Outlook 2007 does a good job of letting you know when you receive emails that look suspicious. Here’s a couple of things I immediately look for in a seemingly weird or unexpected email.

1.) Is there an attachment? Anytime I receive an email with an attachment I’m always leery of the file. Even if it’s from someone I know. If I didn’t expect it, I usually don’t ever open it.

2.) Be aware of patterns. Does the "sender" normally contact you by email? Do they ever send you a file via email? In the case of the email above from Microsoft, Microsoft wouldn’t email you a file, they almost exclusively provide files for download from their website specifically.

3.) Look for actual link targets in email. Any links in the body of the message, hover over it and look at the tooltip or status bar to see where the link is really pointing. In my opinion, if it’s to an IP address or an uncommon domain name or top level domain, don’t click the link!

That’s my trio of email triage questions I work through with suspicious emails. They’ve protected me for quite some time. Hopefully they’ll be helpful to you as well.

Image: screenshot of email received in Outlook 2007

Post from: EveryJoe

Paying Attention to Tricky Email Phishing Scams

As you can see from the image above which is a screen capture from my email Inbox, everything looks normal and appropriate and legitimate right? However, if you hover your mouse over the links you’ll see that the link is actually going to direct you to a bogus website that’s been setup to collect your information. I’m sure if you went to the site (which I don’t recommend and which is why I’m not even typing the URL you’ll see) it would look just like the PayPal website too.

If you look at the code behind the email in your Inbox, which Outlook automatically displays for Junk Mail, we can see in the image below the bogus links much more clearly.

The lesson here is that before you go clicking on links in emails. Take a minute to hover over them before clicking and just make sure they’re going to take you to the place you’re expecting to go. Otherwise, you’ll end up in a place where you really don’t want to be.

Post from: EveryJoe

E-mail Security with Phishing Scams

The Google Enterprise Mail is apparently a much-in-demand service too and it has a Google Enterprise “spam squad” who welcome spam so as to analyze and counter them. Nearly a month after the new year started, they have posted a retrospective post “2008: The Year in Spam” which you may go through if you have time. Otherwise this summary will suffice.

Closing the McColo Network culled spam by 70% in Nov, 2008, but it has been growing at a rate of 156% ever since. The highest spam last year, however, was on April 23rd, where one undisclosed customer reported receiving 100 emails per minute per user. The unsurprising bad news is that, “All indicators suggest this trend (read increase) will continue as virus, malware, and link-based attacks become both more frequent and more ingenious.” Sigh.

What I observed in my inbox is backed by the report as another growing trend: “emailing spoofed news alerts with URLs that would link to a website hosting the virus.”

Watch out and defend yourself.

Post from: EveryJoe

From Those Who Welcome Spam

Here are three problems all twitter users are likely to face on Twitter:

Phishing: Twittersphere is abuzz with tweets about phishing, which prompted me to make this post. There is a phishing attack spreading across Twitter at this moment. It began with what is being called “DM Deception”. User A receives a direct message from User B asking them to check out some URL. You know what happens next. I didn’t face this yet, but I have seen compromised accounts among my followers tweeting messages like, “Check out this cute pic of yours, LOL…” with another URL.

If you suspect that you may have become a victim to a phishing attack, change your password immediately. If it is beyond salvation, bite the bullet and report the user as malicious. Twitter has so far been quick at suspending suspicious users.

Shortening URLs: I am not complaining but I expected this to be more rampant than what it is now. More URL shorteners like TinyURL, Tr.im, Snurl are crowding because of the growth of Twitter. A long URL is shortened to take fewer characters so that it can be shared through tweets. The trouble is that you have no idea about what you are clicking at. It could very well be some link spreading malware. What makes this worse is that these shortened URLs are too similar to be distinguished or remembered; you could click on the same bad link twice on your bad day.

A solution is to enable the preview feature. Tinyurl, e.g., provides a cool preview feature which when enabled shows what the URL redirects to (the original URL that was shortened) and then asks you whether you want to proceed to that site. I wish that all URL shorteners implement the feature.

Twitter Apps: Hundreds of apps are being developed around Twitter. Take a look at this list of Twitter Clients being used and you will know. All these expect your Twitter username and password to login. You might come across a new app that asks you to enter your Twitter username and password to be able to use it, and what if it steals your username and password? This might seem far-fetched but I don’t see why it can’t be done.

I tend to give any new app a day or so before using it, and I keep my ears open to listen to the grapevine until then. When my work depends on trying such apps I try it with a secondary account first.

As of now, I believe that the elite Twitter users are more prone to these attacks and have more to lose. That said, having started using Twitter only a couple of months ago, I find it immensely useful and would like to be prepared to face all possible annoyances. So what other problems do you think we might face?

