Tag Archives: email spams

Avoid sending spam

Avoid sending spam

Leave a reply

If you send or have someone else send your marketing emails or messages, you need to know about spam laws.

How to comply

If you plan to send marketing messages or emails, you must first have consent from the person who will receive them. Even if someone else is sending out your marketing messages for you, you must still have consent from each person who will receive your messages.

After you get consent, you must ensure your message:

  • Identifies you as the sender
  • Contains your contact details
  • Makes it easy to unsubscribe

Get consent

There are two types of consent:

  1. Express
  2. Inferred

Express consent

A person who gives express consent knows and accepts that they will receive marketing emails or messages from you. This is best practice when it comes to consent.

People can give express consent by one of the following:

  • Filling in a form
  • Ticking a box on a website
  • Over the phone
  • Face to face

You cannot send an electronic message to ask for consent, because this is a marketing message. Keep a record when a person gives express consent, including who gave the consent, when and how.

It’s up to you to prove that you have a person’s consent.

Inferred consent

In some circumstances, you may infer that you have consent to send marketing messages if the recipient has knowingly and directly given their address and it is reasonable to believe they would expect to receive marketing from your business.

This is usually when a person has a provable, ongoing relationship with your business, and the marketing is directly related to that relationship.

For example, if someone has subscribed to a service, has an account or is a member, and the marketing is directly relevant to the relationship – such as a person’s savings bank telling them about another savings account with higher interest. It would not cover the bank trying to sell them insurance products.

It does not cover sending messages after someone has just bought something from your business.

Inferred consent is not as reliable as getting someone’s express consent.

Know your responsibilities for email lists

Take care when you buy or use a marketing list. You are still responsible for making sure you have consent for any addresses you use.

Identify yourself as the sender

In your message, you must:

  • Accurately identify your name or business name
  • Include correct contact details for you or your business

If someone else sends messages on your behalf, the message must still identify you as the business that authorised the message. Use the correct legal name of your business, or your name.

This information must remain correct for at least 30 days after you send the message.

Make it easy to unsubscribe

You need to make it easy for people to unsubscribe from your electronic mailing lists. Every commercial message must contain an ‘unsubscribe’ option that:

  • Presents unsubscribe instructions clearly
  • Honours a request to unsubscribe within 5 working days
  • Does not require the payment of a fee
  • Does not cost more than the usual amount for using the address (such as a standard text charge)
  • Is functional for at least 30 days after you sent the message
  • Does not require the person to give extra personal information or log in to, or create, an account to unsubscribe from marketing messages.

Tip: Remember that if you are using an alphanumeric message header in SMS, these are generally not capable of receiving return messages.

Unsubscribe examples that are clearly worded

Email:

To stop receiving messages from us, simply reply to this email with ‘unsubscribe’ in the subject line.
If you no longer wish to receive these messages, please click the ‘unsubscribe’ button below.

SMS:

Reply STOP
Unsub: (1800-number)

Other actions that may break the spam rules

You cannot:

  • Use or supply a list that has been created with address-harvesting software
  • Use or supply address-harvesting software

It is also against the spam rules to:

  • Help, guide or work with another person to break the spam rules
  • Encourage another person to break the spam rules
  • Be directly or indirectly, knowingly concerned with breaking the spam rules

If a business breaks the rules, law enforcer can take enforcement action.

Ask for or provide information

If you or someone else breaks the spam rules, you can tell us. If you do break the spam rules, telling us may help to fix the issue quickly. We review all cases individually, but it may be resolved without further action.

We value all information because it helps identify trends and spot serious or ongoing issues.

Ransomware

Crucial Facilities Companies Targeted Through Ransomware Gangs

Leave a reply

Year of 2019 was actually an especially poor year for ransomware assaults, as well as while certainly there certainly was actually a decrease in using ransomware in 2020, assaults enhanced dramatically in 2021, along with the education and learning industry as well as federal authorities companies one of the absolute most assaulted industries, although no market industry is actually unsusceptible to assaults.

There’s expanding issue around the enhance in assaults on crucial facilities companies, which are actually an appealing aim at for ransomware gangs. Inning accordance with the information coming from the Government Bureau of Examination (FBI), the Cybersecurity as well as Facilities Safety and safety Company (CISA), as well as the Nationwide Safety and safety Company (NSA), 14 of the 16 crucial facilities industries in the Unified Conditions stated ransomware assaults in 2021, consisting of the protection commercial foundation, emergency situation solutions, health care, meals as well as farming, infotech, as well as federal authorities centers. Cybersecurity companies in the Unified Empire as well as Australia have actually likewise stated crucial facilities has actually been actually targeted.

Crucial Facilities Companies Cautioned Around AvosLocker Ransomware Assaults

Today, a cautioning has actually been actually provided due to the Government Bureau of Examination (FBI), the U.S. Division of the Treasury, as well as the U.S. Treasury Monetary Criminal offenses Administration System (FinCEN) around ransomware assaults utilizing AvosLocker ransomware.

AvosLocker wased initially determined as a risk in behind time June 2021 as well as in spite of being actually a fairly brand-brand new risk, positions a considerable danger. Assaults utilizing the ransomware enhanced in the last fifty percent of 2021, along with spikes in assaults happening in Nov as well as December. Variations of AvosLocker ransomware have actually currently been actually industrialized towards assault Linux in addition to Home windows bodies.

As is actually currently typical, the assailants participate in dual extortion as well as need resettlement for the secrets towards decrypt data as well as to avoid the launch of taken information. The gang runs an information leakage webinternet web site where an example of taken information is actually submitted as well as created available towards the general public. The gang states it after that offers the taken information towards cybercriminals if resettlement isn’t created. AvosLocker is among a handful of ransomware procedures that likewise creates exposure to sufferers through telephone towards motivate all of them towards pay out the ransom money. The gang is actually understood towards problem risks of Dispersed Rejection of Solution (DDoS) towards additional stress sufferers right in to paying out the ransom money.

AvosLocker is actually a ransomware-as-a-service procedure where affiliates are actually hired towards carry out assaults for a portion of any type of ransom money resettlements they produce. As a result, the assault vectors utilized in assaults depend upon the skillsets of the affiliates. Typical susceptabilities are actually understood to become made use of towards increase preliminary accessibility towards systems, consisting of susceptabilities connected with Proxy Covering as well as unpatched susceptabilities in on-premises Microsoft Trade Web hosting servers. Nevertheless, over recent year, spam e-mail projects have actually been actually a main assault vector.

E-mail Filtering System Important for Protecting Versus Ransomware Assaults

Spam e-mail is actually a typical assault vector utilized through ransomware gangs. Spam e-mail projects work as well as offer inexpensive accessibility towards sufferer systems. Phishing as well as spam projects either utilize harmful accessories or even installed hyperlinks in e-mails, together with social design methods towards persuade point individuals towards available the accessories or even click on the web links.

The main protection versus these assaults is actually e-mail filterings system. E-mail filterings system check all of incoming e-mails as well as accessories as well as avoid harmful notifications coming from being actually provided towards inboxes. Because cyber stars are actually continuously altering their lures, social design techniques, as well as techniques towards bypass e-mail safety and safety services, it is actually important towards have actually an e-mail safety and safety service in position that can easily react to altering strategies.

E-mail safety and safety services that utilize expert system as well as artificial intelligence towards determine as well as obstruct risks outperform services that depend on anti-virus motors as well as blacklists of understood harmful IP addresses.

Do Not Overlook Safety and Safety Understanding Educating for The Labor Force

It is actually likewise essential towards offer safety and safety understanding educating towards all of participants of the labor force coming from the CEO down. The FBI as well as the U.S. Treasury Division suggested in the most recent notify towards “Concentrate on cyber safety and safety understanding as well as educating,” as well as “Routinely offer individuals along with educating on info safety and safety concepts as well as methods in addition to general arising cybersecurity dangers as well as susceptabilities (i.e., ransomware as well as phishing frauds).”

Here are the new Emotet spam campaigns hitting mailboxes worldwide

Leave a reply

The Emotet malware kicked into action yesterday after a ten-month hiatus with multiple spam campaigns delivering malicious documents to mailboxes worldwide.

Emotet is a malware infection that is distributed through spam campaigns with malicious attachments. If a user opens the attachment, malicious macros or JavaScript will download the Emotet DLL and load it into memory using PowerShell.

Once loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as TrickBot or Qbot that commonly lead to ransomware infections.

Emotet spamming begins again

Last night, cybersecurity researcher Brad Duncan published a SANS Handler Diary on how the Emotet botnet had begun spamming multiple email campaigns to infect devices with the Emotet malware.

According to Duncan, the spam campaigns use replay-chain emails to lure the recipient into opening attached malicious Word, Excel, and password-protected ZIP files.

Reply-chain phishing emails are when previously stolen email threads are used with spoofed replies to distribute malware to other users.

In the samples shared by Duncan, we can see Emotet using reply-chains related to a “missing wallet,” a CyberMonday sale, canceled meetings, political donation drives, and the termination of dental insurance.

Attached to these emails are Excel or Word documents with malicious macros or a password-protected ZIP file attachment containing a malicious Word document, with examples shown below.

Excel Email

Emotet email with Excel attachment Source: Brad Duncan

Missing Wallet

There are currently two different malicious documents being distributed in the new Emotet spam campaigns.

The first is an Excel document template that states that the document will only work on desktops or laptops and that the user needs to click on ‘Enable Content’ to view the contents properly.

Excel Attachment

The malicious Word attachment is using the ‘Red Dawn’ template and says that as the document is in “Protected” mode, users must enable content and editing to view it properly.

How Emotet attachments infect devices

When you open Emotet attachments, the document template will state that previewing is not available and that you need to click on ‘Enable Editing’ and ‘Enable Content’ to view the content properly.

However, once you click on these buttons, malicious macros will be enabled that launch a PowerShell command to download the Emotet loader DLL from a compromised WordPress site and save it to the C:\ProgramData folder.

Powershell command

Once downloaded, the DLL will be launched using C:\Windows\SysWo64\rundll32.exe, which will copy the DLL to a random folder under %LocalAppData% and then reruns the DLL from that folder.

DLL folder

After some time, Emotet will configure a startup value under the HKCU\Software\Microsoft\Windows\CurrentVersion\Run to launch the malware when Windows starts.

Registry Editor

The Emotet malware will now silently remain running in the background while waiting for commands to execute from its command and control server.

These commands could be to search for email to steal, spread to other computers, or install additional payloads, such as the TrickBot or Qbot trojans.

Emotet attack flow

At this time, BleepingComputer has not seen any additional payloads dropped by Emotet, which has also been confirmed by Duncan’s tests.

“I have only seen spambot activity from my recent Emotet-infected hosts,” Duncan told BleepingComputer. “I think Emotet is just getting re-established this week.”

“Maybe we’ll see some additional malware payloads in the coming weeks,” the researcher added.

Defending against Emotet

Malware and botnet monitoring org Abuse.ch has released a list of 245 command and control servers that perimeter firewalls can block to prevent communication with command and control servers.

Blocking communication to C2s will also prevent Emotet from dropping further payloads on compromised devices.

An international law enforcement operation took down the Emotet botnet in January 2021, and for ten months, the malware has not been active.

However, starting Sunday night, active TrickBot infections began dropping the Emotet loader on already infected devices, rebuilding the botnet for spamming activity.

The return of Emotet is a significant event that all network admins, security professionals, and Windows admins must monitor for new developments.

In the past, Emotet was considered the most widely distributed malware and has a good chance of regaining its previous ranking.

Help stopping spam

You Can Help To Stop Spam Emails

1 Reply

Not all spam email is illegal. But there are steps you can take to help stop receiving spam emails.

Laws Regulating SPAM

State and federal laws regulate and protect you from spammers.

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act is a federal law that sets standards that email marketers must follow. The Federal Trade Commission and Office of the Attorney General are responsible for enforcing and penalizing violations of this act.

The CAN-SPAM Act requires that unsolicited commercial emails:

  • Be identified as advertisements
  • Use clear, accurate, non-misleading subject lines and header information
  • Provide a functioning return email address and the legitimate physical address of the mailer
  • Include a way for people to opt out of future mailings
  • Learn more about CAN-SPAM Act standards, enforcement and penalties on the Federal Trade Commission website.

Limit the Spam You Receive

You can take steps to reduce and manage the flow of unwanted email into your inbox.

Use an email filter. Take advantage of all spam filtering tools offered by your email service and/or Internet Service Provider. If spam messages get through the filter and reach your inbox, mark them as spam to help improve the filters.

Avoid Posting Your Email Address on Websites. Spammers regularly “harvest” email addresses from websites, so never post your email address on a public website, including on blog posts, in chat rooms, on social networking sites, or in online classified ads.

Protect your personal email address. Consider using two email addresses – one for personal messages and one for shopping, newsletters, chat rooms, and other services.

Review privacy policies and opt out of mailing lists. Before you submit your email address to a website, check their privacy policy to see if it allows them to share it with others, and then think twice before providing them your information. Also look for pre-checked boxes that sign you up for email updates from the company and its partners. You may be able to opt out of receiving these emails.

Reduce Spam for Everyone

Spammers search the internet looking for computers that are not protected by up-to-date security software. When they find unprotected computers, they try to install malware on the computer so that they can control the computers.

Spammers use a network of many thousands of these infected computers – called a botnet – to send millions of emails at once. Millions of home computers are part of botnets, and most spam is sent through these botnets.

Don’t let spammers use your computer

You can take these steps to reduce the chances that your computer is infected and used to send spam:

  • Update your software. Keep all of your software – including your operating system, Internet browser and other software programs – up to date to protect against the latest threats. It is a good idea to set your software to retrieve updates automatically.
  • Use a good antivirus software. Make sure you have good antivirus software installed on your computer, and regularly receiving updates.
  • Use caution opening email attachments. Do not open an email attachment – even if it is from a friend or relative – unless you are expecting it or know what it is.
  • Download software only from sites you know and trust. It can be tempting to download free software, but keep in mind that such software may contain malware.

Let’s fight spam with Spam Poison Community

Beware of Bitcoin Investment Emails Pushing Clipboard Hijackers

1 Reply

A new malspam campaign is under that contains an attachment that when executed will install a Windows clipboard hijacker that attempts to steal Bitcoins from its victims.

This new campaign was discovered by security site My Online Security who received a series of Bitcoin investment related emails. These emails had subject line that included “FW: Review BTC” or “FW: Review Your New Bitcoin International Investment Update 2019” and contained a archive attachment.

Spam Email

This archive includes a JSE file, which is a JavaScript file, that contains a Base64 encoded executable stored in the file as shown below. When the JSE file is executed, it will decode the Base64 encoded file, save it to %Temp%\rewjavaef.exe, and then execute it.

Script

Once executed, a file called Task.exe will be saved to the %AppData%\svchost.exe\ folder as shown below. This file will then be executed as well.

Task.exe

To make sure that the Task.exe is started every time a victim logs into Windows, a startup file called svchost.exe.vbs will be created in the user’s Startup folder.

Startup folder script

The Task.exe program is actually a clipboard hijacker malware that is based off the open source BitPing program created by a security researcher named A Shadow.

A cryptocurrency clipboard hijacker is malware that monitors the Windows Clipboard for certain data, and when detected, swaps it with different data that the attacker wants. In this particular case, Task.exe will monitor the Clipboard for bitcoin addresses, and if one is detected, will swap it for the 3MSghqkGW8QhHs6HD3UxNVp9SRpGvPkk5W address, which is owned by the attacker.

Source Code

As cryptocurrency addresses are typically long and hard to remember, attackers understand that when sending bitcoins, most people will copy an address from another page, site, or program. This malware will detect the copied address in the clipboard and replace it with their own in the hopes the victim won’t notice the swap. Then when the bitcoins are sent, they would be sent to the address under the attacker’s control rather than the intended recipient.

The best way to avoid malware like this is to not open attachments that you receive from strangers or that you are not expecting. Furthermore, you should never run attachments that could execute commands on the computer. This includes JSE, JS, VBS, CMD, PS1, .EXE, or BAT file extensions.

If Windows is not configured to display file extensions, it is strongly suggested that you enable the display of extensions so you do not open malicious documents or executables by mistake.