Spammers are nothing if not smart copycats. Why write your own copy (text message) and come up with your own ideas for formatting emails when you can take ideas directly from valid emails? That exactly what I see happening more and more lately. Take this email for example:
This message contains images. If you don’t see images, click here to view
In case of no image, press here
Subscribe | Unsubscribe | Change of Address
This message was sent from Naedaee to email@example.com.
You have been sent The Uzqvaq because you have opted in to receive it.
Note: It may take our system up to two business days to process your unsubscribe request and during that time you may receive one or two more newsletters. Thank you for reading.
If you get an email like this and your spam filter doesn’t catch it (Gmail has GREAT spam filters! Plus you can use Gmail on your T-Mobile G1) you might need to look at it carefully. In this case I noticed the email was from me (odd, eh? mailing myself a newsletter!) Then I hovered over the links in the email and saw the website addresses ended with .cn (China). Red flags went up and I wouldn’ve sent that sucker to spam folder, except it was already there. Look at your emails before hitting that “If you don’t see images, click here to view” link and you might save yourself a lot of trouble. Normally I will freely visit .com, .net, .org, .us, .com.uk, and some others that I recognize. Whenever I see a weird one I’ll google it. For example if the domains were something orother.az I google .az domains and see what comes up. In this case its Azerbaijan which I still lump together with Russia, so any unexcepted email from there I’d mark as spam.
MORE, PLUS A LITTLE RANTING AND CONSPIRACY THEORIES
Now, I certainly did not opt in to receive any free newsletters from a Chinese website. No wonder I read about stuff like the recent mysterious virus that struck the FBI & U.S. Marshals Service and now NASA is pretty much constantly getting hacked! Emails like the one above are sent out and employees, regular Joes and Janes in our governments work force are freaking out and clicking the unsubscribe or feedback links to get themselves removed from the list or complain about being on the list they certainly did not subscribe to. But instead there is a chance that the web page they are taken to (which they probably do not even realize is a Chinese website) has a virus embedded into it or other goodies to identify or attempt to infect the computer of the person clicking the link. I can imagine the programming on a page like this:
Is the visitor from the US or a US-loving country?
- If the American or American-loving visitor is NOT at a secure location China would like to hack, try to damage the visitor’s computer.
- If the American or American-loving visitor IS at a secure location China would like to hack, then try to load software onto that computer.
- If the visitor is not from a US-loving country then display a harmless webpage.
Now I realize I am generalizing big time, because not all Chinese websites are bad. But certainly those that send spam are bad to some extent. Plus after reading those two articles above I can’t resist a little conspiracy theory. NASA is getting hacked on a regular basis and the FBI and US Marshals Service have been infected to some extent by a virus.
Free, Screensavers, 2009 Saturn, Lyrics
Can you just look at keywords and see which ones are safe? Aren’t they all safe? No. And you can’t just look at a search term to decide if its safe any more than you can look at a book’s cover to see if the book will be any good – a little reading is on order. A ZDNet article two days ago about dangerous keywords reminded me about a painful lesson.
Unfortunately all search terms are not created equal… and Cybercriminals know it. The bad guys (scammers, hackers and the like) use SEO (coding your website so search engines rank it well) and SEM (paying to have search engines list your site). Unfortunately not only the good guys use SEO & SEM to get people to their websites, but so do the bad guys. Several of years back I was googling for a new screensaver or wallpaper or something and I ended up on one of those websites that tricked me into downloading a virus or malware or something that was not good – its been a while and my virus scanner was up-to-date and I got lucky and cleaned my machine of the downloaded infection.
Although McAfee touts McAfee SiteAdvisor as a way to minimize your risk (there are free and paid versions) education can go a long way. Nothing will ever make you 100% safe on the Internet, but these tips should help a lot
- keep your computer updated
- read Mafee’s “The Web’s Most Dangerous Search Terms” (PDF format)
- know how to close your browser when popups try to take control
- educate yourself about online scams and malware
Phishing scams are an ever-present danger because for the most part they are not filtered by your computer. Luckily the email address where I received this scam is protected by Gmail’s legendary spam filters and this one never hit my inbox. There are 2 links in the email, one is valid and the other would send you to a look-alike site setup on a .ru (Russia) domain.
ADWORDS -TARGETED PHISHING SCAM EMAIL
From: Google AdWords Team <firstname.lastname@example.org>
Date: Sat, Nov 8, 2008 at 4:28 AM
Subject: Google AdWords Alert
Our system was unable to process a payment for your outstanding Google AdWords account balance using your primary credit card. For the time being, your account is still open, and your ads are still running. However, we require you to update the payment information in your AdWords account very soon in order to ensure continued ad serving.
Please update your credit card information in order to trigger our billing system to try processing your payment again. If you plan to use the same credit card(s), please use the ‘Retry Card’ button on the Billing Preferences page of your account. Otherwise, please follow the steps below to update the information in your AdWords account.
1. Log in to your AdWords account at: http://adwords.google.com
2. Click the ‘My Account’ tab.
3. Click ‘Billing Preferences’ link.
4. Click Edit next to the appropriate ‘Payment Details’ section.
5. Enter your new or updated payment information.
6. Click ‘Save Changes’ when you have finished.
In the future, you may wish to use a back up credit card in order to help ensure continuous delivery of your ads. You can add a back up credit card by visiting your Billing Preferences page or visit the AdWords Help Centre for more.
Tip: You can review the status of your billing on the Billing Summary page, under the ‘My Account’ tab. If a payment has been declined, click ‘Payment Declined’ beside the line item to review information for that particular payment. Once your payment has been processed successfully, you can view and print an invoice from your Billing Summary page.
—————————— ———————————— This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions, please visit the Google AdWords Help Centre at https://adwords.google.com/support/?hl=en_GB to find answers to frequently asked questions and a ‘contact us’ link near the bottom of the page. —————————————————————-
Thank you for advertising with Google AdWords. We look forward to providing you with the most effective advertising available.
The Google AdWords Team
The link above to http://adwords.google.com actually goes to a Russian website that is no doubt a look-alike to the Google Adwords login page. You can fight this particular type of phishing email rather easily:
- Don’t click links in your email to visit online login pages
- Roll your mouse over the link before clicking it and read the address its going to take you to VERY carefully. This particular one began with adwords.google.com and might have passed a cursory glance. After that there was a fake session ID number (a number used by websites to track your movement around the site to do things like allowing you to access password protected content) and it ended with ssl85.ru which should set off some alarms.
Don’t forget when looking at web addresses that they can easily be hidden or faked. For example some characters are very similar and can be overlooked. For example I’ll bet looking at the web address ADW0RDS.G00GLE.COM you didn’t notice the capital O’s have been replaced with zeros. In this case it appears that G00GLE.COM is protected by Google or Markmonitor (the Global Leader in Enterprise Brand Protection, Domain Management, Online Trademark Protection, Online Channel Protection, AntiPhishing Solutions).
Don’t be fooled, be safe!