Category Archives: Security

Spam Anatomy

I received an email today that I thought would be a good way to illustrate some of the ways that spam works. I took a screen shot of the email.

Hello, We discovered your internet site pelluciddesign.com and so I would privately wish to invite you to test our new program build to help individuals like yourself gain additional earnings online. Keep this top secret, this is developing a MAJOR stur inside the ‘make money’ community… We’re not charging anything, simply follow the link below to look at our online video and begin producing the cash you know you deserve! [LINK] Sincerely, Fred

 

Here are clues that tell me this is spam:

  1. “We discovered your internet site…” Odd language.
  2.  “Keep this top secret…” This should raise red flags. If they really have a product that can make money, it wouldn’t be secret.
  3. “A MAJOR stur…” Spelling errors make me suspicious.
  4. “The ‘make money’ community…” Oddly ambiguous. More odd language.
  5. “We’re not charging anything…” Then it’s too good to be true. If they really have a product that can make money, it wouldn’t be free.
  6. “Simply follow the link…” This is always to call to action. They want you to click on the link. But the link will take you to a place where either your computer will get a virus, or they can find more information they can use from your computer.

Do not be suckered in. Delete the email immediately. Don’t even look at it!

Advertisements

Don’t Be a Victim of Phishing Scams

Phishing is the attempt to acquire sensitive information by pretending to be a familiar or trustworthy source in an email. Fraudulent emails from popular sites like banks, online payment processors, and IT administrators are commonly used to lure unsuspecting victims.

Essentially, phishing is an information-gathering technique that isn’t necessarily damaging in and of itself. However, when unsuspecting victims provide bits of information, a savvy criminal can piece them together to gain access to areas and information that are private.

Phishing techniques

Spear phishing – Attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success.

Clone phishing – An attack whereby a legitimate and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling – Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.

What should you look for?

  • Be wary of emails from unknown sources. If you can’t recall having given your email to the company claiming to need more information, there is a good chance it is a phishing scam.

  • If the list of recipients (To: line) is very large or undisclosed, the email is likely a scam.

  • If the email is coming from your own email address (From: line), it’s time to change your password because someone is using your name and email to lure others into providing more information.

  • Links that are misspelled or not quite right are a telltale sign

  • If an email contains an attachment that you weren’t expecting, do not open it. It may contain a virus.

A Smart Consumer of Digital Information does the following:

  • Deletes suspicious emails

  • Does not open unexpected email attachments

  • Does not click on links in suspicious emails. Links can be doctored or spoofed to look legitimate. If you must go to the website, open a new window and type in the URL then navigate to the page with the information you are looking for.

Is it worth it to be so cautious?

Absolutely. What’s at stake is the integrity of your data and your identity. When it comes to keeping your digital data safe, you can never be too cautious.