7 Steps Towards Preventing Spam

by

There has been a large uptick in spam emails targeting QuickBooks ProAdvisors lately. I believe this is due to the QuickBooks Find-a-ProAdvisor listing. Even though you have to click on “Show Phone and Email” to display the email address, hackers can easily program a “robot” that uses scripts to click on these links and gather hundreds of email address all at once. Of course, there is nothing stopping a human from clicking on each one to create their own distribution lists.

Here are some ways to prevent spam emails:

  1. Don’t make your email public on the internet. For sites like Intuit’s, send your feedback that you don’t want to have your email address displayed at all, and instead provide an option for users to fill out a contact form. Or at least, give us a choice. Google your email address to find out every website that displays your email address. Some sites have scraped hundreds of email addresses and display them on pages, on which you can click to have them removed. You can even email legitimate companies to see if they can remove you from their pages’ listings. I didn’t realize that I had authorized a listing of my company’s info a long time ago on a tax website until I contacted them, which they were happy to remove.  
  2. Don’t make your email address scannable. Use javascript or an image file on your website instead of displaying your email address. Better yet, use a contact form that the user has to fill out in addition to a CAPTCHA, a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. However, be careful using plugins. I was using one for Wordpress that hackers were even able to break into and redirect my website recently. They must have been mad at me for not displaying my actual email address.  
  3. Don’t use your email address as your username for website logins. Usernames are almost always public. And if your email address is public anyway, it is only a matter of time before hackers figure out what services are tied to your username. Tied to a weak password, even more sensitive information could be hacked. Don’t use any words in a password. It take a computer only minutes to go through every word in the dictionary to start cracking a password. Use only random letters, capitals, special characters, and especially spaces. Hackers tend not to test spaces. And the longer the password, the stronger.  
  4. Use a separate email address to identify and report spam. Create an alternate email account for friends, signing up for offers online, and subscribing to newsletters, etc. Friends are notorious for “CC’ing” their whole list of friends to send out funny pictures or hoax articles. And then one day, you are notified by one of these copied “friends” that their email was hacked and now the hackers have your email address too. Have your emails forwarded from your alternate account to your main email address so that you don’t have to check multiple email accounts. And then when you start receiving spam, you can identify the source and then delete your alternate account if it gets too bad.  
  5. Never respond to spam. Replying or clicking “Unsubscribe” will only generate more spam, as doing so will only validate your email address. Especially when your email address ends with one of the known providers like @yahoo.com or @gmail.com, it doesn’t take much for computers to generate all the possible combinations to create a huge distribution list that gets emailed out, waiting only for a response from those that are valid. A clue will be “undisclosed recipients” instead of your email address in the “To” field of a received spam email.  
  6. Report and block spam. Most spam messages are filtered and sent to a spam folder with services like Gmail and Yahoo, especially when the reply to address doesn’t match the originating domain. In Outlook, you can add senders and domains to a blocked list via the Junk E-mail menu under Actions. Before you delete spam, forward the email to spam@uce.gov. This goes to the Federal Trade Commission that investigates and fines spam emailers. Or you can use a premium service like www.SpamCop.net that will report spam to the originating internet service provider. Unfortunately, it doesn’t take much for hackers to change or “mask” their IP address or create a new email address with another service provider to circumvent these measures.  
  7. Don’t talk to strangers. Finally, heed what your parents told you not to do when you were a kid. Don’t accept friend requests on Facebook or add people that want to connect with you on LinkedIn that you don’t know. It’s great to get to know new people, and online forums, groups, and other social media outlets can be an excellent way to start connections. Do a web search of the site to see what information is displayed publicly and check their spam and privacy policies before joining and sharing any sensitive personal information.

Brett Barry, Owner, Go Get Geek!, is an Advanced Certified QuickBooks ProAdvisor and Advanced Certified Method CRM Consultant with expertise in Quicken, Fishbowl, Payroll and eCommerce who solves computer and network issues.