Your Page Has Been Disabled: Meta Security Team Scam

Meta Security Team Scam

Cybercriminals are constantly devising new strategies to exploit users on social media platforms and online business tools. One of the latest tactics that has gained significant attention is the “Your Page Has Been Disabled” message, purportedly from the Meta Security Team. This deceptive scheme specifically targets users of the Meta Business Suite, attempting to extract sensitive information by masquerading as a legitimate security alert. This scam is particularly insidious as it targets Facebook (Meta) page owners, both individuals and company/brand page admins, exploiting their fears and vulnerabilities through notifications about their page’s supposed suspension.


Top 10 Email Scams & Phishing Schemes

Email scams

Email scams have been around since the early days of cybercrime and remain a prevalent threat today. Cybercriminals see this type of fraud as a lucrative opportunity to steal money or personal information from unsuspecting victims. They may use various tactics, such as identity theft or spyware, to gain access to sensitive information.

To protect yourself from email scams, it’s essential to learn how to recognize the most common types. Being vigilant and keeping an eye out for suspicious activity can also help you avoid falling victim to these scams. Here are five of the most common email scams to watch out for:


How to find people that are spamming you?

Here is a simple trick that I use when adding my email to newsletters to find out if people are selling my data or if they’re adding me to other lists I didn’t subscribe to. Let’s find out who’s spamming you.

Find out if people are selling my data

If you’re like me, you use Gmail as your personal inbox, and your Gmail might look a little something like mine. I have 35,000 unread emails in my personal Gmail account. And the reason why is you sign up for one email newsletter and sure you want it, but it seems like you sign up for one email newsletter, they might sell it to something else. Like, how am I on the New Yorker’s list? I don’t even know what that is. Well, I mean, it’s a magazine, but why would I be on that list? 1-800 contacts, Cameo, John Paul II High School. My high school is chasing me down still via email.

So you’re on all these lists, and you might be suspecting that some of these people might be selling your data. Why is it that sometimes you sign up for one email list and it seems like you’re on 30 or 40 email lists, or maybe you start getting random political emails. I don’t know where. I’ve been getting a lot of emails from Republican candidates and Democrat candidates, and I don’t know where they’re getting my email from. Well, here is exactly how to do it.


Lemon_Duck coin miner gets a Linux exploitation functionality

The cryptocurrency mining malware called Lemon_Duck got an overhaul to extend its reach and exhibit more sophisticated properties.

Lemon_Duck Monero miner operators are refining their tactics

After the facelift, the threat can plague Linux servers through SSH brute force incursions, contaminate Windows computers via SMBGhost flaw, and poison Redis as well as Hadoop servers.

Discovered by cybersecurity firm Trend Micro in 2019, Lemon_Duck focuses on compromising enterprise networks. It gains a foothold in corporate environments by brute-forcing MS SQL access credentials or via the notorious EternalBlue exploit that piggybacks on the Server Message Block (SMB) communication protocol. Having infiltrated a vulnerable device, the malicious code downloads a copy of the XMRig Monero CPU miner that parasitizes the machine’s resources to mine cryptocurrency.


Update: Spam sending IP addresses over time

Data through May 23rd, 2012

Data through May 23rd, 2012

Passive Spam Block List (PSBL) is a real-time trap-based DNSBL operated by Red Hat kernel engineer Rik van Riel. It uses the Open Source Spamikaze in order to build and deploy an IP-based blacklist of spam sending offenders. RCVD_IN_PSBL has been default in Spamassassin as of version 3.3.0 released in early 2010. PSBL receives millions of spam every day, and after taking some safety precautions, it lists the sending IP addresses. Then various organizations can download that list via rsync or query its public servers via DNS. Accidental listings can be removed at any time through the self-serve interface at PSBL.org.  Otherwise, if an IP address does not send spam to PSBL within 2 weeks, then it is expired and no longer blacklisted.

Rik van Riel wrote:

A lot of the variation in PSBL zone size seems to be due to both random variations in spam volume, as well as law enforcement shutting down botnets. Whenever a big botnet has been shut down, spam activity tends to be noticably less than before. I expect email spam is down simply because the spammers have also found alternative ways to spam, eg. click hijacking and sharing of spam material through social media.

This is an update to a similar chart from last year.


Chart: Spam Sending IP Addresses over Time

Passive Spam Block List or PSBL is a real-time trap-based DNSBL operated by Red Hat kernel engineer Rik van Riel. It uses the Open Source Spamikaze in order to build and deploy an IP-based blacklist of spam sending offenders. PSBL is one of the safest DNSBL’s, and has been default in Spamassassin as of version 3.3.0 released in early 2010.

PSBL receives millions of spam every day, and after taking some safety precautions, it lists the sending IP addresses. Then various organizations can download that list via rsync or query its public servers via DNS.  Accidental listings can be removed at any time through the self-serve interface at PSBL.org. Otherwise, if an IP address does not send spam to PSBL within 2 weeks, then it is expired and no longer blacklisted.

PSBL Chart 01/08/2011


Why run your own DNS server? (Spamassassin)

If you have a sizable quantity of mail delivery, like greater than 20k messages per day, you are advised to run your own caching DNS server as it benefits your Spamassassin deployment in both speed and reliability. This article describes why it is important to operate your own local caching DNS resolver, and how to enable it on your server.


SEM rules mistakenly enabled again

UPDATE 6/29/2011: If you run sa-update now, it should pick up 1140482 or later and fix this issue.

Due to a bug in the rule auto-promotion system, SEM rules were again mistakenly pushed to the active rules, causing a flood of unexpected DNS queries to this service provider.  A very similar issue happened back in March 2011. Upstream spamassassin needs to make an emergency sa-update rule update to correct this situation. Meanwhile, all spamassassin admins should mitigate this issue by adding the following workaround to their local.cf then restarting their spamd.

score T_RCVD_IN_SEMBLACK    0
score T_URIBL_SEM           0
score T_URIBL_SEM_FRESH     0
score T_URIBL_SEM_FRESH_10  0
score T_URIBL_SEM_FRESH_15  0
score T_URIBL_SEM_RED       0

Apache Spamassassin 3.3.2 Released

Today was the official release of Apache Spamassassin 3.3.2. The primary purpose of this minor release is to fix compatibility with perl-5.12+, but numerous other bugs were fixed. I made these RPM’s for EL5 and EL6 that I personally have been using in production for weeks. Fedora 14 and 15 updates should be hitting mirrors shortly.

After you have upgraded your Spamassassin, read the SpamTips.org Ultimate Setup Guide to learn how to maximize your Spamassassin deployment effectiveness. Spamassassin sysadmins may be interested in subscribing to this announce-only newsletter where you will occasionally receive important news relevant to your deployment.


DNSBL Safety Report 5/14/2011

SpamTips.org occasionally looks at the results of Spamassassin’s nightly masscheck at RuleQA in order to analyze the performance and safety of add-on DNSBL’s.  It is vitally important to know how a DNSBL is performing before adding it to your Spamassassin custom rules.  Our analysis demonstrates that raw detection numbers alone can be misleading, as ham safety ratings and overlaps with other rules must be taken into consideration before you decide to use a particular add-on rule.

Today’s report shows some big changes since our previous report from January 2011 where some previously good rules have turned bad. Examined below are Hostkarma, SpamEatingMonkey, Tiopan, UCEProtect, Mailspike, Nix Spam and Lashback UBL.  Recommended scores below are what I personally use in production.