Action plan for remedying/alleviating email hijacking/id theft of my domain - NAVAL POSTGRADUATE SCHOOL THESIS - gigj.com

GIGJ.COM
welcome to my space

Welcome to:gigj.com

gigj.com

HOME

HOME

Action plan for remedying/alleviating email hijacking/id theft of my domain

Published by: webmaster 2010-03-14

I need an action plan for handling the hijacking/identity theft of my email address to send globally directed spam. Luckily I do not use this particular address much. However, I do not want to be on the receiving end of any nastyness that will result from the activities of these jerks. The plan should be written at the level of someone who has written web pages in the past, but who has been away a few years. For instance, I do not know anything about the various private bodies that try to fight this sort of thing or might be around to help. I am now receiving email bounces, and nastygrams from innoncent people who were spammed by these hijacker spammers. My (innocent) domain is gosolveit.com and is for the most part inactive. This is sadly, probably part of how you get chosen for this nastyness. The only things I know about the spammers are: * they want to sell lists of leads (e.g. spam lists) * they want people to call 1-512-970-8607 to buy their garbage Clearly, I also need to know something of who these people are and to whom I should complain (State DA, FTC). Comments or help from the other google readers are appreciated, but please do not do anything that would cause additional difficulties.

NAVAL POSTGRADUATE SCHOOL THESIS::
File Format: PDF/Adobe Acrobat - View as HTMLNeushul’s thesis work in action, note the tiling and the The fear of Identity Theft has discouraged lots of users from using many aspects
http://stinet.dtic.mil/cgi-bin/GetTRDoc?AD=ADA473985&Location=U2&doc=GetTRDoc.pdfHOME

Meeting Law Enforcement‘s Responsibilities::
File Format: PDF/Adobe Acrobat - View as HTMLidentity theft, sexual exploitation and pornography. drastic disciplinary action then it might otherwise, because it can no longer alleviate problems
http://www.neiassociates.org/seriousissues.pdfHOME

I think you are on the right track, though I'm not sure that spam ads with my name forged as the sender deserves any kind of privacy protection on my part. I'm willing to use any data that I may have to determine a source for the spam. The problem, of course, is that the domain is not hosted in any professional sense and the mail forwarding service I use does not seem to preserve headers. This leaves us with the phone number supplied in the ads, and any header info in the bounce messages, as means for identitfying the culprits for further action. Is there any reason to believe the phone number isn't somehow stolen or forwarded through various anonymizing devices, too? For the person who suggested nothing could be done... that is always an option, though not always the best option. If confronted by other spam victims, I would like to be able to claim that I researched this problem and did what I could.

Luckily my domain parking provider let me put up a warning message. This message can now be seen at http://www.gosolveit.com though it is unclear whether it could be made clearer. I wonder if this is sufficient to let others know that I am not the source of this garbage.

This is a variant on the above, which worked for me when my domain was hijacked this way. I wrote a polite e-mail to the ISP requesting his cooperation in preparation of a legal action against the spammer. Abuse stopped.

Dr. Brewer, Your question was initially locked by a special Google Answers robot which flags and locks questions based upon certain word and phrase criteria. The question has -just- been released to the Research community as available for answer. I am working on optimal phrasing for your parking page, which I can post very shortly as an Answer, along with the immediate steps that should be taken to halt further events. I have had firsthand experience with this type of e-mail incident/event, however, several years back. I will follow up with a complete action plan within a few hours, however, I want to verify that the steps I recommend are still "best practice." Is this acceptable? --larre-ga

John Aycock 'Computer Viruses and Malware' (VX heavens)::
A payload, which is an action to perform. The payload can be anything, Internet identity theft threatens to be the next crime wave to hit Britain.
http://vx.netlux.org/lib/mja01.htmlHOME

This sounds ok. I am able to have about 250 chars in the free text on the domain page and I do not want to setup a fuller page just for this incident. I am also able to use an autoreplier for email. I am able to specify triggers for when to email the autoreply, based on from/to/subject/body. If you send email to any address at the domain, e.g. help@gosolveit.com, youll get the current autoreply. I am especially interested in making sure that I am not the one sued for the spam or any ripoffs these scammers may perpetrate. Of course, you can't guarantee that but there ought to be a way to register the problem. But who knows.

The unfortunate fact is that there is nothing you can do, at least technically, to prevent someone from using any e-mail address as an identity. Once a spammer know that an e-mail address exists, the best you can hope for is to discourage the spammer by threatening legal action.

This has been going on, I think, for about 3 days now. So, a few more hours probably won't hurt. Please try to summarize various courses of action in sequence, One of my goals in paying $50 for advice is to try to save some time as well as headaches further down the road.

For your Parking page - Our domain has been the victim of identity theft by email spammers. If you've received one of these emails, please accept our apologies. Please do not reply to the email. This just verifies your active email address to the spammers, and overwhelms our mailbox. For more info you may write newemailaddress@yourdomain.com. You'd, of course, give a new e-mail address, with an autoresponder explaining and apologizing in greater detail. With the constraints you've mentioned, I think you'd be better served by an answer from another researcher. My suggestions for handling the event involve collecting and tracing email headers and preventing further abuse by DNS reconfiguration of your e-mail, and other practices that are generally employed by webmasters of operational sites. Due to new privacy laws and concerns, you'd need permission from the senders to use their email headers for tracing or reporting purposes without their consent. My suggestions would not be most appropriate in your case. In order to best answer the query about reporting agencies, it would be useful to know your state. Spam laws vary by jurisdiction. I will release the lock and open the question to the entire researcher pool. --l