I suspect that we’ve all sent emails that have been bounced back to us as “undeliverable” – for any one of hundreds of possible mail server errors (you might be surprised to learn that there are 850+ possible error messages). The most common error? We’ve used an incorrect email address.
In most circumstances (if you’re aware that you did send the bounced email), it’s safe to open the undeliverable notice. But, and this is a big BUT – if you didn’t sent it – DON”T click on it –DON”T open it! Especially if you’re required to open an attachment to view the details. An attachment virtually guaranteed to contain malware designed to hijack your email account.
You might think that this sort of thing couldn’t happen to you. But, don’t be so sure – a moments inattention can be all it takes.
Here’s an example forwarded to me, just a few days ago, by a regular reader who is a very astute user. A reader who’s extremely conscious of system security, and Internet safety. He and I correspond frequently on security related issues, and I can easily say – he knows his stuff.
I just had an email account hijacked because I sent an email to a legitimate web site and immediately received one of those undeliverable messages (Damein something?). Anyway, I clicked on it to see if I sent the email to the correct address. Shortly thereafter, someone took control of my contact list and sent emails out with a link on them.
Of course, I changed my password and deleted my contact’s list. I am no longer keeping a contact list on my email programs, as the first thing they do is take control of one’s contact list.
I’ll point out, that the most common reason (but, not the only one), you’re likely to receive an infected bounce back is – your email address has been scooped from an infected machine’s contact list. In other words, someone you know and have exchanged emails with, is infected. The example above, is a perfect illustration of this.
Malware delivery methods are cyclical (everything old is new again), and we’ve seen this threat before. From what I can see, following some investigation – it appears to be making a resurgence. So, when dealing with bounce backs, it’s important that you have a heightened sense of awareness.
You may think that this is an overreaction but, if the bounced email is a personal email – pick up the phone and confirm the address. Having once been a victim of a cyber criminal who hijacked one of my email accounts, I can assure you – it’s a most unpleasant experience.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.