New Spam Technique Used to Hide ID Theft

First the good news about spam: most EarthLink Internet access subscribers feel that the problem of spam is generally under control. Not that they don’t get any (unfortunately). But it’s typically a very small amount that doesn’t detract much from their overall email experience.

And that’s impressive considering that 86.7% of all email sent is spam, according to Network Solutions. In May, spam accounted for 165.6 billion (yes, billion with a b) messages.

How do we go from 86.7% spam to the very small percentage our members experience? Our EarthLink spamBlocker tool, on its default Known spam Blocking setting, automatically filters most of the spam out, so our subscribers never have to deal with it.

We also offer a higher level of spamBlocker protection, called Suspect Email Blocking, which blocks all messages from senders who aren’t in your Address Book. This is a very effective way of ridding your Inbox of virtually all spam, but you do need to actively manage it so that you don’t end up missing email you do want because you forgot to put someone in your Address Book.

Distributed Spam Distraction or Spam Blizzard

Unfortunately there’s some bad recent news to report about spam: It’s a new spam technique called Distributed Spam Distraction or, in more colorful terms, a spam blizzard.

Both names give you a clue to what this type of spam is all about: distraction and cover-up. Like a blizzard of snow that causes a “whiteout” in which you can’t see anything, a spam blizzard prevents you from seeing.

What the blizzard of spam prevents you from seeing is evidence of ID theft and fraudulent transactions: specifically, the automatic email alerts and confirmations that are normally sent out to confirm bank transfers, online purchases, and other financial transactions.

It works like this:

  • The bad guys somehow get access to your sensitive personal account information (bank accounts, credit card numbers, passwords, etc.) as well as your email address.
  • Just before they start to use your information to make illegal bank transfers and fraudulent purchases, they start targeting your email address with a blizzard of spam.
  • A spam blizzard can last from several hours to more than 24 hours and may send more than 50,000 messages to your email account.
  • The bad guys then use your account information to steal from you. When they do, the automatic email confirmations that would normally alert you to the fact that someone transferred money from your bank account or used your credit card to make multiple purchases get lost in the blizzard of spam you’ve been receiving.
  • With the blizzard of spam overwhelming your email account, the bad guys have more time to take advantage of your stolen personal information without you seeing the evidence and putting a stop to it.

Because this Distributed Spam Distraction technique is targeted at the one individual whose personal information has been stolen – the opposite of most spam, which works by hitting as many people as possible – it’s harder to block with standard spam blocking filters. These spam blizzard emails also don’t contain links to malicious content, viruses or other malware that can trigger filters. And they typically avoid content filters by keeping messages very brief and based on random text rather than the sales pitches or other spam promotions that can trigger content filters.

What You Can Do Before ID Theft Happens to You

As with many health and security issues, prevention is the best cure. If you prevent ID theft in the first place, there’s not going to be any spam blizzard directed at you to cover it up. So make sure your personal information is kept as secure as possible.

  • Don’t email sensitive information like credit card numbers, bank account numbers, PIN numbers, and passwords. Email is not secure. EarthLink will never ask customers for their passwords over email.
  • Don’t click on links in emails asking you for account information. They are often “phisher” emails sent by criminals. If you need to go to your bank or Internet provider to check your account or make a change, type the URL directly into your browser. Learn more about phisher email and ID theft here. 
  • Create long, strong, unique passwords to log into your accounts. Don’t use simple, easy-to-guess passwords – and don’t reuse passwords. Here are three simple tips to help you create safer passwords.
  • Change your passwords frequently. You can change your EarthLink password here.
  • Make your PINs random. PIN numbers are typically 4-digit numbers, so you can’t make them stronger with length or other techniques. But make sure the numbers are random and not associated with you in any way, such as your birthday, year of birth, address, etc.
  • Be careful giving out account information over the phone, unless you initiated the call. Just like phisher emails, sometimes ID thieves will call people claiming to be from their bank or a government agency.
  • Make sure Known spam Blocking is turned on for your EarthLink account. It should be on by default, but if you’re not sure, here’s how to check and activate it. This spam filtering may not work depending on the exact spam blizzard techniques used, but it could be helpful. (The stronger Suspect Email Blocking setting would prevent you from getting the blizzard of spam, but it would likely also filter out the email alerts the bad guys don’t want you to see.)
  • Install and use security software on your computer. EarthLink provides our Protection Control Center all-in-one security suite free of charge to all Internet access members and offers discounts on Norton security products, such as Norton 360 Online and Norton Internet Security for Mac. Security software can prevent spyware and other malware from accessing your computer and stealing your sensitive personal information that is then used in fraudulent transactions.
  • Set up text alerts for as many important accounts as you can. Banks often let you add your mobile phone number to your customer contact preferences, so you can get account alerts sent as texts to your phone in addition to email alerts. This way, if your email account gets hit with a spam blizzard, you should still be aware of the problem via text. See what alert options are available for your credit cards as well.
  • Maintain good records of all your account numbers, account history, phone numbers and other account information. You may need to quickly inquire about your accounts and you may need these records to verify account information.

What You Can Do If a Spam Blizzard Ever Happens to You

First, don’t over-react to spam. If tomorrow or next week you get twice as much spam as usual, you don’t have to worry that this is an attack. The amount of “regular” spam that gets by our network filters and makes it to your inbox will always vary. Remember, for the spam blizzard technique to work and bury your legitimate messages, it requires a huge, blinding volume of spam, not just an annoying amount of spam.

Also, keep in mind Distributed Spam Distraction is a very new spam technique and it is still extremely rare. We are not blogging about it because it is likely to happen to you, but rather because if it ever does we want you to be aware that it can indicate ID theft that you should deal with quickly.

  • Act fast. If you do get a sudden blizzard of spam, be safe and assume it is being sent to cover up fraudulent account transactions.
  • Check your most important accounts first (either online or by phone). These are likely to be your bank, investment accounts, credit cards, and any other financial accounts you have.
  • Notify the fraud departments at your bank and other financial institutions that you may be victim of ID theft.
  • See if the accounts can be temporarily frozen or put on alert for suspicious activity.
  • Change your account passwords if you can, starting with the most sensitive accounts.
  • Notify the fraud department at one of the three credit reporting companies (Experian, Equifax and TransUnion). Once you notify one that you are at risk of identity theft, they report to the other companies for you.
  • Fill out an ID Theft Affidavit (download a PDF here) that can help you report the ID theft to multiple institutions and also file a police report (once you are sure you were a victim).
  • Monitor your credit reports closely or “freeze” your credit reports so credit issuers can’t access your credit files (to issue new credit, for example) without your permission.

For a comprehensive list of ID theft recommendations, links to valuable resources, and contact information to help you deal with ID theft, visit Identify Theft: What to Do If It Happens to You from the Privacy Rights Clearinghouse.

If you need further assistance with your spamBlocker settings or have questions about how to protect yourself from spam, call EarthLink Customer Support at 1-888-EARTHLINK (888-327-8454).

EarthLink Software Compatibility with Windows 8

Microsoft Windows 8 Metro start screenWill your EarthLink software programs work with Windows 8?

So, it’s been about three weeks since Microsoft launched its new Window 8 operating system, which we wrote about here.

We followed up a couple of weeks ago with a post about how to use EarthLink email with Window 8.

Today we’ll continue to look at Windows 8 and the EarthLink Internet experience, focusing on the compatibility of current versions of EarthLink software with the new operating system. The good news: most of our current software can run on Windows 8 in Desktop mode (see below).

Look for updates as we release new software both here on the EarthLink Blog and in the EarthLink Support Center.

Windows 8 Metro vs. Desktop Mode

Windows 8 features an all-new interface called Metro (all the colorful tiles you see in promotions for Windows 8). In addition to Metro, Windows 8 has a more familiar-looking Desktop mode that operates more like an optimized Window 7 system than the new Metro.

Some programs, like EarthLink Access Software (see below), are not compatible with Metro but are fully compatible in Windows 8 Desktop mode. You may see an icon for these programs on the Metro interface, but when you click on them Windows 8 automatically launches them in Desktop mode.

EarthLink Access Software (current release, version 8.3)*

This free Internet access software is recommended for all our dial-up Internet customers. It helps you connect to the Internet faster and more reliably.

  • EarthLink Access Software installation on Windows 8 will switch to Desktop Mode.
  • You will be able to use our Internet connection software in Desktop mode only.
  • Click the software’s icon from the Metro Start screen and it will open in Desktop mode.
  • Dial-Up Connection and Modem detection both work on Windows 8.
  • Broadband/DSL Connection mode also works on Windows 8.

* Note: PeoplePC Access Software works just like EarthLink Access Software on Windows 8.

Protection Control Center

Protection Control Center is our all-in-one security suite that’s free for both our dial-up and high-speed Internet access members

  • If you currently have Protection Control Center installed, we recommend that you uninstall the security program before upgrading to Windows 8.
  • After Windows 8 is fully installed, you can install or reinstall Protection Control Center.
  • Windows 8 will switch to Desktop mode when installing Protection Control Center.
  • Protection Control Center will work in Desktop mode only.
  • When you click the Protection Control Center icon on the Metro start screen, a window will pop up asking “Do you want to allow the following program to make changes to this computer?” You must click Yes for the software to work correctly.
  • Security scans and Firewall work normally in Desktop mode.

EarthLink Online Backup

EarthLink Online Backup offers automatic, remote backup of multiple computers or devices. It’s a great way to make sure you don’t lose any important data or files.

  • EarthLink Online Backup works normally on Windows 8 but in Desktop mode only.
  • If you already have the backup software installed, make sure you uninstall EarthLink Online Backup before you upgrade from Windows 7 to Windows 8 (it can block the Windows upgrade process).
  • After Windows 8 is fully installed, you can reinstall EarthLink Online Backup software normally.

EarthLink System Scanner

The EarthLink System Scanner is a quick and easy way to find out what your PC may need. It checks if your computer is secure, finds simple PC fixes, and analyzes your system.

  • Good news: the EarthLink System Scanner works normally on Windows 8.

PC FineTune

PC FineTune optimizes the speed and performance of your computer. Unfortunately, the current version (v. 11) of PC FineTune is NOT compatible with Windows 8.

We recommend you do not install or run the current version of PC FineTune if you have a Windows 8 computer. Check back with our website for a Windows 8 compatible version. If you currently use PC FineTune and are considering an upgrade to Windows 8, you may want to wait.

Having problems with our software? First uninstall, then reinstall.

If you are one of our customers who are already using our software, we want your Windows 8 upgrade experience to be as positive as possible.

When upgrading from Windows 7, Windows 8 will make an attempt to carry over your previously installed EarthLink programs. However, it is possible some programs will not work correctly after the upgrade or may even prevent the upgrade process.

We recommend if you have any problems with EarthLink or PeoplePC software during the upgrade process that you uninstall them and then reinstall them after the Windows 8 installation is successful. Good luck!