Tag Archives: phishing

Is this Email Safe? Is this Robocall for Real?

Definitions, , , ,

I’m often asked whether an email is real, or safe, or dangerous. And the same question shows up applied to web sites And robocalls are rampant right now, and seem to pick up around year-end. What’s real?

Short answer: If you think it’s a scam, it’s probably a scam. It’s either an attempt to have you open a software installer, or read a fake purchase order, or link to a web site selling garbage.

Scam emails have a few things in common:

  • Fake urgency. Act Now! Limited Time Offer! Your computer is infected! 
  • False Authority. These are quotes from big-name companies and “experts” pushing whatever they’re selling.  The quotes either not real, or from people who are not experts in the correct specialty.
  • Fake address. The email address of the sender is from the wrong domain name. 
  • Poor English. Spelling, grammar, or usage are wrong. Incorrect capitalization is common.
  • Jumbled. Word order is typical of languages other than English.
  • Short. If there’s an attachment or a link, the message is frequently one line, because that makes it more difficult for SPAM filters to recognize a bad message.

Good emails and web sites:

  • For an email, the sending email address is at the same domain as the web links. So mail ABOUT Chase Bank is FROM Chase.com, not a Gmail account.
  • Have phone numbers, especially a direct-dial non-toll-free  number.
  • Have a physical address. Even a post office box is OK. That physical address is required by law in commercial emails, under the CAN-SPAM act.
  • Emails have a WORKING Unsubscribe link, also required by law. 

When in doubt, look it up:

Some of this applies to products as well; check these sites to look up the reputation of a company or a web site.

On Google.com, type in the site or product name, and ‘complaints’. Then in the results, look for companies that you know that do reviews, including any of these:

There are other review sites, but be aware that most small sites have poor moderation, and bad reviews could be from competitors. And of course, there are companies that “manage reputations” and that basically means “flood review sites with good reviews until the bad reviews are pushed off the first page.” The companies above are somewhat skilled at detecting those duplicate submissions, and these are not, but may still provide some useful information. The ‘grain of salt’ guideline applies:

For any question of “Is this file I received safe to open?” you can upload it at VirusTotal.com, and it will do multiple antivirus scans immediately.

In general, online reviews of companies or products that are a single line of text, and don’t actually mention the name of what they’re reviewing, are likely bulk submissions from a paid reputation management service. Ignore them, and read the longer reviews signed with real names, or (on some sites) marked as ‘Verified Purchaser’ or similar.

Bad emails and web sites:

  • Hide their physical location. Contact, if any, is by email or chat. There is often no clue as what country they are in.
  • Offer to ‘install software to allow you to view’ their page. That’s an offer to install malware. Close that page.

Both good and evil web sites have:

Encrypted web sites, with addresses starting with https. While secure web sites do provide protection from information entered into an online form from being read ‘in-traffic’ as it goes through the internet, https links do not provide confirmation of identity, just encryption. A “green padlock” link can provide identity confirmation, but only if it’s issued by a known “certificate authority”, and checking the encryption certificate for the issuer is going to show information that is mostly not easy to understand; it’s not a good indication of good or evil.

Already on a Site, and Suspicious?

High-pressure web sites tend to scroll forever, and show an auto-starting video, with no indication of length, that does not allow you to skip ahead. They’re selling the modern equivalent of snake oil, or the cure-all nostrum of the day. They’re promising something that they won’t tell you the price of until you get to the end of that video. They’ll pack that video with, again, fake urgency and endorsements from impressive experts you’ve never heard of, and it’s all just formula pressure sales that are modeled on the old in-person free seminars that push real estate investment books to anyone willing to sit through 4 hours of talking. Close that site.

“We’re from Visa/Mastercard, contacting you about lowering your rate…” Unless you are a bank, you don’t have an account with either the real MasterCard or Visa companies; you have accounts with banks. Visa and MasterCard are credit card interchange corporations, and they do business with banks, not individuals. Visa and MasterCard are competitors,  and they would not co-market interest rate discounts even if they sold accounts directly.

SkyNet called: They want their Terminator back, and they have low credit card rates, too.

Caller-ID is now reliably fiction. I sell phone service, as ‘voice over internet’ or VOIP, and in the setup of each user, you can type in anything you want to be visible as the caller ID information. Telemarketing phone systems change that text constantly. The newest such call here showed ‘Discover Card’ as the caller, but the computer-read script started with claiming to be from Visa/Mastercard’s security department.    

Overall:

Always look at the sender’s email address. If it doesn’t match what’s claimed in the email, there’s something wrong. 

Always look at link destinations before you click; just float the mouse over the link and look in the bottom-left corner of your screen for the destination. It should match the addresses and email domain. 

And be suspicious. Always. The internet makes the wild, wild west look lawful and organized. At the very least, they had a local sheriff.

Is That eMail for Real?

Newsletter Reprints, , ,

The easiest way for hackers and ransomware to mess with your computer is social engineering. Basically, that means ‘Wear the appropriate repair-guy uniform, walk into the building looking confident, and go directly to the system that you will be “fixing.” No one challenges that, right?

OK, well then, would you click on this email? I don’t remember ordering a pricy server from Amazon, but it looks like I’m getting one. I guess I’d better look in there and see who ordered it for me; could be that my account was hacked. 

Fake Amazon Order

So what’s wrong with it? Here goes, most obvious and visible items first:

  • I ordered no such thing.
  • The sender’s email address has the wrong domain, ‘amazons.com’ which is also not the web address for Wonder Woman’s family island.
  • The return address for Amazon orders is generally auto-confirm@amazon.com.
  • The format of the email is simpler than the usual Amazon shipping confirmation, missing gray backgrounds, logos, and a picture of each item ordered. It looks a lot like an Amazon confirmation from ten years ago.
  • The order number is not a text link in the email, and the last section has too many numbers.
  • “it may take 24 hours for tracking information to be available in your account.” No, tracking shows up in Amazon before the email is sent; it’s Fedex and UPS that will just say ‘label printed’ until the next morning.
  • Finally, not visible above, if you float your mouse over the ‘Order Details’ button, which is missing the orange logo that Amazon would normally use, you will see the link, which goes to usintecmedical_ com_br, not Amazon. That ‘com.br’ points to a site in Brazil, probably hacked.

What to do? Will this big Dell system show up at my door? No. I TYPED ‘amazon.com’ into my browser, didn’t follow the link, and checked. No surprises there. However, that medical address in Brazil would likely have looked like an Amazon page, asked for a login, which it would keep and use, and then forwarded you to the real Amazon. Or the site would attempt to install malware. Be suspicious. These fake confirmations can look like they come from nearly any large company.