06 February 2008

Crime-fighting organisation using criminal methods?

There is a crime-fighting outfit called eBlockwatch which has a web site and sends out warnings of criminal activity in one's neighbourhood.

It seems, on the surface, to be a good and public-spirited thing to do.

The only problem I have with it is that emails that come from them produce more warnings of fraudulent activity and threats to my computer than anything else. Even messages from obvious scammers and spammers don't produce as many warnings.

So I ask myself why an ostensibly crime-fighting outfit would persist in using methods used by scammers and distributors of viruses and malware?

The latest message I got from them produced the following warning:
MailScanner has detected a possible fraud attempt from
"www.eblockwatch.co.za" claiming to be SAFindit.co.za
And every message from them causes the following message to pop up in my reader:
Message contains potentially dangerous "Lazy HTML" data

This message contains data that includes references to items that are not present on your computer -- typically graphics or frames stored on a remote system on the Internet and accessed using HTTP URLs.

This type of message, called "Lazy HTML" can represent a privacy or security risk, for the following reasons:

* It can be used to gain information about you without your knowledge, including the fact that you read the message, when you read it, how often you read it, whether or not you forwarded it, your computer's IP address and more.

*It can be used to download unauthorised programs to your computer. This is a common vector of attack for viruses and Trojan horses.

Pegasus Mail protects you *completely* from any problems associated with this kind of data, because it never downloads remote-linked items by default. A side-effect of this is that that remote-linked graphics in the message will display as grey boxes in the Pegasus Mail message reader.

I suppose I could always turn that warning off, but the warning is there for a purpose, and I still wonder why a supposed crime-fighting organisation persists in sending messages that trigger such a warning in the first place. It seems counter-productive, and makes one doubt their bona fides.

MailScanner has detected a possible fraud attempt from "www.eblockwatch.co.za" claiming to be SAFindit.co.za

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.


Related Posts with Thumbnails