Tag Archives: online

Ahhhh! We’re Sending Out Spam

In true UE form, the following is what the UE Staff learned when we realized that one of our email accounts was sending out spam.

As we continue to learn the ins-and-outs of managing a community-run volunteer website, we’ve come across another fascinating aspect of being an online entity: becoming the victims of a joe job / spoofing attack.

A couple months ago, our Twitter account tweeted out a spam link. We changed all our passwords and double-checked all our other accounts: everything was fine. Then, a few days later, we found an email in the spam folder of one of our accounts from ourselves with a spam link! WTF? That was accompanied by several “mail delivery messages” (also in our spam folder) that our email had labeled with a warning, “This is a fake ‘bounce’ reply to a message you didn’t actually send.”

Okay, but if we didn’t send any messages, then why did some people in our contacts—including us—receive an email?!

Sure, we’ve all seen some form of these spam emails from friends, family members, coworkers, etc. Most likely, you assume they accidentally clicked on a bad link that compromised their account, you make sure not to click the link, delete, move on, and be happy it was not your account. But what if it was your account…?  Well, then, you promptly freak out.

After updating everyone with access to this email and changing all our passwords again, we started our Sherlocking.

First question: Were we hacked? Nope. We were not hacked. At the time, the majority of the members of our staff had access to this particular account so, of course, we were worried someone had been sloppy with the password. But, thankfully, most email clients (like Gmail) actually track every IP address that accesses your email (and the location, web browser, and computer type being used by said IP address.) We were able to verify every single log-in to the infected account in the last month. Not to mention we also checked all of its email history: not a single unidentifiable email was sent from the account. Just to be safe, we still changed the password (again) and deleted all its contacts. We are not ones to mess around with security!

So, if we weren’t sending it, where the frak was it coming from? According to those receiving our emails, the spam emails were being flagged in their inboxes (or were being automatically moved to their spam boxes), because the emails were not actually coming from our servers. That’s also why all record of any of this happening was in our spam box. When we investigated the headers of the spam message, we discovered that they were actually coming from an IP address originating in Kyrgystan. Awesome.

Then, we learned that a joe job is when a spamming company uses your email as a front to send out a bunch of gross links.  One great analogy we ran across explained it like this: spoofing is comparable to someone sending a letter via snail mail, but they wrote your residence as the “return address” in the top left corner instead of their own. This makes the spammy email look like it’s coming from us, when we actually had nothing to do with it.

What do we think caused this? Either someone on the staff was logged into the infected email and accidentally clicked on something, or they were using a computer compromised with spyware, malware, or a virus. We had everyone who had access to the account run scans, and we did find some spyware on one staffer’s computer—we think it was probably the culprit. Either way, the spammers were able to commandeer our address book and thus send out the spam.

So what happened? Unfortunately, there is not much you can do to stave off a joe job except wait for the spammers to move on to a new victim. Fortunately, most email clients either rejected the emails outright, warned that they were not from us, or moved the emails immediately into everyone’s spam folders so they didn’t even notice. We apologized, we ignored, and we hoped it would go away soon. Thankfully, it did. In the end, the whole ordeal lasted less than a week and, from what we could tell, most of the emails were bounced back before they were delivered. We decided not to send out a mass email about the whole thing, for fear of potentially adding to the number of emails, so we wrote this article instead.  The most important thing to know should this happen to you is to remind everyone not to click on the links. If no one clicks, you aren’t profitable to the spammers, and they will move on.

The silver lining?  We’re a little bit more enlightened this week, and we hope we’ve enlightened you a bit on the wonderful world of spoofing. Also, if could be worse: AOL literally sent out zombie spam that same week…

Extra credit: Why is it called a joe job? Well, this is a terrifying account of what happens when someone purposefully uses your domain to sabotage your business and email as a spammer. This did not happen to us. Not that that’s going to help us sleep tonight.

Have a wonderful, spam-less week!

Photo by Gali Levi-McClure

Photo by Gali Levi-McClure

The Best Places for Getting Fancy Online

The internet! The greatest invention ever? If you are a shopping maven, for sure! But at the same time, the Internet can sometimes be just too big to find exactly what you want to wear.  Yes there are the typical flash sale sites like Gilt or RueLaLa.  Or the standard online retailers like Shopbop, Net-A-Porter, or Piperlime. We aren’t going to talk about those though.

