Is it spam?

As a hosting provider to people with all levels of technical knowledge I often get emails from clients forwarding me an email and saying “Is this spam?”.

By which they really mean “is this malicious?” because there’s a difference between spam, which is unsolicited email trying to sell you something and trojans, the malware loaded malicious links that say something along the lines of;

Unusual sign-in activity

Dont get locked out of your email account.
We detected something unusual about a recent sign-in…

etc

or one purporting to be from your bank or a company with an invoice.. There’s all sorts of tricks some of them sophisticated, some of them less so with a ‘charmingly’ low grasp of English. The basic trick is to worry you into sidestepping natural caution because you think you have to act quickly.

You should always be suspicious about this kind of email and I never mind being asked, no matter how obvious (to me) it might be.

The tell-tale signs

  1. Do I bank/ have an account with these people?
    These emails are sent out by the million.  Probability says some will land where they appear to be genuine. So this will be check 1, if I don’t have a Yahoo account it’s unlikely to be compromised
  2. The links
    All of these emails will have a link “Click here to query” or “Click here to change your password”. This is the bit that does the damage and you should never ever ever click on them (as we’ll see, never click on any link in any email like this even if genuine).You can see the trick at work if you hover your mouse over the link until it appears, here’s one:  http://www.xxxx.af/rn0t.php (I’ve removed the dangerous bit) it was in a main that said it came from Microsoft, if genuine it would read something like http://something.microsoft.com/xxxxxxxx the bit in bold is difficult (though not impossible) to spoof.
  3. The ‘from’ address
    The ‘from’ address may look like “customer.service@apple.com” or “Barclay’s Customer Service” in the top of the email.  Mouse over it, look at the address (in Apple Mail you click to see the actual email address).
    This morning’s said “glashie@btconnect.com” and purported to be from Microsoft. Bit strange, no? A Microsoft employee without a Microsoft email account.
  4. If you think it might be genuine then don’t click the link.
    Go to the website of the company apple.com or whatever, log in to your account and look for a notification there. It’s the cyber equivalent of ringing back your bank or the police if you get a phone call claiming to be from them.Changing your password is never a wrong thing to do so if you are worried, log in to your account through the company’s website and change it.
    I had one recently that was a email about a mysterious payment to Paypal. Almost uniquely it was genuine, the link was a paypal.com link, the email was from paypal.com. Nevertheless my advice to the client was to go to their PayPal account in a browser and login in the usual way then look for the payment. This way, there was no danger even if it had been spurious.
  5. Be suspicious
    These always have something in common, they are always about an account (bank account, website account, email account). If you get an email about an account why did you get it? What might have happened? Normally you will see there’s no reason. For instance, Google, Apple and other money-sensitive sites will send you emails saying “Someone logged in to your account in Dubai, was this you?” but they always require no action if it was you. If it wasn’t, then go to your account the long way round; open your browser type in apple.com, log in and change your password but (did I say this before?) never ever ever click on the link in the email.In summary, if you get an email about an account, be wary.

This may all seem a little complicated, it’s not and there’s a few common sense principles in there. And, if in doubt, simply send me an email saying “is this spam?” I will never mind, it’s what you pay me fabulous sums of money for.

Why do they do it?

It may seem a little obscure, sending you off to a website, you may not even notice something happened.  It may be Russian gangsters, it could be the CIA or GCHQ, it could be a 15 year old Albanian trying out his cyber power.

There are two main motivations behind this type of email, firstly to try and get you to enter your password because you think you’re on a safe site —look in the address bar, does it say http://something.apple.com/ ? — and secondly because by loading that webpage you are loading an invisible piece of software into your computer that will either monitor what you’re doing or use your computer to do something malicious.

You may have read about the ransomware attacks recently, that affected some big organisations, one being Bath Abbey of all people, the NHS another. These all happened because someone simply clicked on a link in an email. Nobody is immune.