Monday, June 28, 2010

Detecting Spam and Phishing

Here is something I wrote to send out to a group of people.  I wrote it a few years ago, but it still seems relevant. 

I've omitted some of it for anonymity:

I know you are busy, and I know this looks imposing. However, it can be read in less than 5 minutes of your time, and it is very valuable information. With just a few moments, I can teach you how to detect spam and phishing emails like a pro. These are all simple methods that will have even the most techno-wary among us sniffing out bad emails like a seasoned security expert.

Easy Common-Sense Methods:
1) Is the email relevant? One of the easiest ways to spot spam is if it is unrelated to you. If it appears that Bank of America is sending you an email and you don’t have an account there, it’s spam.
2) Is the sender sending to an address that they would have? You may have an account with Bank of America, but are you getting an email at an email address that they don’t have? If you only registered your home email with your bank and you get an email at your work address, it’s a spam.
3) Is the email something you registered for? As big as people like to say that Microsoft is, they don’t have your email address unless you give it to them. If you get an email from Microsoft and you haven’t registered with them, it’s spam.
4) Are they asking you to click a link and give them private information? SPAM!! If a company you have a relationship with needs an information update from you, you should be able to do it by going to their website directly or by calling them at a listed number. Do not click on links and give private information, and do not use a phone number in the suspect email to contact the business.
5) TRUST YOUR GUT! If you think it might be spam, I’d be willing to bet it is!

Savvy Geek Methods:
1) Check the link! If there is a link in the email, it might appear to be legitimate. To check the link, you can hover your mouse over the link without clicking, and the true link will show. Look for the characters before the first slash. This lets you know where the link is really going. For example, on www.facebook.com/index.htm the address before the first slash is http://www.facebook.com/, a legitimate site. However, if the link is www.facebook.com.xxklys.ret.uk/email/asdf.htm, the link is going to a page on ret.uk! Here’s a link you can practice on: http://www.msn.com/
2) Check the headers! When looking at your inbox, you can right click the message and select Message Options. A small box will pop up and at the bottom you will see the message headers. You can see the servers that it came from, as well as the return path of the email. If the servers don’t sound like something that email would come from, it’s probably spam. For example, if an email that alleges to be from Chase Bank is being sent from a server called 201-66-99-159.ctame706.dsl.brasiltelecom.net.br, it’s spam. Also, check the return path. If your email from Chase bank has a return path to courageousw06@sistec.ro, it’s spam.

Safe Emailing:
1) Omitted
2) Omitted
3) Don’t be a promiscuous email poster. Using your work email address to sign up for newsletters, websites, games, etc. is a sure way to increase the amount of spam to your account. These dubious locations often sell your email address to spammers, or are hacked and your address is stolen. Security by obscurity is a legitimate way to keep the spam level down.
4) Don’t click on links in spam. Often, the link in your spam message is associated with your email address. By clicking it, the spammer can then confirm that it’s a real email address and keep sending spam.

No comments: