Today, we mark another notch in the spam-fighting belt: we’re making it possible for all Google Apps customers to sign their outgoing messages with DKIM, so their sent mail is less likely to get caught up in recipients’ spam filters. Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost. Once again, the power of the cloud has made it possible for us to bring this feature to millions of customers quickly and affordably.

Screenshot of the e-mail signing DKIM technology used in Google Apps:

Now, Google Apps users or administrators can enable the DKIM signing via the Advanced Tools tab on the control panel.

Btw, Google has also added an option for Google Apps administrators to specify and put certain restrictions on who users can send/receive emails and create specific policies for different user groups. This is useful for businesses, non-profit organizations and schools who use Google Apps to handle their e-mail accounts and keep users safe from unwanted email interaction from outsiders or malicious users.

Anyone tried or are using the new e-mail signing feature for your Google Apps account? What other features or options should Google add to help prevent or fight spam and phishing? Please share your thoughts.

[image source: Official Gmail Blog]

I received an interesting email earlier today from the PinoyBlogosphere mailing list. It was from a blogger named Louie and it was about an email he supposedly received from his hosting provider BlueHost asking him to update his account to avoid suspension. As soon as I saw the subject of the email, I knew it was something phishy. Here’s the email:

Dear Customer,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information.

Please update and verify your information by clicking the link below:

http://www.bluehost.com/

If your account information is not updated within 48 hours then your ability to access your account will become restricted.

© 2003-2009 BlueHost.Com. All Rights Reserved

Designated trademarks and brands are the property of their respective owners.

When I hovered my mouse of the link http://www.bluehost.com, the URL it was pointing to was not Bluehost’s URL but instead a domain with a ru extension – http://www.uralitel.ru//img/bluehost.htm. My suspicions were correct, this was a phishing email trying to get BlueHost customers to login to this phishing site and provide their login details. Phishers usually use scare tactics to trick potential victims. In this particular email, they try to scare the user with the subject line “Update Your Account To Avoid Suspension”.

Below are screenshots of the original Bluehost website and the bogus phishing site.

BlueHost website

Phishing website

The phishing site seems to have some issues with the images but as you can see, it was designed to look exactly the same as the real BlueHost website to fool potential victims and make them think they’re really logging in to BlueHost.

If you’re currently a BlueHost customer, be careful of this certain email. I’m sure Louie is not the only BlueHost client who received or will be receiving this email. Phishing emails are very common nowadays and I receive a lot of them supposedly from PayPal, Amazon, eBay, etc and turn out to be a phishing email.

As a safe practice, in case you receive an email from your hosting provider or any site that asks you to update your account details or login via a link on the email, DO NOT click on the URL/link provided in the email. Instead, open your browser and type in the URL yourself and login from there. Its always good to practice safe computing and always better to be safe than sorry. Btw, in case you accidentally logged in to the phishing site with your account details, inform the legit site about it and if possible, ask them to change all your account details, especially the username and password to avoid your account being compromised.

I’m blogging about this to spread awareness regarding this type of phishing emails and so that BlueHost clients and other hosting provider’s clients would be more careful when dealing with these types of emails.

Anyone who’s on BlueHost and have received this email recently? Were you able to detect that it was a phishing email?

[image credit: Stephanie Creelman]

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

The ones I get on my inbox are usually a message from someone on my friend list who obviously got their accounts hacked. The usual subject would be “Wow” or “Cool” and the message would contain a sentence or two and a URL. I never click on it and delete it right away. Here’s an example:

Phishing message

Phishing comment disquised as an adult chat/webcam site

Phishing comment disguised as a YouTube video.

The last one, the phishing comment disguised as an embedded YouTube video if clicked would bring you to login2.friendjster.com, a phishing site pretending to be Friendster’s login page. If the unsuspecting user visits the site and provides his/her email address and password, that information would be used by the phishers to gain access to these Friendster accounts. I’m not sure about this, but according to some Friendster users some of this spam/phishing comments don’t even require the user to provide the login details of the account. All the user has to do is click on the comments and everyone on that person’s list of friends would receive the same spam/phishing comment on their profiles sent by the unsuspecting user.

I’m pretty sure the staff of Friendster are already aware of this but I don’t know what fixes or preventive measures they’ve done to fight this type of phishing scam. There is a way to prevent the further spread of these phishing scam comments and it involves a little bit of common sense and some preventive measures on the user’s part. When you receive a message containing a URL or link on your Friendster messages, never click on them even if they were sent by your friends or family members. If you want to be sure, send them a message asking if they were really the ones who sent it to you.

These phishers (people behind these phishing scam) are smart and they send these phishing comments to people listed as friends of the compromised account because it would look less suspicious since the one who sent it was a friend. They also know that most Friendster accounts are set to automatically accept messages and comments from friends or people connected to them in the third degree. What I did on my account was to moderate comments. So everytime someone tries to leave a comment on my profile, I’ll have to approve it first before it shows up on my profile. That way, if its a spam or phishing comment, it won’t automatically show up on my profile and no one will see it or click on it.

I’ve also deleted all these phishing comments from my profile so that people who visit my profile won’t be tricked or fall victim to this scam. I’ve seen lots of Friendster accounts that still have these phishing comments and as long as they’re there, the chances of someone getting fooled into clicking those links would be higher and the more people who fall victim to this scam, the more it will spread. So if you have a Friendster account, go through your profile and delete all phishing comments.

Other preventive measures to keep your Friendster or any social network account safe are:
1. Use a strong password (at least 8 characters and combination of numbers, letters and symbols).
2. Change your password often.
3. Never post your email address on your profile.

Remember folks, always practice safe computing because it’s always better to be safe than sorry!

For those of you who have Friendster accounts, have you received these type of phishing messages and comments? Did you click on them or was tempted to click on it? I’m sure a lot of guys were tempted to click on the second one with the sexy girl on a webcam. LOL Anyways, if you know of other information regarding these Friendster phishing scam or know of other preventive measures, please share it with us.

Thanks for your time and have a nice day!

This is the second time I received a phishing email that’s pretending to be from PayPal. The first one was also flagged by Gmail and I immediately knew it was fraudulent because in the message, it says that my account was opened in 2001 when in fact I only created my PayPal account early this year.

See the screencap of the actual email after the jump.

This latest email is more deceiving than the previous one. It provides tips on how to protect your PayPal account, increase security and protect your password. It even tries to use scare tactics with this message at the bottom of the email:

If this situation is not solved in the next 24 hours your account will be permanently suspended.

It’s a good thing that Gmail has a very good spam and phishing filtering system and this email was immediately flagged and sent to the spam folder. I also make it a habit not to click on URLs on emails especially if I’m not sure about the source/sender. If you receive something like this or an email that asks you to click on a link and login to your bank account with your username and password, NEVER do it! If you want to check and make sure, open a new window or tab and type in the address of the site and then login. That way, you can be sure that you opened the right URL and that you logged in to the right website.

Have you received the same email or maybe something similar to it? What did you do? Have you or someone you know been deceived or victimized by a phishing email? Share your thoughts!