Tag: eMail Spam Awareness

Suspicious E-mail Attachment? Be Cautious it can be Impair Your Small Business

As a small business owner, you may be receiving tens of emails (sometimes hundreds) in your in-box every day. You have to be careful while opening your emails – a small neglect on your part can significantly ruin your business – your important files may get deleted, someone might get access to your financial and customer information. I am not trying to scare you off but this is reality. There are many cyber criminals out there looking to make easy money. 95 percent of Americans receive emails with malicious programs while nearly 9 percent opened the attachment infecting their computer (Halon and TNS Global survey).

In this article, we will discuss the common threats that come as email attachments and what precautions you can take.

Common threats as email attachments
Opening a suspicious email attachment can infect your computer with a virus, Trojan horse, botnet and you can even become victim of phishing and hacking.

  • Virus: Virus is one of the common threats that small businesses come across. These malicious programs are mostly sent as email attachments with the intention of either damaging your computer programs or spreading the viruses to the computers in your network for creating problems.

    When such email attachments are opened some programs will get installed in your system. They can do many things – can gain access secretly your sensitive information, wipe out all the files on your hard drive, replicate and spread to USB keys and external hard drives. Sometimes they display unwanted ads.

  • Trojan horse: Trojan horse records all keystrokes you enter in your system. That is how it gains unauthorized access to your organization’s financial information, customer information; disrupts the performance of your computer; deletes or modifies your data, etc. Cyber criminals can even notice you through web cam.
  • Phishing: Phishing emails look legitimate and appear as if they came from known sources like businesses, banks, government agencies, friends, relatives, major online retailers, social networking sites, etc. They motivate you to download HTML form and sometimes motivate you to click the links in the email.

    These emails come with subject lines like “update your information” or confirm your user-name and password” and sometimes state the consequences if you don’t verify your details.

    Phishers generally attach html form to the mail. When you open such attachments, the form asks you to fill your credentials. These attachments are less likely to be blocked by anti-phishing mechanisms, because the form is stored locally.

    Sometimes you will be asked to click on the link provided that leads to the phisher site that site looks genuine and they motivate you to enter details of your accounts. The phishers gather your information based on your inputs and use this information to gain access to your account with a bank etc. to misuse it.

  • Legitimate PayPal URL looks like:
  • Disguised URL from the phishing email:
    Disguised url

These phishing links are constructed in such a way that looks like it goes to PayPal.com, but it leads to the phishing site. You can see the difference instead of forward slashes – there are dots in the URL and also you can see in the URL – instead of https it is http. (Note: HTTPS in the URL signifies your information is secure. Legitimate sites will only able to get this security certificate)

  • Botnet: Botnets are generally a group of computer networks that are remotely controlled by cyber criminals over the Internet in an effort to perform automated tasks without your knowledge. These email attachments contain viruses, spyware with botnet code. When they are installed in your computer. The creator of malware takes control over your system, your Internet browsers and monitors your keystrokes. They sometimes use your email account to send thousands of spam emails and involve in click fraud.
  • Hacking: Typically hacking targets a specific person. Hackers are very smart they send emails with convincing subject line, attached with a virus. Sometimes, they send emails from your friends’ or business partners’ account (the one which they already hacked). When such attachments are installed, they gain access to your system without your knowledge. Once the hacker gains access to your system, they look for information to steal your financial accounts, trade secrets, client details or your intellectual property.

Precautions to take

  • Update your operating system or enable ‘automatic update’
  • Install anti-virus and anti-spyware software in your system. Because this will inspect all files in your computer as well as your attachment files for viruses and spywares. Whenever they find any infection, they will remove it or immediately alert you
  • Back up all important files on your computer
  • Install and maintain a firewall on your computer – configure it. This will alert you whenever a program or process is attempting to access your system
  • Use attachment filters that will block certain file names or extensions
  • When you are not using your system, shut it down
  • Disable settings in your email program that automatically download the attachments

Precautions to take while opening email attachments

  • Don’t click, open, save or run any email attachments that you suspect
  • Be cautious about the executable files that end with the extensions such as .exe, .vbs, .lnk, .pif, .scr, .bat and so on
  • If you think the file is legitimate, check the contact details whether they are matching with the original source
  • Don’t give personal or sensitive information by email. Remember, no legitimate source will ask for information through emails

Small businesses are common target of cyber criminals as they often give least attention to this kind of matters. Use your emails sensibly and safeguard your business.

Email Spam Volumes Fall to Lowest Level in Two Years: Symantec

A recent report from Symantec declared that spam volumes in January 2011 fell to the lowest levels, since March 2009. The spam volumes seemed to drop dramatically since 25th December of 2010 and continued its phase in January. The only time that spam volumes dropped by such a remarkable extent was after the closure of McColo, a California-based ISP in 2008, for being implicated in criminal and botnet activities.

Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.

Spam levels – Country wise for January 2011

  1. Oman – 88.8%
  2. China – 84.6%
  3. Hungary – 83.3%
  4. Luxembourg – 82.8%
  5. Kuwait – 81.9%
  6. South Africa – 80.0%
  7. US – 78.8%
  8. UK – 78.7%
  9. Canada – 78.3%
  10. Australia – 77.3%

Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:

  • UK – 1 in 188.6 emails
  • Canada – 1 in 204.6 emails
  • UAE – 1 in 247.3 emails
  • Oman – 1 in 248.4 emails

Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.

Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.

Email Spoofing – Commonly faced problem online

The trend of internet exploitation has moved away from viruses and trojans. Hackers are no more interested in just deploying these small infectious agents in others PCs unless there is any economic benefit in doing it. Getting access to the computers using technologies like malware, spambots, etc has become widely prevalent today.

Getting access to the computer of a well settled person is like getting access to his wallet. Since there is no complete solution for internet vandalism yet, awareness of the methods of exploitation is what can be helpful in present day situation. In our earlier article we have discussed on Website Spoofing. This article is about eMail spoofing – one of the common methods used by cyber criminals.

Understanding eMail Spoofing
A spoofed email is simply – an email sent impersonating a legitimate source. Generally, the sender will change the FROM address and other parts of the e-mail header like Return-Path, Reply-To, etc to make it appear that it originated from some other. This is generally done by adjusting settings of the email client like Mozilla Thunderbird, Outlook Express, Eudora, etc. There are a few websites too that offer sending of emails where the sender has option to enter any email address in the FROM or Reply-To fields.

Common Deceptive Tactics Used in eMail Spoofing
A standard email function like SMTP is used in email spoofing. The email programs allows them to modify email headers and thus forge the email originating identity. The most common deceptive tactic is that the spoofer sends out emails to thousands, even millions, of email accounts spoofed in name of a well-known company. The typical phishing email will contain a clever story designed to lure people into some action like clicking a link or button in the email or calling a phone number.

The link in the email might redirect you to a spoofed website which in turn will be used to capture data.

Possible Spammers intention behind a spoofed eMail
Though sending of spoofed emails is very simple compared to many of other deceptive online tactics, it has much higher potential to gain profits for the spoofer. Email spoofing is generally used for obtaining login details of financial information of a person. Once they have access to the account they can make withdrawals from the account or authorize payments for online purchases.

Identifying Spoofed eMails
Common methods to identify a spoofed email is as follows:

  • Emails from banks or finance related sources that do not address you by the name you registered with them can be suspected as a spoofed email. Ebay, PayPal and banks will never send out general emails saying “Dear valued customer”, or “Dear member” etc…
  • You can quickly tell if the link in the email is a spoof by hovering your mouse over the link in the email and comparing it with the link appearing in the status bar.
  • View the “FULL message header” to know where the email came from
  • Read your email carefully and look for any spelling or grammatical mistakes.
  • Consider any website asking for your PIN (personal identification number) as a spoof.
  • Some spoof sites will include pop-up message boxes. It is better if you do not entertain such emails.
  • Most spoof emails will create a false sense of urgency like a message saying that your account will be locked out or deleted if you don’t act quickly.


Yet Another Email Scam – Beware

As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.

Keeping Your Email Account Safe

Email users can help reduce the spam outflows in the Internet. When a user signs up for something online, he should be careful while checking checkboxes and must not check checkboxes for additional offers. Else, he will receive email from partners of the site he signed up at. It is advisable to use freebie accounts to fight spam. Create a few freebie accounts, direct them to your main account, and use those freebie accounts to sign up for something online. If an account is spammed disable or abandon it. One word of caution: Never use your primary email address to sign up for anything. At the very least a user should use three accounts: one for business, one for personal stuff and another for online shopping .

There are many freebie accounts available in the market today, the primary of which are AOL/AIM, AOL My eAddress, Excite, Fast Mail, Google Mail, Goowy, Hotmail/MSN Inbox, Lycos, MyWay Mail, Rock.com, and Yahoo!

If a user plans to use a freebie account as his main account, it is recommended that he use Gmail. Google Mail is arguably the most productive well thought out free email offering available, with highly efficient spam filters, loads of disk space for messages, and has Google with third party plug-ins to increase productivity.

There are also expendable email address services that have more selective disabling features than regular free email accounts. Having your own domain might include 50 to 100 email addresses as part of your hosting package. You can use these addresses for newsletter or shopping sign ups and redirect each account to a main account.

Whatever you may go about doing, never publish your main email address anywhere online. You can use freebie accounts, which can be dropped when necessary. Use a CAPTCHA image based code to separate spambots from human visitors. Encode your email address like me*AT#hotmail#DOT*COM so that humans can easily read them.

Few of the ISPs add junk mail header status information to messages passing through their mail servers. If the email client is suitable, you can write a “filter rule” to ditch any message whose header includes “X-Spam-Status:Yes”. The disadvantage is that there could be false positives on spam needing you to check the spam folder on a weekly basis.

You can also write your own command line email filters in a scripting language like Perl or Python; both of which have superior regex pattern matching abilities. Write a program to grab your email (copies) off POP or IMAP email servers. Build a frequency table for the keywords by saving the IPAddress information for each message. If the data is saved for long term profiling keep the spam information in a separate database. If some words in the message raise flags, compare their frequency counts against other words. This step should be manual until you build up long-term profiles. If its spam, delete the original copy of your mail server. An Operating System like Linux gives you the facility to integrate custom filters into your email client.

Beware of eMail from US VISA Lottery

An email pretending to offer even to pay the flight ticket to US along with VISA and accomodation, is very rare to find. The new VISA lottery scam email interestingly has all these features. This scam email offers you a single visa for about 980 USD and a family visa for 1520 USD. A flight ticket along with accommodation in US! Very enticing, isn’t it?

But, “We advise everybody not to fall for such things because you will be very disappointed,”says Sorin Mustaca of Avira.

According to what he wrote in Avira’s blog

“And now, as usual, comes the funny part, as in any scam attempt we’ve seen.

  • Despite the fact that it is mentioned in the picture the “Asia-Pacific agent” for the VISA processing, the contact email addresses are in … Europe. They belong to a free web mail system in the Czech Republic.
  • The text is very hard to read because it is full of grammatical mistakes and sentences which don’t make too much sense.”

The image of this scam email is attached below.

Click to Enlarge
Click to Enlarge

Courtesy: Avira Blog.