Email spammers/scammers are masters of the well worn “carrot or stick” school of motivation. They seem to bounce from “this is what you’ll get” versus, “this is what you’ll lose” – with some regularity.
Some samples of each motivational technique taken from my spam honeypot Gmail account in the last few days.
It`s Kerri again. Will you ever contact me?
I made those nude pictures especially for you and I won’t write to you again!
If you wanna see them just drop me a line at – – – – – – –
and the following heavily edited example.
Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire by August 20th you will only need to pay $150 instead of $420 saving you $270 So if you pay before August 20th, 2011 you save $270.
Oh yeah, don’t forget to send us your name/address; sex/age; cell number; and – a scanned copy of your driver’s license.
Yes, I’ll get right on that
Both of the above are just too preposterous to be taken seriously. Although, as difficult as it is to believe, there are those who are laughably loony enough to respond.
The stick is a little different, and a good example of this is the various forms of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.
Unaware webmail users are much more likely to respond to the threat of losing their email privileges than you might imagine. If the notice looks convincing enough (and, they often do), some Gmail users are bound to be taken in.
If you expand this graphic to its original size, you’ll notice the sender is googleemail.com – close, but no cigar. As well, if you’re a WOT (Web of Trust) user, you’ll see that WOT has cleared the “Sign in” link as being safe.
A rather confusing mixed message. Googlee is not Google, but WOT marks the link as safe.
Unfortunately, this “green light” is a shortcoming in WOT’s reputation assessment since the rating reflects the reputation of the the principal domain, and not a subdomain – which, in this case, the link resolves to.
Sadly, average users are generally unaware that Gmail provides a simple tool to view message headers which contain tracking information for an individual email.
In this case, checking the headers (as shown in the following screen capture) reveals this email actually came from prajim.siaminterhost.com – obviously, not Google.
Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fall for this type of crafty scam, are often redirected to a forged version of Gmail’s login page where they can happily provided the requested information.
Advice worth repeating:
If you have any doubts about the legitimacy of any email message, or its attachment, delete it.
Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.
It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.
If you have a webmail account other than Gmail, check out this page for instructions on finding headers for your specific provider.
Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.
Here’s what you can do to protect yourself and stop fraudsters:
Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.
Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.
Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.
Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.
Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.
If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.
If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at firstname.lastname@example.org. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Every Good Story Needs a Villain!
This is a guest post by Paul Eckstrom, a technology wizard and the owner of Aplus Computer Aid in Menlo Park, California.
Paul adds a nice humorous touch to serious computer technology issues. Why not pay a visit to his Blog Tech–for Everyone.
This story opens gently enough. It begins with a friendly and helpful Comment posted on a friendly and helpful blog.
Someone had written to share “the results of their work”, which he said “solved his security problems.” He was talking about viruses and spyware, and other malware, and he said his method “covers 99.8%! of all known threats.” He posted his advice/Comment on an article about How To prevent the dangers posed by spyware (and also warns about “rogue” anti-spyware programs). He signed himself “Spycrasher”.
So far, this all sounds pretty good, doesn’t it? 99.8% effective certainly sounds good.
As you have probably deduced, Dear Reader, the “friendly and helpful blog” in question was this one. Tech–for Everyone, like most blogs, provides readers the opportunity to respond, ask a question, or just “put in their two cents”, simply by clicking on “Comments” at the bottom of the article. And also like most blogs, I have the ability to “moderate” which comments get posted and which don’t– for instance, Comments containing offensive language will not be published. Spycrasher’s 99.8%- effective security solution will NOT be seen here.
But.. maybe you’re a little curious as to what it was. And.. maybe, why I deleted it. (Take another peek at today’s title..) “Spycrasher’s” comment said to use three particular anti-spyware programs– in tandem– and he provided download links. (This, alone, triggers red flags.) He mentioned two tools I was not familiar with, and one rather well-known program.
* Hyperlinks are always suspicious (and blocked as a matter of policy), and the first thing I checked was, did the links point to legitimate websites..? Or would clicking on them take you to a poisoned webpage (which could infect your machine) or a pharming site.
No problem there. The links he provided did indeed point to real websites.
* The next thing was to check out the unknown programs themselves. No self-respecting and legitimate tech writer will advocate something they have not used, and tested, themselves. Period.
In my initial research of the first program (XoftSpy-SE), I found a wide range of reviews and comments.. from “this is rogue” to “this is the best thing since sliced bread”, and I learned that the program was “for pay”.
I don’t promote “for pay” software here (but do provide a daily free download), nor, even potentially rogue app’s; and so I stopped right there. I would not allow Spycrasher’s Comment.
· Being the gentleman that I am, I decided to write Spycrasher and thank him for his submission, and explain why I had moderated it. But before I did, I wanted to get a feel for where he was coming from.. so I ran a Whois on his IP…
Now, I gotta tell you.. it is very rare for ARIN to come back with a “no match found”. Very, very strange.
So I traced him.
New York >London >Amsterdam >Berlin >Warsaw…
And then he disappears into a virtual private network somewhere in the Ukraine.
* So I used a search engine to find instances of the word “Spycrasher”… and he came up a lot. Spycrasher likes to post in various forums. Quite a few of them, actually. Like, practically all of them.
And he posts a lot of Comments there.
* Guess what? They are all identical to the the one he posted (I should say “pasted”) on mine.. right down to the ‘wink’ smiley ;-).
Tip of the day: Be very leery of hyperlinks, folks.. and please understand: not every innocent looking thing you see on the Internet is in fact “friendly and helpful”. There are people whose full-time job it is to try to trick you, and seduce you into doing something you normally wouldn’t.
I am very sad to say.
[note to bloggers/forum moderators/webmasters: you may want to search your published pages for instances of “Spycrasher”, and delete this guy.]
Today’s free link: I am going to repost a program here today, because I have it on every single one of my (Windows) machines, and I think you should too. ThreatFire (originally named “CyberHawk”) is a free, behavior-based anti-malware application. I use it as a supplement to my antivirus and other anti-spyware tools. Heuristic tools like ThreatFire are your only defense against “zero day” exploits.
Copyright 2007-8 © Tech Paul. All rights reserved*
Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Spyware - Adware Protection, Windows Tips and Tools
Tagged as advice, blogging, comment, computers, Ex-Soviet, hackers, internet, junk, mail, PC, Phishing, rogue anti-spyware, scam, scammers, security, spam, Spycrasher, tech, Windows