Archive for the ‘Scams’ Category
Tuesday, April 16th, 2013
I recently finished reading Mandiant‘s fantastic APT1 Report. One of the gems is on page 29, which details some of the tactics used by phishing attacks carried out by APT1, (speculated to be the elite cyber-attack wing of the Chinese military). (more…)
Tuesday, September 4th, 2012
We recently handled an incident response case where our client was infected by malware which was delivered by email. The client plead ignorance, and asked “how can we tell what is real and what is a virus?” Here’s a quick tip to do just that!
For starters, several email clients and web browsers will show you the address of a link before you click on it… provided you take a few seconds and look before clicking! Most people just click away without giving a second thought, which is like running out across the street and then, if ever, looking to see if there is any oncoming traffic, so try to resist that urge and put safety first.
Here’s a sample “LinkedIn” notification I just received.
Monday, July 9th, 2012
I’ve been studying marketing for the last several months, and one thing I’ve learned is to keep doing what works. I guess that applies to spammers and scammers as well. As Ross Perot said, “Ready. Aim. Fire! Fire! Fire! Fire! Fire! Fire!”
Here’s one I haven’t seen in a while: making the entire message body an image attachment. Click the link at right to check out the latest offer that I got (allegedly) from Google! Immediately, I noticed a few grammatical errors, including a message subject line of “Att: Congratulation’ You have won US$400,000,00.Dollars.” Sadly, given the sorry state of education in this country, I’ll bet that most readers of this or similar messages would not even pick up on these little hints. That said, they probably can’t be counted on to indicate that English is a second language to the writer.
The horribly re-sized Gmail logo at the top was obviously taken off a website, and up-scaled to take up the bulk of the page. I also observed than an “official looking” email address of “email@example.com” is given, but the sender’s address is “firstname.lastname@example.org.” For those who don’t know, .sk is the country code for Slovakia. And yet, the message purports to be from South Africa. And Google’s headquarters is in Mountain View, California.
And people still fall for this stuff, or the scammers wouldn’t be doing it.
Monday, April 16th, 2012
Every now and then we get a call from a client, telling us that they are receiving messages stating that their emails are being rejected, or “bouncing.” The catch? They never sent the email in the first place. So what’s going on?
Although we don’t see as much of this as we did several years back, what’s often happening is that someone else, with whom the client has corresponded, has a virus-infected computer, and that machine is sending out junk email (or viruses), purporting to be our client.
Forging an email, purporting to be someone whom you are not, is trivial, and unless you and/or your email provider have taken steps to secure your systems and your domain, anyone with a little know-how can easily send email as anyone, including you.
In the following graphic, we see an example, where Joe@example.com corresponds with Sally@example.net. An Evil Badguy manages to insert a virus onto Sally’s computer, and it starts to send out spam and viruses. But, this virus is smart! It doesn’t send the emails as Sally – it sends them emails as some random recipient in Sally’s address book, in this case, Joe. When Bob receives “Joe’s” email, he emails Joe to complain, but Joe has no idea what’s going on. He’s even scanned his computer for viruses and found no sign. In an effort to prevent this, Joe could set up an SPF record on his domain, example.com, so that only authorized computers could send emails claiming to be example.com, which could help cut down this sort of behavior.
3rd party virus emails
If you think you are the victim of such a charade, contact us to see how Paradigm can help shield your domain from these attacks.
Tuesday, April 3rd, 2012
While several of our clients are involved in legitimate bulk emailing, some are not following these simple rules, making them “junk emailers” or “spammers.” When I say legitimate, I mean that the messages are not unsolicited spam or junk mail messages. But what constitutes junk? One person’s idea of junk might be another person’s “valuable message for our customers.” How do you know what’s what?
As one of my colleagues says, “it’s not about the content, it’s about the consent.” Quite simply, it doesn’t matter how important your email is, or how important you think it is. If it wasn’t requested by the recipient, or they did not ask for your marketing emails, it can be considered spam or junk mail.
When people receive any email, they normally have the option to report messages as spam back to their ISP or email provider. These reports get collected and sent to spam reporting companies who compile lists of email servers, IP addresses, and domains which are generating spam. If your server, IP address, or domain gets flagged as a spammer, you can be blacklisted, which can result in your emails being rejected, even by people and businesses you deal with regularly, for days or even weeks!
So how can you avoid being a spammer? There are several steps, most of them relatively simple, to ensure this.
- Use a legitimate email list. By this, I mean one that you assembled yourself, not something you bought, and not something you assembled out of various correspondences or subterfuge, such as automatically adding people to a list when they contact you, or buy one of your products. This behavior is a violation of the 2003 CAN-SPAM act. In other words, it’s illegal and you can be fined for it.
- Be legitimate. If you’re trying to sell something, say you’re trying to sell something. Although you can be subtle about it, don’t mask the fact, and don’t pretend to be selling something you’re not.
- Send your email in plain text. Most marketing departments will nix this immediately, so if you are going to send HTML (pretty pictures and colors) email, be sure that it is standards-compliant and well-formed. Be sure whomever is creating your HTML emails knows what this means and can verify this if you don’t.
- Display your domain name’s registration information publicly. Don’t hide behind a proxy domain name registrar to keep your information private, as it makes you look like you’re a spammer who is trying to hide something.
- Use consistent “from” email addresses, e.g., “email@example.com.”
- Set Sender Policy Framework (SPF) records for your domain. SPF is a system which defines what email servers are allowed to send email on your behalf, which helps prevent unauthorized mail servers forge your addresses (which would allow spammers to pretend to be you, and make you look bad).
If any of these sound too technical for you to handle on your own, contact us today and request a free audit of your bulk mailing practices so that we can assist you further to be compliant and, more importantly, to avoid an unplanned outage of your email system.
Thursday, December 8th, 2011
It’s quite simple, really – if it sounds too good to be true, it probably is. Here’s an email one of our staff received in response to an inquiry to a Craigslist apartment listing. See if you can spot the red flags. (more…)