Don’t get me wrong, they are great sites. I just find them so overstuffed with subscribers that it’s hard to get something I want there in the size or the color I covet. That said, I still hit them up for holiday gift ideas, but I like to think bigger when it comes to adding that pop of color I need.

Online Garage Sales

Let’s put it this way: if you tend to fall into one of two extremes when it comes to sizing (small feet or giant feet for example), eBay is a really good place for you. You can find shoes, bags, and more. These are often used or vintage but for a great price. Do you have to be wary of knock offs? Yes. Can you return things? Not usually. But I know most of the people my age wearing Louboutins are getting them used with a few scratches on the soles via eBay.

Online Consignment Stores

On the other hand, if you do want to pay a little extra to make sure your Chanel is legit, try The Real Real. This online consignment shop inspects all their items before putting them up for sale. They have great curators, a handbag sale every week, and so. many. shoes. WARNING! This is a dangerous website. No, seriously—I have had to unsubscribe from their email list because I’ve found myself coming up with reasons why I absolutely needed to buy a red carpet Alexander McQueen gown. That said, if you just check it out every once and a while, you can get really good deals (especially on shoes)! (I might have a shoe problem. Obviously, I have no idea what you’re talking about.)

Polyvore

Confession: I’m still not 100% how to use Polyvore. It’s a very powerful tool that allows bloggers/fashionistas/future Martha Stewarts to make collages out of their favorite items. But the best part is that you can click on the items on someone’s collage and it takes you to the site where you can buy it! How awesome! Polyvore can also be used to explore “red trenchcoats” or “pointy toes navy heels” and help you, as a consumer, find different sites to purchase these items. I’ve definitely used Polyvore to help me with DIY Carmen San Diego and Oswin Oswald costumes for next year.

Go Overseas

Sometimes the best way to get great deals is to go overseas! If you don’t know where to start, check out sites like Dorothy Perkins (a UK retailer à la H&M or Topshop) and Yoox.com (an Italian mail-order company). Some like Dorothy have cute, inexpensive dresses, sweaters etc. I like them because their palette and sizing generally is complimentary with my figure. Yoox.com is a really confusing online shopping black hole. No seriously, I had to go actually look up “how to navigate Yoox” while writing this because there is just so much stuff on there. But it has everything and at the best prices. For example, right now they have some $4,000 Balmain dresses and some discounted Alexander McQueen gowns (that I totally need at age 26, right? ) Since they are an Italian company, they have direct relationships with those showrooms, so this is a good bet if you like Dolce & Gabbana.

The con is that you have to then pay to ship your stuff from god-knows-where and it’s a lot of money to return things. But if you pull together 2-4 friends and put in a big order, you can split the shipping.

Another con is that some deals are actually too good to be true. If you find yourself buying an item for a ridiculous discount, take a look around the site. Is there a customer service number? Call it. Make sure it’s a real person. There are tons of web scammers out there who build legit enough looking shopping sites, take your money, and never ship your goods.

Rent It!

If you always need to be up-to-date or if you feel like you keep getting invited to special occasion after special occasion, consider renting your pieces. If I want a work-appropriate Tory Burch bag for spring, I can rent it for $75/month from Bag Borrow Steal or if I have to work or attend a black tie event, I can rent an evening gown from Rent the Runway. It’s pretty cool because usually they send one size up or down so you don’t order the wrong size and find out it doesn’t fit the day before. The bad news is that I find a lot of their styles a little prom-y, overly sexy, or all kind of the same.

Facebook

Do you have a seriously fashionable friend? Or a friend of friend? This isn’t exactly “online,” but I know some serious fashionistas who clean out their closet every 4-6 months with an online garage sale. For example, one girl at my university would sell designer stuff at a big discount just to always be in season. She needed to excise the old trends to get the new ones and would do so by selling off designer items for $40-100. Some were barely used, but only the lucky few people who wore her size could take part.

Whether you’re updating your own wardrobe, hunting down the perfect piece, or fulfilling the addictions of your shopaholic boss, these are all very, very dangerous places… but also the best places to get styles online! (I’m serious about The Real Real… No, I can’t afford you, Jimmy Choo’s, but you are 50% off!)

Just be sure to step away from the computer for a bit before clicking “Submit Order.”

Photo by Andy Sutterfield

Photo by Andy Sutterfield