Handling spam and abuse

Handling spam and abuse

 

Introduction

The first edition of this article was written in 2003 and revising it we realise that the pace of change for internet communication has been fast and the regulations have changed surprisingly swiftly.

Sex sells and, as businesses looked for uses of the internet, they saw the business model of the telephone sex sector. Free speech has also been one of the underpinning ideas of the academic community from which the internet grew. Unfortunately, this means that there are probably unwanted, offensive or pornographic messages that arrive, which you would rather not see.

Criminals do not pay much attention to regulations and have become much cleverer in the emails they send. They use social engineering, identifying those government departments with which law-abiding citizens are more likely to comply, such as the immigration service and the tax service. These government departments are particularly careful about issuing guidance and help about frauds tricks and scams.

The best advice remains in two parts:

  • Educate yourself to avoid extortion, fraud and scams
  • Report suspicious activity and crime as quickly as you can

 

Together We Win

The police attitude to this type of crime has gone from shrugging shoulders to understanding the significant multibillion-pound impact this has on the economy. Reporting such crimes has become significantly easier

Those who have been the victim of internet frauds no longer face an uphill struggle with banks and the police. The banks are also more likely to protect their customers from identity theft than try to hide crimes that have been committed against them (for reputation sake).

UK police forces are working together to prevent and prosecute criminals misusing internet, email, social media and devices. They are more likely to be successful if we report the intelligence we find in threats or scams sent to us

 

Networks

Your devices will hook into different networks as you travel. Understanding who is responsible for the security in these places is important. Do you need to be extra vigilant in some places about someone using a back door into your device to steal information or personal data from you in some places? Or could they place a tracker on your phone? Everyone needs some cyber security basics (awareness, access and passwords, antivirus and firewalls, updates for security, robust backups) in the way that everyone needs to learn the basics of crossing the road.

 

Social media

Social media enabled old friends to be contacted easily and new networks created online. Unfortunately, it also allowed stalkers and bullies to put messages in the feed or inbox of their targets. The good news is that there is a recognition that this is a crime, and that witnesses and victims need help from the authorities

A new worrying trend started when webcams and cameras in smart phones became common. Social media, video chats and virtual meetings meant more images of people could be captured online.  News that the security settings on many devices meant they could be started remotely was unsettling. Software and device suppliers soon started working on plugging these security gaps. Criminals still send threats to expose people’s personal image in compromising situations (gleaned from social media or unauthorized use of cameras) unless they were paid a blackmail fee. The police reaction to these crimes quickly recognised the blackmail element with sexual threats being particularly distasteful and illegal

Social media and dating sites have become the hunting ground for confidence tricksters in “romance frauds”.  Confident, intelligent people are tricked into spending their savings on their new love, only to find the profile is false or they have been more comprehensively conned.

Being careful with your contact details and what you post can reduce your risk.

 

Websites

Search engine providers and social media companies are being obliged to remove fraudulent or misleading sites from their platforms. This can only happen if they are aware of sites providing misinformation or attempting a crime.

Phishing attacks have become serious irritations threatening our privacy and financial wellbeing.  Criminals impersonate government departments and trusted websites to gain access to your passwords, personal and financial information.  They use law abiding people’s general compliance with the law and desire to avoid trouble with government departments to gain this information. They also clone real websites (like banks and major retailers) with subtly different addresses to get customers information by pretending to need login details to access these copycat sites

Fortunately, government departments and responsible companies are working hard to encourage the public and consumers to be aware of these threats and protect the computers devices and family online.

Cookies (small data files on your device) are used by many websites to track use ad preferences. This use to be hidden and unknown to the users. There have been a few stories of data misuse resulting from cookies. Now websites must tell you and give you the opportunity to opt out of mailing lists and tracking..

 

Inappropriate Messages and Posts

Internet service providers (ISP) are now obliged to filter out as much spam email as they can. The general data protection regulations (GDPR) now means that email marketing lists must remove your details on request. Spam is less of a problem than it was in 2003.

Firstly, if the email you received offends you, resist the urge to delete it immediately. If the material is that offensive, you may have seen a crime and you are obliged to report it. There is a difference between free speech and a threat or discrimination.

At work we will have policies and practices around internet, social media and email use that we will need to work within. We will also have training in basic cyber security to avoid ransomware and ensure we comply with data protection regulations. Employers are taking misuse of data and internet facilities seriously. “Ignore them, they will go away” might work in the playground but not in this case. Not reporting these events can be seen as misconduct on your part.

If the email or message is spam from a mailing list it should tell you how to get off the mailing list. Follow these instructions. The emails should stop quickly. If these continue or an apparently targeted email campaign starts, report this immediately to the host company or internet service provider (ISP).  You can further escalate this to ICO as a GDPR complaint.

Continuing to report these unwanted messages does work and the volume does eventually reduce. If you don’t report the problem, you will receive more and may be risking your career.

Emails are also used for frauds against companies, sending invoices that aren’t real, requests for payment details to be changed or pretending to be from the CEO needing money sent urgently to an account for a business deal.

Avoiding signing up to mailing list unless you want them. When signing up ensure that you know exactly which organisations have your details.

 

Malware

Ransomware is software designed to attack or lock your computer which will only be released by the criminal when you have paid a substantial amount of money to them. This illegal software is often delivered to your device by clicking on a link in an email or visiting a counterfeit website. the threat is that the software will destroy your computer and all your data. Fortunately, these threats are rarely followed through because ISP and virus scanners can now identify the worst of these this malware. However, news that this software exists has not stopped emails being sent issuing such a threat in the hope of being paid.

 

Understand software licences

Some of the multimedia, audio and other software available for download includes licence conditions that allow the software writers access to your device. Click on the “I Agree” button on the licence page at the start of the installation and you may have given them (and anyone who can pose as them) the key to your network and computer. It way also gives legal access to some interesting data about you to unexpected sources: Chinese and USA laws allow personal and tracking data to be seized without notifying the data subject. Take special care when reading the licence for applications that you will use for information you may want to keep private in the future.

 

Key points:

  • Make sure you know your company policy on social media, email and appropriate internet use.
  • Learn cyber security and GDPR basic to protect yourself and your company
  • Report all inappropriate uses – not reporting could make you seem guilty
  • If you have spam, reply as instructed to request removal from the list
  • Notify the ISP or company concerned using the abuse@ email address if spam continues.
  • Be careful what software you download as it may give access to your systems
  • Read the small print in licence agreements on downloaded software

 

More information

educate yourself and stay safe

https://nationalcareers.service.gov.uk/find-a-course/the-skills-toolkit

https://www.getsafeonline.org/

https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-copycat-website

https://www.ncsc.gov.uk/cyberaware/home

https://www.fca.org.uk/firms/financial-services-register

https://www.ncsc.gov.uk/

https://nationalcrimeagency.gov.uk/what-we-do/crime-threats/kidnap-and-extortion/sextortion-webcam-blackmail

 

report crime, frauds, tricks, spam and scams

https://nationalcrimeagency.gov.uk/what-we-do/crime-threats/fraud-and-economic-crime

https://www.gov.uk/report-suspicious-emails-websites-phishing

https://www.gov.uk/government/publications/frauds-tricks-and-scams/fraud-tricks-and-scams

https://www.gov.uk/report-stalker

https://gds.blog.gov.uk/2014/03/02/report-a-misleading-website-to-search-engines/

https://ico.org.uk/make-a-complaint/

 

Contributed by:
Carol A. Long
CEng FRSA FBCS CITP

Founding Secretary BCSWomen.

 

Note: this article was first published in 2003 and substantially revised in 2020