The breach occurred through Epsilon, the firm each of the companies used to manage their e-mail communication with customers.

Chances are good that if you’ve corresponded with any of the companies, you’ll see phishing e-mails in your inbox. They’ll likely be messages for you to confirm a recent order, or reconfirm or update a credit card.

By this time in your computing career, I feel safe saying you’re sophisticated enough not to be suckered in by phishing e-mails. But I’ll play it safe: If the e-mail looks authentic and asks you to click a link to go to the company’s site, don’t do it. Instead, type the company’s URL into your browser’s navigation field to go to the site.

There’s nothing you can do to prevent a third party from exposing your e-mail address. But there’s a handy trick to monitor if a company you’ve given an e-mail address to is using it to spam you. And then block it so you’ll never see it again.

A Nifty Spam Tracking Trick

Start using e-mail addresses that are specially — and easily — coded. Create a new one for everything you sign up for, things like newsletters, banking, coupon sites — whatever. If you receive an e-mail from that address with anything other than what you asked for, you’ll know the company’s been breached — or is selling your e-mail address to spammers.

The technique is called plus addressing and the trick is to create an e-mail with an extra character between the real e-mail address and the @ sign and domain. Don’t fret, it’s easy to understand.

Many ISPs let you do plus addressing, but I’ll use Gmail to describe how it works.

Let’s say your Gmail address is computeruser@gmail.com (and for the reasons I’ll explain in a minute, you ought to use Gmail). When you sign up for a newsletter, say, SuperUser, use computeruser+superuser@gmail.com. Banking with Chase? computeruser+chase@gmail.com. Got the idea?

Use a throwaway e-mail.

Gmail understands what you’re doing and the e-mail still lands in your inbox.

However, if you get something other than the newsletter at that address, you can stop it in its tracks. Just create a filter in Gmail (yep, I’ll get to that, too) that automatically deletes anything from computeruser+superuser@gmail.com and you’ll never see it again.

Of course, once you filter that specific address into the trash, you won’t see either the spam or the newsletter. If you still want the newsletter delivered, create a new plus address and resubscribe.

Besides Gmail, I’ve tested plus addressing with EarthLink and Yahoo (they use a hyphen — computeruser-superuser@yahoo.com instead of the plus sign). Neither MSN nor AOL is smart enough to use it; experiment with your ISP to see if it works.

Why You Need a Free Gmail Account

I use Gmail to sign up for newsletters and other sites using plus addressing because I don’t to use my real, permanent EarthLink or TechBite address. In my tests, Gmail does a remarkable job capturing and eliminating spam, with few false positives.

I have Gmail forward the mail to my EarthLink account (From Mail Settings, Forwarding and POP/IMAP). I think of it as washing my e-mail through Gmail. (Yes, I know, there’s MailWasher and dozens of other apps; my focus is to reduce spam without cluttering up the system tray.)

I encourage you to open a Gmail account and play around with it, if for nothing more than having one spot to manage all your newsletter and non-critical e-mail subscriptions.

Create a Gmail Filter

If you’re using Gmail — or thinking about it — you’ll need to know the bare minimum about filtering.

The first time you receive a spam by way of a plus-addressed message in Gmail, open it and click on the down arrow next to Reply and then click Filter messages like this. (One annoyance: Gmail doesn’t show the entire coded e-mail unless you open the e-mail and click on show details.)

Click here to create the Gmail filter.

When the Filter settings appear, enter the plus address into the To: field (make sure all the other fields are empty) and click Test Search to try it out. Click Next Step and check the Delete it box.

Add your plus address to the filter.

We’re never going to get rid of spam, that’s clear. But this is a clever way of tracking — and removing it.

[This post is excerpted from Steve's TechBite newsletter. If you liked it, head here to sign up--it's delivered on Wednesdays to your inbox, and it's free.]

Facebook assumed they were doing Facebook Page administrators a favor when they added the option to “Use Facebook as Page.” This meant that customized Facebook pages could Like, post, and comment around the site just as regular profile users do.

It didn’t take long for spammers to realizes by using their page as a profile and “Liking” others’ pages, they could spread their message and elude the Facebook police.

