all the spelling, grammatical and punctuation errors.

There is no way for this person to get their money back, as there is no way to find the scammer. And it is a scam; the sender does not have any “evidences”. It’s a shot in the dark, and the chances of their mass email finding someone who really is being unfaithful in their marriage — and are feeling guilty and don’t want to be outed — are actually pretty good!

Please take this warning seriously, and don’t be fooled by these emails. They are just scams. We strongly suggest that you circulate this information to your colleagues, co-workers, employees, family and friends. Knowledge is power against the scammers.

Compendium of scam emails

13 April 2021 09:26:41 +0000

Scam and “phishing” emails arrive daily by the truck load. We can’t send a warning every time we ourselves get a scam or phishing email. If we did, our own emails would become just noise in the background.

However, we present here eighteen screenshots of scam, spam and phishing emails that we have received or seen over the last four years. If you’re not sure what one of these emails look like, we encourage you to look these over. The approaches vary, but here are some common factors:

  • They advise you that your email account is over quota, and you must take some immediate action to prevent catastrophe — i.e., the loss of all your email.
  • Your email account is being closed or upgraded.
  • The webmail for your account is being upgraded, and you have to take action.
  • Your domain is being cancelled or expired within a few hours or a couple of days.
  • Payment for the renewal of your domain is overdue.
  • Wordy expiration notices that are unclear about what exactly is expiring and how it could theoretically affect you.
  • Domain SEO (search engine optimisation) notices made up to look like invoices for domain renewal.
  • Emails with links that disguise the true destination to which you are clicking. Always check the status bar in your email program or app — before you click, while hovering your mouse pointer over the link — to determine whether or not your browser will really be going to a domain you recognise — e.g., niner.net if you are a NinerNet Communications client.
  • Emails that try to sound like they come from your own company’s IT department, complete with copyright notices.
  • “Final” renewal notices that are a surprise.
  • Fine print at the end of the email that makes ludicrous statements that contradict the meat of the email, such as, “We do not directly register or renew domain names” or “THIS IS NOT A BILL” (in an email that looks like it’s a bill to renew your domain); “We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading” (in an email that tries to mislead you into paying what looks like an invoice).
  • Urgent server warnings, that aren’t urgent server warnings at all.

NinerNet Communications is judicious about how many emails we send out, and how often we do. We’re also careful to ensure that we use proper spelling and grammar. Our emails do not contain copyright notices and pages of meaningless legal notices. (Maybe they should, but currently they don’t. We’re real people who tend to believe that our clients are also real people with brains.) With that in mind, here is a non-exhaustive list of things you should look for to determine if an email you’ve received really is from NinerNet and if it’s legitimate:

  • Is it from an email address on the niner.net domain? (Configure your email program or app to show you the sender’s actual email address, not just their name.) If it’s not, it’s not from us and you can probably ignore it if it claims to be about your hosting or domain.
  • Does it try to scare you or make you angry, such that you might take immediate action? If it does, it’s definitely not from us.
  • Is it in HTML or “rich text”, with different colours and types of fonts, and does it contain images or things that look like buttons (especially that say “secure online payment”)? It’s very likely not from us.
  • Are there copyright notices in the email? Definitely not from us.
  • Does it flatter you with words such as “esteemed” or “valued”? Not from us. (You are esteemed and valued, for sure; we just don’t lay it on thick with you!)
  • Does the email address you by the name in your email address? For example, if your email address is accounts@example.com, does it address you as “accounts” as if that was your name? Not from us.
  • Does it ask for personal information or ask you to update or confirm personal information? Very likely not from us unless you’re a brand new client.
  • Look very carefully at the sender’s address. Does the font on your email program make some letters look like others? For example, if the sender looks like bob@example.com, are you sure his domain isn’t exarnple.com? With some fonts the “r” and the “n” together look like the “m” in “example”.

