Oct 14

How to Spot Spam or Phishing

How To Spot Spam Or Phishing

A few years ago, my wife and I were visiting her grandmother. While there, her aunt started to tell me about a recent incident that involved “hackers” gaining access to her email account.

The conversation was brutal, and it went something like this:

Her: So I got an email that said my password was invalid, and that I had to confirm it.
Me: Um… I hope you didn…
Her: So I clicked the link, and typed in my password
Me: Oh dear God, why did you…
Her: And then that night I got a call from [relative], asking if I was OK, and where I was at.
Me: Yeah, you were…
Her: Of course I’m OK, why wouldn’t I be? Well, [relative] said they got an email stating I was traveling abroad, got injured, and was now stranded in a hotel and needed some money western unioned.
Me: Ok, so how can I help?
Her: So I called the police, since I was hacked
Me: Um, what did the police…
Her: They said they couldn’t help me, and I’d have to contact my mail provider
Me: Ok…
Her: So I called up [Internet Service Provider], and spent two hours on the phone with them, just for them to tell me that they don’t host [Free Email Provider].
Me: Yeah…
Her: Why don’t they host [Free Email Provider]?
Me: They’re two different…
Her: Well anyway, I can’t believe my account got hacked, and [Internet Service Provider] isn’t willing to do anything about it. This is just ridiculous. And the police didn’t even want to help either.
Me: …
Her: So my question is how could these guys hack my account? Is [Internet Service Provider] / [Free Email Provider] not safe anymore?
Me: No, they’re fine. You gave them your password when you clicked on the link.
Her: Well, I thought something was funny, since it didn’t ask me to change my password. But how did they hack my account?
Me: You gave it to them.
Her: How?
Me: You typed it into their webpage.
Her: But that was [Free Email Provider]’s page.
Me: No, you were “phished”
Her: What is fishing?
Me: They sent out some bait through email, and you bit… Hook, line and sinker. You gave them your account information.
Her: But how?

It was at this point that I realized I probably wasn’t getting anywhere, but being appealing to my wife’s aunt was probably better than being an arrogant and pompous jerk-face. So I did the best I could to leave.

The point of this whole post is to help show you ways in which you should probably have your spidey-senses going off and use a little bit of caution when confronted with the situation.

So as I was clearing out my spam folder from one of my own [Free Email Providers], I saw the above pictured email from “Facebook”. I usually stop to take a pause, as my facebook account is connected to this account. Usually, whenever I see something from banks that I don’t do business with, I KNOW that it’s not for me. But in this scenario I have to take a second.

The big thing that popped up right away was the grammar. Notice that no where in the subject line was there a capital letter. None.

Then, the big “lol” give away. Now, I know that Mark Zuckerburg is a young entrepreneur, but I still doubt that he would be fine with something from his security team having the phrase “did you forget your password or something lol”.

So tip number one. Whenever you see bad grammar and internet lingo, you’re probably in for a ride at your expense.

Let’s suppose that you happened to open the email. There are usually one of two scenarios that can happen.

The first scenario is something that is off-topic from the subject line, and a reason why I will always either change the subject, or start a new thread when I feel that the contents of the email has changed from it’s original purpose.

This one happened to be an ad for webcam chats by being a “person” that accentuated a set of large breasts, a large butt, and an itty bitty waist. Sorry spammers, but I’m married and aren’t interested.

So the next tip is to see if the subject and message body coincide. They don’t have to, but it’s generally a good rule of thumb.

The related tip is also “If it’s too good to be true, it probably is.”

There are a handful of good dating websites out there. If you’re in the market, you should do your research and find one that’s best for you. It’s highly unlikely that some random “good looking” stranger is going to email you, and you’ll hit it off. It’s a spammer, and they want your credit card info.

If it’s a pill being advertised, maybe you should take a closer look at your health. I’m a big proponent of homeopathic remedies, and often times it can come down to diet, exercise and sleep. Now, I don’t do this well, but I’m not blaming the snack food industry for me putting a family size bag of deliciousness into my shopping cart. I know it’s not good for me to consume it in one sitting, but I do it anyway. That’s my issue, not theirs. But I digress. You can usually find a way to “cure” your symptom by getting rid of the toxins in your life. So just do it, and be happier and healthier for it. Your wife and waist line will love you for it.

The second scenario is usually an email with an image only. If you have the ability to do disable images from un-verified senders, you should do so. A reputable email will have text based contents in the message, whereas a spam message will have the text embedded on an image. It’s much more difficult for the spam filters to catch these.

So the next tip is to be wary of image only emails.

Many major providers are being targeted recently, so if you bank, shop or use a popular service, just know that you’ll probably see some phishing attempts around these guys. Many of them will say on their official sites that they will never ask you for your password. So, any time you give it, have your spidey senses alert, and be sure it’s appropriate.

And finally, I highly recommend having a few email accounts. One for personal, one for professional, and one for newsletters / spam catching. This will help flag any unwarranted emails from entering where you know you shouldn’t be getting any. This goes against an Inbox Zero approach, but using some gmail features, it can essentially accomplish the same basic thing.

I hope this has helped you out. I’ve been using these methods for over 12 years, and it has served me well. I hope you can do the same starting now.

RJ

Jun 20

Invalid Verizon Wireless Bill – Phishing Scam

Hello,

You are no doubtedly here because you clicked a link in an email in regards to something about your verizon bill.

This was a phishing attempt, and was thwarted (hopefully) before too many people got caught.

At about 12:45pm EST, I received a phone call from the Titan America Help Desk, informing me of the offense. Unfortunately, that only gave me 15 minutes to find the issue and thwart it, as I had an important client meeting to get to.

I was not able to find the problem within this time frame, as it wasn’t visible in the WordPress utility. During the meeting, however, I thought of another way this could be occurring. Once the meeting was over, I verified that it was indeed the cause, and removed access to it.

Somehow, and I’ll be investigating how for a little bit, 2 files were created on my server in the root directory. Both of them were identical. The root file was “wless.html” (how you got here), and the other was “zion.html”. The zion file had zero access permissions, which leads me to believe it’s the master copy.

The HTML file contained a basic (ugly) layout, but quite an advanced javascript algorithm that loaded an iframe element into the code. This, no doubt, would have made it appear that I was behind the phishing attack.

Let me assure you that I was not.

I have reported back to the representative who contacted me about the issue, and hopefully he was able to stop it at the root.

You’re safe for the moment, but please use caution when dealing with sensitive information.

You can read about how to detect and prevent phishing scams in the future.

So, take a deep breath and hold it… hold it… keep holding it… and exhale. You can relax.

Stay cool in this warm weather. And if you’re in need of some cool shades, check out these really cool and popular Wayfarer Sunglasses by Ray Ban.

Ray Ban Wayfarer Sunglasses