Post from: EveryJoe

3 Problems We Will Face on Twitter

First thumb rule is to keep your mouse away or tie your fingers from accidentally clicking on the links within the message or downloading the attachment.

Second thumb rule for any kind of spam (apart from cheesy forwards, I guess) is: DO NOT REPLY. Not even if they ask you to click “Unsubscribe” or reply back with that keyword in the subject.

Third thumb rule is to click “Report Spam” or some equivalent button provided by the mail service provider. This enables the service provider to take automated actions in identifying future spam from the same source, curbing it or at least sending it to the Spam folder instead of your inbox.

If you come across what seems to be a particularly malicious spam mail, you can help further by forwarding it to spam@uce.gov. The Federal Trade Commission uses the spam stored in their database to pursue law enforcement actions against people who send deceptive email.
Here is a little more unsolicited advice for tackling specific kinds of spam mail:

Forwards: Sharing interesting things that we’ve come across online is being increasingly done using social bookmarking tools. However, forwarding some messages or for that matter even addressing a large group is inevitable. Cleaning the previous headers containing scores of lines of unknown email addresses and headers, and using the BCC column while forwarding to your own contacts are two invaluable pieces of the same cake.

Phishing: If you’re really tempted by a mail from what claims to be your bank, open the official bank website directly and try navigating from the home page to this page. If the website doesn’t contain the link you’re looking for, it is not worth it.

For News, Offers and Porn, trust Google to provide the latest information.

For Personals, get offline.

Post from: EveryJoe

Three Thumb Rules to Defend Yourself Against Spam

Man has known spam for as long as he has known God. Probably even before scams in the name of religion began, spam did in the form of sermons. Before we get into a circular debate about religion, let us first talk about spam in general. I predict that the world will soon witness spam awareness campaigns like AIDS awareness campaigns, and with good reason.

Here are the most common types of spam we get in our mail boxes.

Forwards: …Microsoft agreed to pay $1 for every 100 people this mail reaches. Please forward to all your friends…
Chain mails are now so old that after hundreds of funny chain mails mocking other chain mails, they are slowly decreasing. We are getting used to other easier ways of sharing interesting online material through social bookmarking tools. A malware-carrying chain mail is still disruptive, and sometimes destructive, because most forwards come from close contacts.

Gifts: We are pleased to inform you that… Congratulations!!! To begin your claim processing process…
The Nigerian Scam is a synecdoche fast becoming synonymous to advance-fee fraud. A mail about you getting lucky with a large lottery, or becoming a benefactor of a big bequest, or being chosen by the President himself to channel offshore funds from a soldier back into the economy just in time for the bailout. Just in time. The catch is that you should pay the bank or the corrupt bureaucracy a small fee for the funds to be released. Quick. Perhaps this is the most-studied and most well-known spam, rather scam, and I still read about people falling prey to this every now and then. This is what made me take up this common topic.

News: Click link to watch President-elect Obama’s victory speech.
This is increasingly becoming a formidable form of spam potent enough to wreck your PC with a single click. Remember the Bush-killed-Obama spam?

Offers: Uncensored Internet Television Now Available.
Offers to enlarge equipment, offers to buy drugs without prescriptions nor taxes, offers to buy novelty goods for nickles. Weeks before Thanksgiving is when this kind of spam increases. If shopping is a woman’s sport, I wonder why there aren’t as much spam targetting women. Are they missing something? Or do they believe that men are innately more stupid? Never mind.

Personals: Find true love on Christian Dating.
These are heartfelt imaginary love letters written by mushy members of the spam industry. They have a beginning, a middle, and you get to write the end. Again, I’ve seen them being targeted on the male audience (and the lesbians). Are they secretly more lachrymose?

Phishing: Please log into your bank accout and confirm the transaction.
Phishing is often clubbed with news for better results. A day after news about troubles in Wachovia Bank broke out, I received a mail from the bank with some links and directions. I didn’t go through it, because I don’t hold an account in Wachovia, but I’m sure it had been imaginatively written persuading me to login and perhaps transfer my money to some other safer and numerologically lucky numbered account.

Porn: So do you want to see me $#*!$@?
Funny how many fall trap to the stupidest spam. Porn is allegedly the single largest category on the web and also the single largest virus carrier.

As a conventional blogger who religiously follows spam I have to write this: If you don’t bookmark or forward or share this article with at least thirteen others, your PC will automatically reboot seven times today.

It will, anyway. Keep watching this space for ways to defend yourself against spam.

Post from: EveryJoe

Types of Spam Mail