I’ve cleaned many PC’s over the years from infections people got by opening an attachment. Scammers / Spammers and Virus writers use typical human nature “curiosity” to get folks to open their idiotic creations, so I decided I’d write a short piece with a few tips on how to spot the fakes.
I’m going to use a recent “real life” example forwarded to me by a client, asking me to confirm their suspicion that the email was a prank. They were absolutely correct.
Ask yourself.. Would you have fallen for this?
– – – – – – – 8< – – – – – – – – –
From: Better Business Bureau [mailto:email@example.com]
Sent: Saturday, 19 May 2012 11:50 AM
Subject: BBB assistance Re: Case # 80716763
The Better Business Bureau has got the above-referenced complaint from one of your associates regarding their dealings with you.
The detailed information about the consumer’s concern is explained in enclosed file.
Please review this matter and notify us of your opinion.
We encourage you to open the ATTACHED REPORT to respond this complaint.
We look forward to your urgent reply.
Better Business Bureau
The email had an attachment named BBB abuse.zip which in itself was a dead giveaway – we’ll look at why down below.
Firstly, let’s dissect and look at some of the perhaps “not so obvious” things that should ring alarm bells and make you immediately suspicious.
- In the From: field, we see that the email claims to have originated from “firstname.lastname@example.org” – This may well be a valid Better Business Bureau address, but it’s clearly an American organisation – Now why would anyone lodge a complaint against you with the American Business Bureau that has no jurisdiction of concern regarding the practices of an Australian Business? Secondly, the email came from “email@example.com” – not an email address from the organisation’s complaints officer
- Though the sender probably tried their best, the formatting of the email itself is clearly amateurish. There are no spaces between the paragraphs – Once can reasonably expect that an email from a professional organisation to at least be correctly formatted.
- The line “detailed information about the consumer’s concern is explained in the enclosed file.”
a) So now it’s suddenly a “Consumer” rather than an “Associate” who made a complaint? Hmmmm..
b) At least “some” information about the complaint would have been included in the email – not just a small blurb almost begging you to look inside an attachment to find out anything about the alleged complaint that was made against you.
- “We encourage you to open the ATTACHED REPORT to respond this complaint.“a) “encourage you to open the ATTACHED REPORT” – again, they’re almost begging you to open the attachment and look inside it with no indication about who made the alleged complaint or what it’s about. They’re playing and relying on natural human curiosity here – sadly, that age old trick to get people to open attachments continues to trick many people
b) Amateurish and poor grammar – one would expect that to read “respond to this complaint”, not “respond this complaint” as written – Could it be forgiven as a typo? Sure.. but more likely to be written in haste by someone without a very high level of education. Organisations that monitor business activities use Templates for their communication that have been checked for silly and basic little errors like that
– Any gramatcial errors I may have made myself in this, or past newsletters, are purely intentional! 🙂
- “We look forward to your urgent reply” – Ahh.. the good old word “urgent” to encourage you to act quickly and open that attachment without thinking about it first
- Finally, unless my Microsoft Word dictionary is letting me down, the word Counselor is spelled incorrectly – shouldn’t that be “Counsellor” ? I seriously doubt any professional organisation would allow any email to go out with a spelling error in the signature
That’s a very quick dissection of this particular email’s content with some tips about what to look for to spot scams.
Now here’s what should be the OBVIOUS give away every time..
- Where’s the contact information one would expect in any email of this type? No Telephone or Fax Numbers you can call to check on the validity of the email’s origin, No Web Site Address, no logo, no nothing. A totally obvious dead giveaway in this particular case. Bear in mind however that many scammers will steal valid email signatures and place them into their emails to try and make them look genuine. Don’t be fooled into thinking an email is genuine just because it may “look” like it is at first glance. If you were not expecting the email, then treat it with suspicion.
The “ATTACHED REPORT”
- In this case, the name of the attachment is immediately suspicious when common sense is applied – it was “BBB abuse.zip” – but if that’s not enough to give it way, what is inside most certainly does!
Looking inside the attachment is something you should ALWAYS look for and refuse to open if you see it. The attachment ends in .exe – this is an executable file. It’s clearly not any type of report at all – it’s a program of some type.
A document will almost always come as a .PDF file, or in rare cases, a .doc or .docx file, which should also be treated with suspicion because they can carry Macro Viruses.
That’s a rather quickly written explanation as to what I found obvious in identifying this particular attempt as a fake.
Here’s some more things to always watch out for and keep in mind.
- The word “Urgent” in any email prompting you to open an attachment. These will almost always be scams. In fact, be wary of opening “any” sort of attachment unless you’ve been expecting it from someone you’re already communicating with. Just because something comes un-expectantly from an email address you know, doesn’t mean it’s really from the person you know. Look for giveaway signs. Know that “From:” Email addresses are extremely easy to fake
- Any email claiming you have won some type of prize, lottery, inheritance or ending with the words “God Bless” or similar, designed to play and cash in on folks religious beliefs.
- Any email from DHL telling you a delivery has failed for one reason or another. Just delete these emails immediately. 99.99% of the time they will be fake. If you feel the communication may genuinely be from DHL, then “call” DHL (or whichever courier you’re using) about your order over the phone. The DHL Brand is a company that is abused on a daily basis to try and propagate Virus and Trojan infections through email. Read the following link for more information; Fraud Alert: DHL Express – Links to: http://www.dhl.com/en/express/resource_center/fraud_alert.html
- Any email that claims you’ve gotten some sort of eCard – millions of these are sent around every day and a very small percentage fall on people who might have a birthday or other personal milestone coming up. Treat these with extreme suspicion. If someone really cared about you or your personal event, they would take more effort in expressing that care to you than the few seconds it takes to use one of the hundreds of free eCard services available on the web.
- Don’t forget the Telephone Scams. Microsoft, Symantec, TrendMicro, GFI – in fact any software or security company will “never” cold call you on the telephone to advise that you have a computer problem or infection and offer to help you fix it. The call WILL be a scam designed to extract anything they can get out of you with regards to helping them steal and use your identity, or to get you to allow them to connect to your computer to infect it with Viruses or Trojans – just hang on on these idiots and get on with your day.
Finally, here’s a couple of links to some great web sites devoted to educating people on how to avoid being scammed through email. Take the time to quickly read through them. Anything that sticks in your sub-conscious could save you a lot in lost time and money later on.
That’s just a few.. there’s a ton more out there.. Google is your friend
The moral of this newsletter is a simple one..
Use your common sense, be careful and stay safe.
For those of you that may be interested, when I have some spare time (a rare occurrence these days) I’ll eventually be executing the attachment in this particular email on my test box that I keep totally isolated from our network to see exactly what havok it causes. (A little hobby of mine) So if you would like to know what it did, send me an email and let me know. I’ll put you on a list to send a short report to on the results of the test.
Till the next time..