It works like this: If you Like a post on someone’s Facebook page, your user name automatically links back to your page or profile. While you can ban users for posting spam on your wall and delete the offending posts or comments, you can’t automatically banish someone for Liking one of your posts on your profile or page. You can’t even unlike their Like. You have to report the user as a spambot, then wait for Facebook’s administrators to deal with them.

Not that we’re encouraging anyone, but there’s another method to use Like spam. ReadWriteWeb showed how easy it is to create your own Like button for your Facebook page that surreptitiously causes the user to Like another page they’ve never visited. University of Michigan computer science Ph.D. candidate Arnab Nandi explained that by tricking someone into Liking a page, you automatically place a link to the other page in that user’s Newsfeed. Since the average Facebook user has about 130 friends, the spammer’s message reaches a fair lot of people without minimal effort. Even worse, since it looks like the original poster approved of the spammer’s venture through their Like, their friends are more likely (no pun intended, really) to check it out.

Facebook recently added new spam prevention measures like hiding posts with suspicious links and turning the text in questionable posts grey so that page administrators can quickly identify problems. But since the two Like spam methods above are relatively new, it’s carte blanche for enterprising “Like” spammers.

We’re pretty sure Facebook’s working on a fix. Then again, we’re sure spammers are devising new ways to annoy us, too.

(This post republished from Techland.)

Wallace allegedly accessed Facebook accounts without obtaining permission, and used them to make bogus wall posts and spam the account holders’  friends. Those actions run afoul of the CAN-SPAM Act of 2003, which sets guidelines for commercial e-mails, which are enforced by the Federal Trade Commission (FTC).

Wallace is best known for his e-mail marketing company Cyber Promotions, which was at one time the largest source of unsolicited e-mail in the world. In the proceeding years, another Wallace venture called SmartBOT faced FTC action for infecting computers with spyware.

Facebook believes that the judgment will help put spammers out of business. “We’re confident that today’s ruling will act as a powerful deterrent against those who would abuse Facebook and its users,” spokesperson Simon Axten said in a statement to the press.

I’d ask Wallace for comment, but I’m hesitant to offer him my e-mail address. Once again, he’s proven himself to be a real class act.

To refresh your memory, a botnet is a group of computers running distributed software to perform tasks such as sending spam or distributing malware. Using botnets for spam could be blamed for the marked increase in spam itself: it now accounts for over 90 percent of all e-mail.

These systems not only send mail directly, but have also figured out ways to spam through webmail services, which end up making the messages look more legitimate.

MessageLabs has put a list together of the biggest spammers, and found the biggest target is “Cutwail,” which contributes 45% of all spam. Shutting down a network like that would obviously diminish considerably the amount of spam being sent out.

Indeed, this network was affected by a shutdown of its ISP, but was able to bounce back within hours. The firm says this shows spammers are also becoming more sophisticated in building these networks, ensuring they have backup systems to keep it running.

Other statistics found as part of the study indicated that one out of every 269 emails contained a virus in June. Likewise, one in 280 emails contained a phishing attack.

At that time, anti-spam efforts had reached their peak, along with the convictions and shutdowns of several major spam rings. However, since that time, spammers have regrouped and pushed spam levels to their highest in at least four years.

Even worse? Spam has shot up 5% in just the past month. Whatever these criminals have done, its certainly working very well. Thanks to the lovely anti-spam efforts of Google Apps and Gmail, I haven’t noticed any difference, but I’m sure those less fortunate probably have.

…. Spam, lovely Spam, wonderful Spam ….

Other findings include new efforts by cybercriminals to use established websites to host malware. Such a strategy would make sense, considering how much easier it would be for these folks to spread their wares. They also seem to be working on US schedules, evident by its peak between 9 and 10am, with a drop off overnight.

And if you think CAPTCHA is saving you (or these providers), think again. Spammers and malware purveyors are now making use of CAPTCHA crackers, meaning this line of defense is becoming increasingly useless.

I’ve lost track of how many of them I’ve received, but my blood pressure shoots up every time I answer my phone and discover that it’s not only a robocall, but a lying, cheating robocall. (They’re dialing randomly, of course: My car warranty lapsed long ago, and I’ve heard from friends who don’t have drivers’ licenses who get these spamcalls.) To make matters worse, some of the calls are not from warranty peddlers, but rather from identity thieves.