Of course, the above checklist can be applied to any email you receive, including emails that purport to be from your bank.

Attachments: Don’t open attachments from unknown senders or that you are not expecting, even from known senders. Also make sure you have anti-virus software installed.

Our automated notices telling you that your mail box is full, or close to it, are extremely brief and do not try to scare you or offer you links to “free upgrades” or anything like that.

If you click on a link in an email and enter information on a form — especially a password — and then realise that it’s a scam/phishing, immediately change that password. You should also contact NinerNet, or whoever that account is with, to inform them what has happened.

Finally, when we do send you an email to advise you of something that applies to all (or most) clients — such as server moves, upgrades, etc. — we include a link to our blog (blog.niner.net) so that you can confirm that information.

Below, then, are the eighteen screenshots of scam, spam and phishing emails. The first is particularly noteworthy, as it is a sexual blackmail/extortion scam that seeks payment via Bitcoin. It and similar emails will be the subject of our next blog post.

If you have any questions, please contact NinerNet support. Thank-you.

Sexual blackmail bitcoin email scam.

Sexual blackmail bitcoin email scam.

A couple of issues today

27 January 2021 10:28:08 +0000

We, as well as some clients today, have received phishing emails advising the recipients to follow a link to deal with emails that have been quarantined or “suspended” on the mail server. These emails are scams, and do not come from addresses on the niner.net domain. Do not click on the links, and delete the emails.

Secondly, we are aware that the primary mail server’s IP address is in at least one new blacklist as a result of our data centre being blacklisted. If email you send is bounced for this reason, please advise us and we will re-route email to that domain via one of our relay servers.

Please contact NinerNet support if you have any questions or need to report something. Thank-you.

Business during the COVID-19 pandemic

19 March 2020 02:54:52 +0000

We know that some of you are no doubt weary of COVID-19 (coronavirus) news updates, but we’re prompted to make this brief statement.

NinerNet‘s operations are not currently, nor forecast to be, affected by this pandemic. We do have business continuity plans, but at this point they have not needed to be activated beyond following public health guidelines and directives. We have had communications from some (but not all) suppliers that they are implementing contingency plans to ensure the continuity of their own businesses, and therefore we do not anticipate we or you (our clients) will be adversely affected.

It’s important to remember that the vast majority of the relatively small numbers of people who have been affected so far have recovered. This means life will no doubt carry on as usual in the near future.

In the meantime though, as the operators of a service on which you rely for information communication, we want to remind you that the scammers and spammers never rest — in fact, through our spam filtering we know they are already at work, attempting to take advantage of fear. If you receive any email about the pandemic — offering rumours, cures, masks, hand sanitiser or even (in some parts of the world) toilet paper! — they are best ignored.

We very much appreciate your business. We hope you are staying safe and healthy, and we look forward to continuing to serve you for many years to come. If we can help you or your business in some way during this time, please do tell us how.

Here are some links that may help you get some factual information from your governmental health authorities:

Thank-you, and stay well.

Craig

Scammers never sleep

31 December 2018 10:02:41 +0000

If you thought you could get a break from scammers over Christmas, think again. This one landed in our in box on Christmas day, as is clear from the date the countdown starts!

From: greatroadnorth.com is about to expire. <no-replay@renewal-service.info>
Reply-to: “greatroadnorth.com is about to expire.” <no-replay@renewal-service.info>
Subject: Domain Administrator
Date: Tue, 25 Dec 2018 17:52:19 +0000
Return-path: <01020167e67ef75e-d5d2ee16-fd2f-457e-9a8d-00dba3dc6492-000000@eu-west-1.amazonses.com>
X-spam-score: 2.125

Tucows Domains Inc.
====================
IMPORTANT NOTIFICATION
====================
greatroadnorth.com
Date: 2018-12-25

Dear Domain Administrator,

The Domain SEO-listing shown below are set for renewal and need to be processed in the next 48 hours.

No need to worry, please go to this link and follow the instructions:
renewal-service.info/greatroadnorth.com

Your product details are listed below:
====================

Product Name:
SEO-Renewal for greatroadnorth.com
Expire Time:
48 hours from 2018-12-25
Renewal cost per annum:
$69.00

====================
Amount due: $69.00

PAYMENT INFORMATION
Information on how to renew your domain can be found here:
renewal-service.info/greatroadnorth.com

This offer is only valid for 48 hours as a courtesy to let you know that your domain is expiring soon and this search engine optimization offer will expire.
Should your domain name expire, there is going to be a signifcant drop
in search engine services for your website, email and any other associated services.
This domain seo registration for greatroadnorth.com limited time offer will end in 48 hours from 2018-12-25.

Thank you!

Sincerely,
Renewal department

====================

Note:
You received this message because you elected to receive notification offers. Should you no longer wish to receive our offers, please unsubscribe here. If you have multiple accounts with us, you must opt out for each one individually.

Some characteristics of this spam/scam:

  • Your name (available from the WHOIS) will be in the subject, along with a flag emoji to draw attention to the email.
  • The name of your legitimate domain registrar (also available from the WHOIS) will be at the top of the email, even though they did not send the email.
  • There is the usual very close deadline (48 hours), after which the world will end for you and your domain.
  • The plain-looking links in the email mask tracking links to the domain wizz.netvalue.io.
  • The scammer makes the unusual claim that not sending them money will cause “a signifcant [sic] drop in search engine services for your … email”. This, of course, is absolutely false, as your email traffic is not tied directly to search engine traffic anyway.
  • Sent through the best and biggest “bulletproof” spam hosting service in the world: Amazon.

Given the fact that most gTLD registrars (including the ones we use) have not pubished WHOIS information since May 2018, these scams are being sent to old mailing lists compiled before publishing stopped, and are out of date. (For example, the domain that is the subject of this email no longer exists.) Changing the contact email address on your domain and shutting down the old address is something you should consider doing.

Extortion scam email

24 July 2018 04:57:43 +0000

We have had a particularly nasty extortion email brought to our attention by two different clients in the last four days. Some research reveals that it has been around since at least late last year, but variants of extortion emails are almost as old as email itself. However, the personal nature of the current incarnation of these emails is alarming to those who receive it, even those with a clear conscience.

Unfortunately, as with most (if not all) scams, the scammers have been successful. In this case, because they demand payment of their ransom in Bitcoin, and the Bitcoin system allows public tracking of all transactions (just not the identities of the senders and receivers), researchers have been able to see that the Bitcoin addresses used in these scam emails have indeed received payments. A quick glance shows payments reaching into six figures (in US dollars) for some Bitcoin addresses (like bank account numbers, but not subject to the same scrutiny as happens when you open a bank account), and since it seems that few (if any) Bitcoin addresses have been used twice (although they are probably controlled by a small number of criminals), you can multiply that many times over.

One of the key features of the current round of emails that seem to have cropped up in the last week is the inclusion of a password that you may have used at some point in the past, both in the subject and the body of the email, to get your attention. This adds plausibility to the extortion attempt. However, keep in mind that huge databases of personal information are being breached by hackers all the time. The well-known tracking website “Have I Been Pwned” includes over five billion breached accounts (and growing) in its database. They compile their database from the raw data released by hackers after they penetrate the systems of the likes of LinkedIn, MySpace, Adobe, Ashley Madison and many others, so those databases are out there and will be forever. If a website or company you use was hacked and your password was stored by them in an unencrypted form, then there are databases out there that contain enough information to put together your email address and a password you have used, and possibly your name, address and phone number too. (Some people have received these extortion attempts via postal mail.) Do an old-fashioned mail merge and voila, you have an email message that could scare you into parting with anywhere from hundreds to tens of thousand of dollars in a vain attempt to keep a secret that a scammer made up in his or her own imagination.

