The Web For Business.com Blog

Internet marketing observations, perspectives, tips and tricks for your education and enlightenment.


Spam, Spam, Spam, Spam

Mark Kawabe - Friday, May 15, 2015

The Canadian Anti-Spam Law (CASL) was implemented on July 1, 2014. CASL is designed to reduce spam messages received by Canadians. It has been effective - in a surprising way.

Cloudmark is a San Franciso-based email security company. They released a Security Threat Report for the first quarter of 2015 and their numbers demonstrate that CASL's been effective. Canadian spam that was directed toward American recipients dropped by 37 percent post-CASL. Email to Canadians dropped by 29 percent overall. What was surprising though was that the change in the amount of spam email received by Canadians was not significant.

One explanation is that most spam that originates in Canada is sent to American recipients while most spam Canadians receive originates in the United States. While email Canadians receive has dropped by 29 percent, that seems to be due to a decline in legitimate email messages being sent. As an overall percentage, spam has increased for Canadians from 16.5 to 16.6 percent.

As expected, spammers from outside Canada are ignoring CASL. However, email senders who are within CASL's jurisdiction are paying attention. The first major fine against a Canadian company was against Compu-Finder, a Quebec company that received a $1.1 million penalty in March of 2015 for four violations of the act. The second fine was levied against the company that runs the Plenty Of Fish dating site. Their penalty was $48,000, largely surmised to be because they took immediate action to comply with CASL while Compu-Finder did not.

So for Canadians, we're still getting spammed under CASL. That's no surprise. At The Web For Business.com, we are constantly looking at ways to reduce the spam that reaches our servers. Our spam filtering services are updated daily with new filters but stuff still makes it though. Ensuring your own email software's spam filtering is turned on is still a good idea to reduce spam even further.

Hopefully the war on spam will eventually be won. In the meantime, please be vigilant. Here are a few tips on how to avoid getting "phished".

  • Avoid clicking on suspicious links in email messages.
  • It's generally safe to ignore email messages purportedly sent by your bank, PayPal or Apple.
  • Resist opening attachments you weren't expecting unless you know and trust the source - and even then, it's safer to ask.
  • Watch our video on how to avoid phishing scams

As always, if you have any questions on spam or suspicious emails, please contact me and I can help you spot the frauds that arrive in your inbox.

5 Ways to Identify a Phishing Attempt

Mark Kawabe - Thursday, October 02, 2014

Wondering whether that email's legitimate?Have you heard of phishing?

You've probably received an email purporting to be from your bank, or PayPal, or some other institution asking you to verify your personal information. How can you tell whether this is a legitimate email or not?

Here are a few simple tests.

1. The "Really?" Factor

Do you honestly believe your bank, or American Express, or PayPal or any other reputable institution use email as the sole method of contacting you about a security breach?

They don't, so right away, you can pretty much discount anything you receive of this nature. But if you're not sure, keep going. There's more!

2. The "Hover" Test

Often there will be links to a website for you to click on. Hover your mouse cursor over each link. Look for ones that do not go to the website of the institution you're dealing with. If the email is from PayPal, EVERY link should point to Paypal.com in some form or other.

Don't be fooled by an address that says https://paypal.com.securessl-server.ru

A proper URL to PayPal will have a / after the paypal.com part of the address. Most of the time, some links will be legitimate but there will always be at least one link (the one they want you to click on) that will take you somewhere you don't want to go.

3. Check Spelling and Grammar

I recently saw an email that had a subject line as follows:

"Re; Payp[al: Your account has been limited until we hear from you"

The rest of the message had spelling and grammar errors as well. Large companies like PayPal wouldn't send out an email with egregious spelling and grammatical errors. They just don't, so if you see even ONE error, assume it's a phishing attempt.

4. The Correlation Test

If you receive an email from a bank or credit card company talking about online fraud, check out that company's website. The fraud message you received by email should also be on their site. If it's not, the message on your screen is probably phony.

5. The Common Sense Test

If you received an email from a bank you don't even deal with, it's probably a phishing attempt. Banks you don't deal with don't randomly contact you asking you to verify your contact information. My bank hardly contacts me at all. Why would one I don't even deal with start sending me messages now? It doesn't make sense.

Phishing attempts are geared to play upon your fears and ignorance. By reading this, I hope you will be more able to easily spot phishing attempts. Don't click a link in an email unless you're sure it's a legitimate message from a company you currently deal with.