So it’s heartening to hear (via Daring Fireball) that the FTC is finally cracking down on two companies behind the scam. I don’t, however, understand why it took so long for the agency to take action when this has been going on for eons, or why it’s apparently responding to the fact that New York Senator Charles Schumer received a warranty robocall last week. Thirty thousand Americans who hold no elective office had already griped about the calls–I woulda hoped that the FTC would have stepped in by the time, oh, let’s say the five thousandth complaint had been lodged.

If thirty thousand people were moved to file complaints, who knows how many have received the calls? The two companies the FTC is acting against apparently made $10 million in ill-gotten gains, but their biggest crime may have been wasting untold thousands of hours of time of the people who received the calls and had to listen to ‘em. Even those who, like me, got really good at hanging up three or four words into the recorded scam.

But there’s still a problem.

Web pages aren’t designed for reading, and that’s one of my pleasures: Reading product and movie reviews, for instance, or devouring John McPhee’s lengthy pieces in The New Yorker, or James Fallows (read his old, but still valuable What Was I Thinking? in The Atlantic).

Up until now, I’d click the Print button if the site offered one. Then I discovered Readability, a site that reformats any page of text to conform to your reading style. Set up Readability by choosing a style, font size, and margin width, and then drag the Readability bookmarklet to your browser’s toolbar. The next time you’re on a Web page you want to read, click the Readability link and the transformation happens immediately. (You can get a better idea by watching the video.)

Arc90 calls Readability an experiment. I say it’s a keeper. Get more details at the Readability blog.

Atlantic article before using Readability.

Atlantic article after using Readability.

Reminder Me to Remind You

In a recent newsletter, I wrote about a Web site that calls you with a reminder. Elliot Soloway wrote and said, “Rminder is good, but I don’t want a voice reminder–  want a text message reminder. Anything for me?”

There must be hundreds of text reminding services. They all send text to your cell phone by way of SMS.

Here are some of the reminder services I like. The first three are no-brainers; the last one, ReQall, is a fancier, ersatz secretarial service and demands your cerebral wherewithal.

* TextMemos is quick and easy, but isn’t fancy. Stick in your text reminder, the cell provider, date and time, and away you go.

* BitBomb is similar to TextMemos, but has neater features, such as a calendar to choose the date and time to send a message and a way to set up group messages.

* Call Dial2Do and ask it to send a text message or an e-mail, or post a tweet. Read the FAQ or watch the video for more.

* Get ReQall on the horn to add a To-Do to Outlook or Google’s calendar, get reminders by e-mail or text, or share a reminder with a friend. There are lots more things you can do.

Tool of the Week: Bounce Bully

You say you’re still getting spam? (LOL — dopey question, I know.)

The truth is that bouncing spam back to the creeps who sent it just isn’t worth the trouble. Too often the spammer’s address is bogus–and my guess is they wouldn’t take the time to remove you from their list. (“Oh, my, Steve Bass’s address isn’t working any more. I’ll just spend my time removing it for the dear boy.”)

But what if you have a bozo or two constantly sending you dumber-than-dirt jokes? You know, the kind you didn’t find funny even when you were in the fifth grade.

You could politely ask to be removed from their list. I usually say I use my computer primarily for work; my boss (hey, that’s me!) snoops in my e-mail, and I don’t want to get into trouble.

More fun, though, is to use a program that bounces e-mail back to the putz, showing that your e-mail address no longer exists. And guess what: You can do it with BounceBully. It’s a freebie that takes the e-mail you receive and fires it back with all the right language — saying, essentially, that your e-mail address is no more.

Try it out by sending yourself a test e-mail — copy and paste the mail into BounceBully, hit Send , and see what happens. [Thanks to Brian D.]

Paste the entire message in BounceBully and send it back.

[This post is excerpted from Steve's TechBite newsletter. If you liked it, head here to sign up--it's delivered on Wednesdays to your inbox, and it's free.]

Like the T-List? Read it as a feed.