As with all spam and scam emails, these are best ignored. They are just mass produced by the millions and fired out at the Internet shotgun-style.

Some have commented in the links we provide below that they have contacted the police about these emails (or letters) and received the cold shoulder. This is unsurprising. One of the benefits of computers is also one of their downsides; the fact that you can send an hilarious cat video to a few thousand of your closest friends is the same technology that allows scammers to multiply their own efforts considerably and with very little effort or expense. Your national police force probably already has this in their in tray, and when combined with other law-enforcement efforts it will probably rise to the top one day when they pull Guido over for speeding and realise that he is the mastermind behind all of this. Case closed.

There are many “top ten things you should do to remain safe on the Internet” lists out there. None will cover it all in only ten items, but here are some things for you to consider in the vein of the contents of these emails that we have reproduced below:

  • Don’t reuse passwords. If you consistently use the same email address and password for different websites, then when one of them is breached, all of your accounts are breached. Use a different password for every single website. It’s not that hard. Use a password manager like KeePass to generate and track random, complicated passwords that you will never remember and never need to remember.
  • Cover your webcam lens with an opaque cover when it is not in use. Some webcams include such a cover you can flip over the lens. If yours doesn’t, you can get a sticky cover that you can easily remove and reapply that doesn’t leave residue on the lens. We buy ours from the Electronic Frontier Foundation, but you can get generic ones or small metal covers you can install that you then slide to cover the lens (do a Web search for “webcam cover“), or you could use a sticky note or even a plaster / adhesive bandage.
  • Tell your friends and family. Friends don’t let friends pay bogus ransoms for bogus extortion attempts. Send them a link to this post at blog.niner.net/2018/07/24/extortion-scam-email

If you have any questions or concerns about this, please contact us and we will be happy to answer your questions. Thanks for your time.

Links to external websites with additional information documenting this scam

The two emails brought to our attention are below. The wording is not identical, but the style and substance are the same and they seem to be written by the same person. In these emails we have masked our clients’ names, email addresses and passwords, of course.

Email 1

———- Forwarded message ———
From: Juliana Bradford <ydewillyfx@outlook.com>
Date: Mon, 23 Jul 2018 at 19:46
Subject: CLIENT NAME – PASSWORD
To: CLIENT EMAIL ADDRESS

I am well aware PASSWORD one of your passphrase. Lets get right to point. There is no one who has compensated me to investigate you. You do not know me and you’re most likely wondering why you’re getting this e-mail?

In fact, I actually setup a malware on the X streaming (pornography) web-site and do you know what, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your internet browser began functioning as a Remote control Desktop that has a key logger which provided me accessibility to your screen and web camera. Right after that, my software collected all your contacts from your Messenger, social networks, as well as e-mailaccount. After that I created a video. First part displays the video you were viewing (you have a nice taste haha), and 2nd part displays the view of your cam, yea it is you.

You get two alternatives. Shall we read each of these choices in particulars:

First choice is to disregard this email message. In this scenario, I am going to send out your very own recorded material to every single one of your contacts and also just think concerning the awkwardness you will see. And consequently if you happen to be in an important relationship, just how it will eventually affect?

2nd alternative is to pay me $7000. Lets refer to it as a donation. Consequently, I most certainly will without delay discard your video recording. You could go on your daily life like this never occurred and you surely will never hear back again from me.

You will make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address to send to: 18sPsLXYDqKZnZ6Mb5xbYS168QFPYrQC75
[case sensitive, copy & paste it]

Should you are planning on going to the law enforcement, well, this mail can not be traced back to me. I have covered my actions. I am just not looking to ask you for money a whole lot, I simply want to be paid. I’ve a special pixel within this mail, and right now I know that you have read this message. You have one day to make the payment. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, co-workers, and many others. Nevertheless, if I do get paid, I will destroy the video right away. If you need proof, reply with Yea then I will certainly send out your video recording to your 7 friends. It’s a nonnegotiable offer and so please don’t waste my personal time & yours by responding to this message.

Email 2

——– Forwarded Message ——–
Subject: RE: CLIENT NAME – PASSWORD
Date: Thu, 19 Jul 2018 05:03:35 +0000
From: Antonio Simmons <jrcsxeugeniouks@outlook.com>
To: CLIENT EMAIL ADDRESS

I will directly come to the point. I do know PASSWORD is your pass word. More to the point, I am aware about your secret and I’ve evidence of your secret. You do not know me personally and nobody paid me to look into you.

It’s just your bad luck that I came across your bad deeds. Well, I placed a malware on the adult video clips (porno) and you visited this site to have fun (you know what I mean). While you were busy watching videos, your internet browser initiated operating as a Rdp (Remote desktop) that has a key logger which gave me access to your display screen as well as web camera. Right after that, my software program gathered your entire contacts from messenger, facebook, and mailbox.

Next, I put in more hours than I probably should’ve looking into your life and made a two view video. 1st part shows the video you were watching and second part shows the view from your web camera (its you doing dirty things).

Honestly, I am ready to forget all information about you and let you continue with your daily life. And I am going to present you 2 options that will make it happen. Those two option is with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore these 2 options in more detail.

Option One is to ignore this email message. Let us see what is going to happen if you opt this option. I will certainly send your video to your entire contacts including family members, co-workers, and so forth. It does not shield you from the humiliation your self will face when family and friends discover your dirty details from me.

Option 2 is to send me $ 2900. We will call it my “privacy tip”. Now lets see what will happen if you choose this option. Your secret remains your secret. I’ll erase the recording immediately. You go on with your routine life that none of this ever occurred.

At this point you may be thinking, “I will complain to the police”. Let me tell you, I have covered my steps in order that this e mail cannot be linked to me plus it won’t prevent the evidence from destroying your lifetime. I’m not seeking to steal all your savings. I just want to get compensated for the time I placed into investigating you. Let’s assume you decide to produce all of this vanish entirely and pay me my confidentiality fee. You will make the payment via Bitcoin (if you don’t know how, type “how to buy bitcoins” on google search)

Amount to be paid: $ 2900
Bitcoin Address to Send to: 1GQK1MNV5N7B9pV8L63W7nGfChJkKp7ymq
(It is CASE sensitive, so you should copy and paste it carefully)

Tell nobody what you should use the bitcoin for or they may not provide it to you. The method to get bitcoin will take a short time so do not delay.
I’ve a specific pixel within this email message, and now I know that you’ve read this e mail. You have 24 hours to make the payment. If I don’t get the BitCoin, I will definately send out your video to your contacts including close relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I’ll destroy the video and all other proofs immediately. It’s a non negotiable offer, thus do not waste my personal time & yours. Your time is running out.

Data privacy developments

22 May 2018 22:44:39 +0000

The purpose of this long blog post is to keep you informed of a significant development in the domain registration business, how it will affect you, what action you need to take and how to protect yourself from the criminals who will take advantage of the confusion that will no doubt be generated. We have also sent this via email to our clients.

The GDPR

In the last few months you may have heard rumblings about a new European law called the GDPR, the General Data Protection Regulation. This is a sweeping new law that will affect people in every corner of the globe, not just in the European Union (EU). It places a premium on the value of individual privacy, and restricts how the personal data provided by an individual may be used by companies and organisations. Fines for breach of the law can reach tens of millions of euros.

The GDPR is a good thing, and will address some glaring problems in our industry that we have referred to on a number of occasions, particularly the public WHOIS system where a domain registrant’s information is available for all the world to see, and is therefore used by scammers worldwide. However, even a good law is still a law and comes with an administrative burden for all parties.

On the hosting side of our business, not much (if anything) will change. We have always closely guarded the personal information of our clients — and that won’t change — and only collected what is technically and legally necessary to provide the services you contract from us.

