Like everyone else I get a ton of SPAM in my inbox, even with all of the SPAM fighting tools I can find and use. Usually, as a last line of defense I use a product called Mailwasher to catch anything that gets past server filters, but we’ll talk about Mailwasher later. This post is the first of many I am sure where I thought I would alert folks to some pieces of mail that are especially crafty that get through and look legit but carry dangerous payloads. These messages carry viruses, or are Phishing attacks (where people try to trick you into giving them information like usernames and passwords) so I thought I would start posting about the ones that I see. I get people and customers asking me about these emails and what they are and if they are real or not, etc., so I thought some of my readers might have the same questions.
So, here we go with the first two:
- Look out for emails that appear to be from PayPal. They will look like they came from a valid PayPal address and will have a subject saying something like “You sent a payment” and in the body of the message they will tell you that you sent a payment of X number of dollars (it varies between emails but is usually anywhere from a hundred to thousands of dollars). It will then have links to click on to supposedly get information about the payment. This is where they spring the trap, when you click on the links. Most likely you will be sent to a fake PayPal login page, and when you log in you will get some kind of error or redirect, but most importantly, they now have your PayPal username and password, think about that! So be on the lookout, if you haven’t sent any payments, or don’t use PayPal even, don’t fall for these emails. Just delete them, and if you feel the need to check your PayPal account, you go to PayPal directly by typing in the address yourself so you know you are going to the right place.
- Next, we have an email carrying a virus payload called DROPPER. Your anti-virus software (you ARE using AV aren’t you???) should catch it, but just in case I’ll post the common headers below. Keep in mind that they might look slightly different, such as a different case number, but it should be similar. Keep in mind too, when have you had any contact with the Better Business Bureau? If you haven’t, which is likely, then that ought to be the first red flag with these emails! Here are the subject and from address as I have seen them:
- From: Better Business Bureau (email@example.com)
- Subject: BBB assistance Re: Case # 27368244
Remember, the case number may vary, and as always, keep a keen eye on your email and remember that if it looks suspicious, it probably is!
In yet another new and trendy spammer and phishing ploy, I have been getting a few copies of a message claiming to be from Blizzard regarding Beta access to the Cataclysm expansion coming out soon. This one did give me pause at first because I am signed up for the Beta, waiting to see if I get in. Luckily, I noticed some blatant signs when I inspected the message. The biggest thing was not only the Cataclysm website they wanted to send you to for account information harvesting being wrong, as in the wrong URL (not even close LOL), but I received several of these and they had different URLs between them. One other thing was that I received this to several email addresses, none of which were the one actually associated with my WoW account. Obviously these guys (or gals?) are carpet bombing and hoping they snag a few of the 10 or 12 million or so WoW players. Just wanted to pass this on, be on the lookout if this fits you in any way! In the words of Mad Eye Moody “CONSTANT VIGILANCE!!”
I have written before about spam and phishing attacks, but I thought it would be a good idea to re-visit this topic since there seems to be a concerted effort by senders out there to blast our collective Inboxes with not only hideous amounts of spam (which is bad enough), but also with a whole new class of phishing emails. I get tons of them “from” Amazon (that’s where the phrase Spamazon came from!), Newegg, Bank Of America, PayPal, and eBay just to name a few. Basically, they are likely to send one of these phishing emails from pretty much any online e-commerce type of store that they think the can trick someone with. That’s why you have to be careful and check these messages out thoroughly! Because the ones I have been getting lately have been really, really well done. They have been pretty hard to tell from the real thing.
The idea here is that the phisher will send you something from … let’s use Amazon, saying that your order went through successfully and your credit card was charged X amount of dollars. Well, you look at that and right away know you didn’t order anything recently (or maybe you did, but the amount charged shows different from what you just ordered) and it makes you think that someone maybe got into your credit card account or your Amazon account maybe. You feel that rush of excitement and fear as your mind starts doing the mental tally of how much money you are losing for every second that ticks off. So you immediately click the link in the email so you can log into your account at Amazon and see just what the heck is going on. Only, that link you just clicked isn’t taking you to Amazon, the phisher sends you to his own web page that looks like Amazon and is counting on that excited fear feeling to get you to rush into action without thinking. Once you are on the version of Amazon that the phisher sends you to, you try to log in. You might get an error or the phisher might go ahead and re-direct you to the real Amazon now, it doesn’t really matter because he has what he wants. He now actually does have your username and password that he just snagged from you attempting to log in at the fake site. Plus, if you use the same password for a bunch of different sites, he now has your password and probably username for those as well!!!
In a case like I described above, be sure to take a deep breath and act calmly. Even if you are sure that the email really is from Amazon, open up your web browser and go to Amazon directly and then log in there to check your account, where you can be sure that it really is the correct site. When you get these suspect emails, check them out closely because as good as I have seen them, there is always something that isn’t exactly right. For example, when I get a legitimate email from Amazon it will start with a greeting that includes my name. In the fake but really good one, one thing that stood out was the greeting was to my email address and not my name. Another was that there was a total dollar amount for the order, but no itemized list. The real ones from Amazon always have an itemized list. So, keep an eye out and use your head and you’ll be just fine. Be safe!!
You have heard me share information about the fiasco that Verizon created. In case you haven’t heard, I’ll recap quickly. In the name of fighting SPAM, Verizon decided that they would block ALL port 25 SMTP traffic on their network for all of their ISP customers. That means that anyone and everyone that uses Verizon as their ISP (DSL, FIOS, Dial-up, etc) cannot use any third party mail server or service that is configured to use the industry standard port 25. That’s just plain stupid, but I have complained about that already.
I was in a quandary with this one, or maybe a catch-22 is a better term. If I didn’t do anything about this “problem” that Verizon created, then all the people that I host email services for that use Verizon as their ISP are now out of luck. They can’t send mail through their (read: my) mail servers. So, I can just change the port that sendmail listens on, right? Yeah, I could, and then my Verizon tethered customers can send mail again … but, all my other customers that don’t use Verizon have to change their email client settings too, since they would still be sending through port 25. OK, I didn’t want to go down that road. I wanted to fix the problem with the least impact on everyone. Continue reading