A Click Away From Malware

2/8/2013 10:31:29 AM

When an innocent looking email is a scam

You receive an email that looks like it came from FedEx. It is attempting to no­tify you that your package was shipped to the wrong address. The subject line reads something like "FedEx tracking" or "FedEx item number." All you need to do to reroute the package is open an attached file (purportedly a shipping form) so you can print it out. This email, however, was not from FedEx, and the attached file was actually malware. It was one of many, sent to entice users into opening the malware laced file that would compromise their computers.

The FedEx scam serves as a real life example of common large scale at­tacks whereby data thieves and mal­ware script writers "go phishing" or use other ploys to trick users into opening a file attachment or clicking a Web link in an email in order to deliver their mal­ware. For the data thief who wants to steal information such as credit card numbers and other personal info, email scams represent an easy way to gain access to PCs and even networks with a low barrier of entry.

All you need to do to reroute the package is open an attached file (purportedly a shipping form) so you can print it out.

All you need to do to reroute the package is open an attached file (purportedly a shipping form) so you can print it out.

Most users know by now to prompt­ly identify messages as spam (click a Spam button, move the message to a spam folder, or take a similar action) when they are obvious scams, such as solicitations to claim money from a Nigerian bank or offers to run free diagnostics tests on their computer. However, attackers are getting craftier and are using more subtle ploys to trick users. Here are some ways to de­termine the difference between ordi­nary email and a con job, especially when attackers do their dirty business in not-so-obvious ways.

Enter your credit card number here

Another scam, similar to the FedEx scam, informed recipients via email that fees must be paid in order to receive a parcel. All the user had to do was enter a credit card number to pay a small fee in order to resolve the matter.

All the user had to do was enter a credit card number to pay a small fee in order to resolve the matter.

All the user had to do was enter a credit card number to pay a small fee in order to resolve the matter.

"With the likes of logistics compa­nies, the message will ask for a parcel number and will then generally state that customs duties or excess postage is required," says Clive Longbottom, an analyst for Quocirca ( "It then asks for credit card de­tails or some such thing."

One rule to take away is to never pay for something on a website that is accessed through a link in an un­solicited email, at least not without checking first. "Either phone the company from a number obtained from their website, not the email or if you know that this sort of payment can be done through their website, go there on your own steam by typing the address into your browser and looking for your consignment details there," Longbottom says.

Don’t trust that sender address

After hijacking an email account, at­tackers will often use the victim's email address to spam contacts and solicit them to click a link or download a file. The scam is crafty since users under­standably think they are receiving an email from someone they know or a co-worker who has a company account.

When this happens, a lack of per­sonalization in the body of the email should raise flags. If the email text be­gins with "Hi" from a friend or "Dear colleague" from a work address, then it is very likely fake. There are other signs to look for that indicate the mes­sage was sent from a compromised email account. "If the email looks as if it is personalized but does not have your name in the 'To' field, then it is bogus. If there are no contact details (a proper name along with a matching email and a telephone number), it is possibly bogus," Longbottom says. "If there is a telephone number provided, dial it; don't say who you are or why you are calling if someone answers, but ask them who they are and who they are representing. If they stumble over responses or cannot answer, the email was bogus."

Many users continue to fall for the "your IT department has identified a problem with your machine" mes­sage, especially when the sender ap­pears to be from within the company, Longbottom says. "These email mes­sages are always scams of some sort. You often download a virus and then have to phone the company concerned and pay to get it removed."

English usage alerts

Unfortunately, the use of poor gram­mar is becoming more prevalent and accepted in business communications. However, there is a big difference be­tween poorly drafted messages and one written in broken English, which often serves as a flag for an illegitimate message, says Joe Malec, a fellow at the ISSA (Information Systems Security Association;

"Messages that contain spelling er­rors, missing words, and logical gaps in reasoning should be treated suspi­ciously," Malec says.

Messages that are designed to look as though they come from a U.S. source, for example, but use British spellings (such as "center" instead of "center," or "defense" instead of "defense") or vice versa should be viewed as suspect. "Check for the obvious: If the email purports to come from the UK, but has words [with spellings] like 'specialize,' 'color,' and so on, then it's [probably] bogus," Longbottom says.

Report spam, don’t unsubscribe

Annoying messages that somehow make their way past the spam filter often claim to offer the recipient the option to unsubscribe from the list by clicking a link. But as tempting as it might be to follow the instructions instead of copying the message to the spam folder, users should take heed.

"Links, such as the 'Unsubscribe' link, are a popular way for spammers to validate your email address as well as deliver malware to your system," says Malec.

Gmail has one of the best spam-blocking features of any mail provider.

Gmail has one of the best spam-blocking features of any mail provider.

Check them out

Whenever a user has any inkling of a doubt about an email's origin, tests exist that can quickly and ac­curately make sure the sender's address is legitimate. This can be done by checking the sender's .com domain. For a link embedded in an email, verification systems such as can verify the au­thenticity of a website, says Brad Kowal, a director of data centers for Shands HealthCare in Florida.

"The basics for how you verify if a FedEx message or other email is legitimate are the same," Kowal says.

Greed is not good

It is common sense for most to ignore certain types of messages, but many users still need to be re­minded not to click links or file at­tachments in email messages that claim to offer the lucky recipient the chance to win a prize or other too good to be true offers.

Most View
Compact Digital Cameras Under $300 (Part 5) - Samsung MV800
The LTEdge (Part 1)
Samsung Series 9 Premium Notebook - Lightweight Champion
Nvidia GeForce GTX 690 4GB - Ridiculously Fast, But Expensive
Primer – Choosing And Using Peripheral Buses (Part 1)
Guide To Upgrades With The Greatest Effects (Part 2)
Eurocom Scorpius - The Fastest Laptop To Hit PC Labs.
CyberPower Zues M2 - The More-Affordable Ultraportable
LG Optimus G - A Quad-Core Flagship With Nexus Aspiration (Part 4)
Managing Windows Server 2012 (part 8) - Using the System console
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Top 10
Review : Acer Aspire R13
Review : Microsoft Lumia 535
Review : Olympus OM-D E-M5 Mark II
TomTom Runner + MultiSport Cardio
Timex Ironman Run Trainer 2.0
Suunto Ambit3 Peak Sapphire HR
Polar M400
Garmin Forerunner 920XT
Sharepoint 2013 : Content Model and Managed Metadata - Publishing, Un-publishing, and Republishing
Sharepoint 2013 : Content Model and Managed Metadata - Content Type Hubs