Domain registrations

On the domain registration side of things, because of the fact that the domain registration system requires a number of entities to co-operate — registrant (you), registrar (currently OpenSRS/Tucows), reseller (NinerNet), registry (various, including Verisign, CIRA, ZICTA, etc.) and ICANN (the Internet Corporation for Assigned Names and Numbers) — you will start to see various transactional emails from us refer to the GDPR (which comes into force on 25 May 2018) and mechanisms for you to provide and, if necessary and possible, withdraw consent for use of your personal data. The need for you to fulfil your obligations as a domain registrant and respond to calls to action in emails will be in addition to actions you have needed to take until now. In short, it should mean a couple more emails per domain per year that you will need to pay attention to, but exactly how this manifests itself will develop over time, especially in the first year after this Regulation comes into force.

While it’s a reasonable question to ask why an EU law will apply to people and companies outside of the EU, the fact is that, worldwide, domain registries and registrars intend to comply with this Regulation and adopt a uniform system for managing it. Many jurisdictions have privacy laws, but the GDPR looks like it will be the most robust affecting the greatest number of people and the general feeling among proponents is two-fold: 1) Privacy is a good thing and we should follow the most stringent standards in favour of it, and 2) If we have to adjust policies and practices, then it makes no sense to have one set of policies and practices for some people and another for everyone else.

While this law affects all industries (and governmental organisations) in the EU and those (within and without the EU) that deal with European residents, the most visible effect in our industry will be on the public WHOIS (“who is”) system, where your personal information — name, address, phone number, email address, etc. — is currently published in public databases of domain registrants for everyone to see. These databases will continue to exist, of course, but access to them will be restricted, through layered access to a new “gated” WHOIS system, to legitimate accredited users that will include law enforcement organisations and intellectual property lawyers, as well as the registries, registrars and resellers directly involved in a particular domain registration.

Spammers, scammers and fraud artists

The one class of people that we certainly hope will no longer have access to this information is the fraud artists that fill your email every day — despite our best efforts — with offers to enlarge body parts, sell you web design and “search engine optimisation” services, scam you into sending them money for services they’ll never provide, and trick you into providing information to them that will lead to identity theft (phishing). With any luck, this new law will finally almost wipe out the spammers who harvest your email address from the WHOIS. It won’t stop those who get your unprotected email address off your website, or already have it or buy it from these unscrupulous individuals, but it should stop anyone else getting your email address if you change it in your existing domain registration.

But speaking of scams, as sure as night follows day (we’ve seen it before) these changes will no doubt lead to many scammers sending out emails urgently requiring you to take some action or another after clicking a link in their email. The text of the emails will use urgent language designed to scare you, but that they assume you will have heard in the news. They will refer to the GDPR and tell you that if you don’t go to a website and fill in a user name and password for your domain — and perhaps send them money too — your domain will be suspended and deleted.

DO NOT FALL FOR THIS! IT IS NOT TRUE!

As we have said over and over again for more than twenty years, if you receive an email about your domain or hosting from an email address that is not on the niner.net domain, then it is almost certainly a scam. If the email attempts to scare you into taking action immediately, then that only adds to the weight of evidence pointing to it being a scam. If you are concerned and not sure, we’re happy to advise you if you forward the email in question to us before taking any action.

Our new privacy policy

As with many Internet companies, the new GDPR has prompted us to revise our privacy policy. Our privacy policy — part editorial, part serious statement — is unlike any you have ever read. It provides some truth about the real problem with what the true purpose is of many (mostly larger) companies these days, and how we’re very different.

No action required at this time

Finally, no action is needed from you at this time. However, after 25 May you will start to receive email notices directing you to take GDPR-related actions, especially if you change anything to do with your domain, and possibly when you renew it.

If you have any questions, please let us know. Thank-you for your time.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: