Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com

Hello,

You authorised a payment of 37.81 GPB to eBay International UK (UK-ebay-inc-admin@ebay.co.uk)

Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account balance will be used first. If you have a zero balance or insufficient funds in your account, your backup funding source will be charged for the full or remaining payment. Please note that your bank or card provider may charge a dishonour fee if you have insufficient funds to make the payment.

Thanks for using PayPal. To view the full transaction details, log in to your PayPal account.

Email1

Email2

Let me tell you how to spot the phishing details: Continue reading “Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com”

Advertisements

The Trojan of the Month Award goes to: Avril Sparrowhawk CWIH8974 PAYMENT RECEIVED

I just got a bit of malware spam: “CWIH8974 PAYMENT RECEIVED” / “Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]”

This fake financial spam does not come from Les Caves de Pyrene but is instead a simple forgery with a malicious attachment. How did I know it was spam? I don’t buy wine. 🙂

If you receive this e-mail, delete it immediately and contact your IT Support company. Do not open the attachment(s).

virusThe attached file is a malicious document “CWIH8974.doc” which has a low detection rate. There are likely other variants of this virus going around but in the cases we’ve seen it downloads a malicious executable file from.

The virus itself allows the hacker to compromise the web browser so that when the user tries to log in to their Internet Banking, the details are leaked to the hacker who attempts to withdraw funds from the user’s bank account.

From: Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]
Date: 22 December 2015 at 11:14
Subject: CWIH8974 PAYMENT RECEIVED
Continue reading “The Trojan of the Month Award goes to: Avril Sparrowhawk CWIH8974 PAYMENT RECEIVED”

How to check for HTML content in contact forms? Spam proof without Captcha.

If you ever wanted to stop receiving spam about luis vuitton bags, you wondered how you can spam-proof your contact page without the addition of captchas.

The contact form HTML Code (make sure you include max length for all the fields:

<form name=”contactform” id=”contactform” method=”post” action=”send_form_email.php”>
<ul class=”row form”><li class=”col left”>
<input type=”text” id=”Name” name=”Name” class=”required” placeholder=”Name” maxlength=”100″>
<input type=”text” id=”Email” name=”Email” class=”required” placeholder=”Email” maxlength=”100″>
<input type=”text” id=”Subject” name=”Subject” class=”” placeholder=”Subject” maxlength=”50″></li>
<li class=”col right”><textarea id=”Message” name=”Message” placeholder=”Message”></textarea></li></ul>

</form>

The PHP code in send_form_email.php:

<?php
function spamcheck($field)
{
    //filter_var() sanitizes the e-mail 
    //address using FILTER_SANITIZE_EMAIL 
    $field = filter_var($field, FILTER_SANITIZE_EMAIL);
    
    //filter_var() validates the e-mail 
    //address using FILTER_VALIDATE_EMAIL 
    if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
        return TRUE;
    } else {
        return FALSE;
    }
}

function linkcheck($message)
{
    //$message = 'Check this out <a href="http://www.something.com">Click here</a>. Click it';
    
    if (preg_match('/<a[s]+[^>]*?href[s]?=[s""']+(.*?)[""']+.*?>([^<]+|.*?)?</a>/', $message)) {
        // THERE IS A HYPERLINK IN THE MESSAGE
        // DO SOMETHING
        return TRUE;
    } else {
        return FALSE;
    }
}

function clean_string($string)
{
    $bad = array(
        "content-type",
        "bcc:",
        "to:",
        "cc:",
        "href"
    );
    return str_replace($bad, "", $string);
}


function died($error)
{
    
    // your error code can go here
    
    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
    echo "These errors appear below.<br /><br />";
    echo $error . "<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();
    
}


if (isset($_POST['Email'])) {
    
    //check if the email address is invalid 
    $mailcheck = spamcheck($_POST['Email']);
    if ($mailcheck == FALSE) {
        died("The Email Address you entered does not appear to be valid.");
    }
    //send email 
    $email_to      = "YOUR EMAIL";
    $email_subject = "Query Submitted ";
    
    // validation expected data exists
    
    if (!isset($_POST['Name']) || !isset($_POST['Subject']) || !isset($_POST['Email']) || !isset($_POST['Message'])) {
        
        died('We are sorry, but there appears to be a problem with the form you submitted. Please make sure all fields are filled in!');
    }
    
    $first_name = $_POST['Name']; // required
    $email      = $_POST['Email']; // required
    $subject    = $_POST['Subject']; // not required
    $comments   = $_POST['Message']; // required
    
    
    $error_message = "";
    $string_exp    = "/^[A-Za-z .'-]+$/";
    if (!preg_match($string_exp, $first_name)) {
        $error_message .= 'The Name you entered does not appear to be valid.<br />';
    }
    
    if ((strlen($comments) < 2) || (linkcheck($comments) == TRUE)) {
        $error_message .= 'The Message you entered do not appear to be valid.<br />';
    }
    if ((strlen($subject) < 2) || (linkcheck($subject) == TRUE)) {
        $error_message .= 'The Subject you entered do not appear to be valid.<br />';
    }
    
    if (strlen($error_message) > 0) {
        
        died($error_message);
        
    }
    
    $email_message = "Dear AdventExhibitions Administrator,nn A new query has been submitted on the website. Details below: nn";
    
    $email_subject .= $subject;
    $email_message .= "Name: " . clean_string($first_name) . "n";
    $email_message .= "Subject: " . clean_string($subject) . "n";
    $email_message .= "Email: " . clean_string($email) . "n";
    $email_message .= "Comments: " . clean_string($comments) . "n";
    
    
    // create email headers
    
    $headers = 'From: YOUR EMAIL' . "rn" . 'Reply-To: YOUR EMAIL' . "rn" . 'X-Mailer: PHP/' . phpversion();
    
    
    mail($email_to, $email_subject, $email_message, $headers);
    
?>
 
Thank you for contacting us. We will be in touch with you very soon.
 
 <?php
}
?>

Email Marketing – Advertise! Do not Spam

There is a fine line between advertising and spam and unfortunately many business owners do not understand the difference between the two. This is important because while a clever, well planted Internet marketing campaign can help to attract new customers and keep existing customers loyal, spam is likely to alienate both new customers and existing customers. This can be extremely damaging to profit margins for the business owners.

When_Writing_YouThis article will take a look at a few basic Internet marketing strategies such as banner ads, email campaign and message board posts and describe how each can quickly cross the line from cleaver advertising to spam.

Banner ads are one of the most popular strategies which accompany an Internet marketing plan. These ads are usually ads which appear at the top of websites and span the width of the website. It is from this appearance that they earned the name banner ads but actually banner ads can refer to ads of a variety of different sizes and shapes which appear in an array of different locations on a website. In many cases the business owner purchases advertising space on these websites but the banner ad may also be placed as part of an exchange or an affiliate marketing campaign. Banner ad exchanges are situations in which one business owner posts a banner ad on his website in exchange for another business owner posting his banner ad on the other website. These agreements may be made individually between business owners with complementary businesses or as part of exchanges facilitated by a third party. In the case of affiliate marketing, an affiliate posts and advertisement for your business in exchange for compensation when the banner ad produces a desired effect such as generating website traffic or generating a sale. The terms of these agreements are determined beforehand and are generally based on a scale of pay per impression, pay per click or pay per sale or lead.

Now that you understand what banner ads are, it is also important to understand how they can be overused and appear to be spam. Judiciously placing your banner ad on a few websites which are likely to attract an audience similar to your target audience is smart marketing, placing your banner ad on any website which will display the ad regardless of the target audience can be construed as spam. Internet users who feel as though your banner ads are everywhere they turn will not likely take your business seriously and are not likely to purchase products or services from you as a result of your banner ads.

Email campaigns can also be very useful tools in the industry of Internet marketing. These campaigns may involve sending periodic e-newsletters filled with information as well as advertisements, short, informative email courses or emails offering discounts on products and services. Loyal customers who opt into your email list will likely not view these emails as spam and may purchase additional products and services from your business as a result of this marketing strategy. Additionally, potential customers who have specifically requested additional information on your products and services will also find this type of marketing to be useful. However, email recipients who did not request information are likely to view your emails as spam. Harvesting email addresses in a deceptive manner and using these addresses to send out mass emails will likely always be considered to be spam.

Finally, message boards provide an excellent opportunity for business owners to obtain some free advertising where it will be noticed by members of the target audience. If the products and services you offer appeal to a specific niche, it is worthwhile to join message boards and online forums related to your industry of choice. Here you will find a large population of Internet users who may have an interest in your products. You might consider including a link to your business in your signature or posting the link when it is applicable to the conversation. However, care should be taken to carefully review the message board guidelines to ensure you are not doing anything inappropriate. This technique is smart marketing. Conversely, replying to every message with a link to your website when it is not relevant to the conversation is likely to be construed as spam by other members. Once they begin to view your posts as spam, they are not likely to visit your website via the links you post.