Protect Email Addresses on Websites

To build up lists of email addresses that can be sold to spammers and scammers, hackers run software that scans websites and looks for email addresses.

This is called email harvesting and is done on a huge scale.

The hackers typically scan websites, mailing lists, internet forums, social media platforms and anywhere else they can find email addresses online.

The characteristic format for an email address is so it is simple for email harvesters to read web pages and look for the @ symbol as it seldom occurs anywhere on webpages except in an email address.

The harvesters can also check for unusual variations on that theme e.g. User[at] or User[AT]domain[DOT]com

How to Protect Email Addresses

There are a series of steps you can take to protect any email addresses on your website from being harvested. These range from the simple to seriously complex and which method you should use depends on how much of a problem you have with harvesting.

Method 1 – Replacing the email address with a picture showing the email address

Method 2 – Separate the Email Address From the Website

The email address can be in a redirect statement

Method 3 – Mask the Email Address

This can be done by using HTML encoding e.g. using @ replaces the @ sign.

All characters can be encoded in this manner which makes the address difficult for the harvesters to find.

Method 4 – Use Javascript

The address can be divided into several parts that are dynamically composed by the browser when the website is called up.

Method 5 – Use a Captcha

A CAPTCHA is a type of challenge–response test you can add to a website page to ensure it is being read by a person not by software.

These have become very common on many websites so most people are used to them now.

Method 6 – Use a Contact Form

Instead of posting an e-mail address on a web page, create a contact form. This can capture more information in a structured manner from the user and lets you hide the email address in a separate script file.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Email Delivery Failure Scam

If you address an email to a non-existent address then you will get a genuine email delivery failure message in return.

That will make sense as you had previously sent out the message that failed.

Usually it just means a spelling mistake but can mean the recipient has deleted that email address or simply that their email mailbox is full.

However, you may also get such delivery failure messages about messages that you didn’t send.

These are usually phishing scam messages and there will be an attachment to download (filled with malware) or a link to click to get you to input your login and password.

These failure message usually have large chunks of technical gobbledegook such as

host []

Delay reason: SMTP error from remote mail server after pipelined MAIL FROM:<> SIZE=6745:

421 4.7.0 [TSS04] Messages from temporarily deferred due to user complaints –; see

The messages sometimes do not say the message has been rejected, but that it has been delayed or is held in a queue. Makes no difference – it’s just a scam.

Do not click anything or download anything from such email messages.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

– Stupidest Spam of the Week Dracula’s Secret

There are endless scam messages selling herbal remedies that don’t really exist, magic elixirs that cure all common ailments and long forgotten remedies that cure cancer, diabetes and other long term potentially fatal health problems.

This latest one seems to have been written by an idiot.

“If you want to prevent or stop dementia and memory problems, then try this delicious breakfast drink”.

It will reduce your risk of dementia by 86%”.

So far so far common to many of these scams, then comes the kicker.

This secret and many more were in a secret manuscript locked up in the Vatican and it is Dracula’s Royal Secret”. “It must be God sent”. “Solves your memory problems in days”.


No. I don’t think so.

Just rubbish for really really stupid people.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

US Catches Scammers on Instagram

Olalekan Jacob Ponle, known as “mrwoodbery” to his Instagram followers, flaunted his wealth, including a new Lamborghini he had in Dubai.

He was arrested by Dubai Police for alleged money laundering and cyber fraud.

A number of African criminals were caught in the dramatic operation, including 37-year-old Ramon Olorunwa Abbas, “hushpuppi” or just “hush” as he was known by his 2.4 million Instagram followers.

Police in the emirate say they recovered $40m in cash, 13 luxury cars worth $6.8m, 21 computers, 47 smartphones and the addresses of nearly two million alleged victims.

Mr Abbas and Mr Ponle were both extradited to the US and charged in a Chicago court with conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from cybercrimes.

It is a spectacular crash for the two Nigerian men who extensively documented their high-flying lifestyle on social media, raising questions about the sources of their wealth.

They unwittingly provided crucial information about their identities and activities for American detectives with their Instagram and Snapchat posts.

Business Email Compromise Scam

The criminals used various scams including the 419 Advance Fee scam but the most lucrative was Business Email Compormise.

They are accused of impersonating legitimate employees of various US and tricking the recipients into transferring millions of dollars into their own accounts.

In one case, a foreign financial institution allegedly lost $14.7m in a cyber-heist where the money ended up in hushpuppi’s bank accounts in multiple countries.

The FBI affidavit alleges that he was involved in a scheme to steal $124m from an unnamed English Premier League team.

“The scammer would gather contextual details, as they watched the legitimate email flow,” explains Crane Hassold, Agari’s senior director of threat research.

“The bad actor would redirect emails to the bad actor’s email account, craft emails to the customer that looked like they are coming from the vendor, indicate that the ‘vendor’ had a new bank account, provide ‘updated’ bank account information and the money would be gone, at that point.”

They try to convince a recipient to wire money to the other side of the world or they go “phishing”, stealing a user’s identity and personal information for fraud.

Over Confidence

On Instagram, hushpuppi said he was a real estate developer, but the “houses” he talked about were actually codewords for bank accounts used to receive proceeds of a fraudulent scheme.

In April, hushpuppi renewed his lease for another year at the exclusive Palazzo Versace apartments in Dubai under his real name and phone number.

The FBI obtained records from his Google, Apple iCloud, Instagram and Snapchat accounts which allegedly contained banking information, passports, communication with conspirators and records of wire transfers.

I expect their many victims would be pleased for the criminals to rot in jail for a very long time.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Google Play Store Hidden Adverts

Researchers from Avast issued a warning about 47 apps they had found on Google Play Store that are disguised as games but contain adware.

Adware is a type of malicious software that inundates you with incessant pop-ups and messages, such as


These APPS are not malicious, but include adware technology that the user does not know about and is used by spammers and scammers to target people. This can result in your smartphone being overloaded with intrusive and sometimes unpleasant adverts.

Besides being annoying, adware can track the websites you visit and access your personal information,.

These apps had already been downloaded more than 15 million times when found by AVAST.

Avast has provided some tips to help you spot malicious apps:

  1. Carefully check the permissions the app requests before installing it. See what the app is asking to access. If it’s asking for data it should not need, consider this a red flag
  2. Read the privacy policy and the terms and conditions. Most people never do, but you can miss key points on what the APP does if you do not read these.
  3. Read the user reviews and if there’s anything worrying or too many bad reviews then consider dumping the APP.
  4. Install strong anti-malware on your device so that adware and other malicious apps are automatically blocked.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature