Scam mail have been around probably since the invention of the postal service. However during those days, it can cost quite a lot to send out these mass mailers hence people didn’t encounter them too often. Unfortunately since it’s so cheap to send e-mail messages, these scam mail has become rampant and it becomes so easy for the villains behind them to prey on greedy idiots. Here’s how you can avoid becoming an idiot when one of these scam e-mail goes your way.
Things to watch for
- Return addresses. Scammer could fake the “from” address field but they won’t be able to fake return addresses. If it appears that Google is sending you an e-mail then the return address should be suffixed by
@google.comand not another domain. It’s quite easy for impostors to send an e-mail that appears to come from “
firstname.lastname@example.org” but it’s virtually impossible for them to receive into that address without an insider at Google being involved (note that
@google.comis exclusive to Google employees unlike
@gmail.comthat just about anyone can register).
- Instruction to click a hyperlink. Watch for links in e-mail addresses and verify if they’re OK before you click. If the e-mail claims that it’s from PayPal and they want you to click on a link to verify payment, be sure that the link goes to
paypal.comand not some other host. Remember that clicking the link signals that you have read the message and confirms your e-mail address – opening the way for further spam or even scam messages. Not to mention that the fraudulent website may prompt you to install an application or browser plug-in that turn out to be a trojan horse.
- Asking for money to give money. Even more so if the e-mail claims it’s from an established organization. If it’s really an established organization, they won’t ask for money to give you money. Moreover, having them giving you cash outright is questionable – even Apple’s 10 billionth app download winner didn’t get any real money but store credits instead.
Recently I received an e-mail that claims to be from Samsung Europe that said I won € 750,000, a laptop, and a mobile phone. Then they wanted me to contact their notary and keep the e-mail confidential. Let’s dissect this scam mail blow by blow.
If you notice carefully, the reply-to address is from the
@europe.com domain and not
samsung.com – this is the first thing that you should notice and raise a red flag in your brain. Secondly it points to a non-existent web page
– www.samsung.com/europe doesn’t point to a proper regional site but a “select country” site.
In fact, I suspect that the whole “
www.samsung.com/europe” thing is just to confuse you into believing that it’s return address of
email@example.com belongs to Samsung – which is obviously not.
Then who owns
europe.com? According to its whois entry, the domain belongs to “World Media Group, LLC” that is based in Bedminster, New Jersey.
Registrant Name: ATTN Domain Inquiries Registrant Organization: World Media Group, LLC Registrant Street: 90 Washington Valley Rd., #1128 Registrant City: Bedminster Registrant State/Province: NJ Registrant Postal Code: 07921 Registrant Country: US Registrant Phone: +1.9089030200 Registrant Phone Ext.: Registrant Fax: +1.9082759105 Registrant Fax Ext.: Registrant Email: firstname.lastname@example.org
The company’s official website at
http://worldmediagroupllc.com shows that World Media Group is really a “domain squatter” organization. They buy single-word domains like
doctor.com and build advertising sites on it – which at this point the credibility of lawyers and doctors on that site may as well be questionable.
Last but not least, the
THIS IS NOT A SPAM first line. With asterisks. Yeah, just like the folks who walks out of a pub with their faces red and not standing straight saying that they’re not drunk. Luckily Gmail classified this particular e-mail as spam. But we might not be so fortunate and the next time it may got through Google’s spam filters.
Just remember: be vigilant. This e-mail belongs to a class of techniques called social engineering – it manipulates the most powerful yet error-prone part of the security system: the bag of meat at the keyboard. Play your part in the human firewall to keep yourself and your colleagues safe.
Until next time, you stay safe.