How To Detect Scam e-Mail

Scam mail haLoupeve been around probably since the invention of the postal service. However during those days, it can cost quite a lot to send out these mass mailers hence people didn’t encounter them too often. Unfortunately since it’s so cheap to send e-mail messages, these scam mail has become rampant and it becomes so easy for the villains behind them to prey on greedy idiots. Here’s how you can avoid becoming an idiot when one of these scam e-mail goes your way.

Things to watch for

  • Return addresses. Scammer could fake the “from” address field but they won’t be able to fake return addresses. If it appears that Google is sending you an e-mail then the return address should be suffixed by @google.com and not another domain. It’s quite easy for impostors to send an e-mail that appears to come from “john.doe@google.com” but it’s virtually impossible for them to receive into that address without an insider at Google being involved (note that @google.com is exclusive to Google employees unlike @gmail.com that just about anyone can register).
  • Instruction to click a hyperlink. Watch for links in e-mail addresses and verify if they’re OK before you click. If the e-mail claims that it’s from PayPal and they want you to click on a link to verify payment, be sure that the link goes to paypal.com and not some other host. Remember that clicking the link signals that you have read the message and confirms your e-mail address – opening the way for further spam or even scam messages. Not to mention that the fraudulent website may prompt you to install an application or browser plug-in that turn out to be a trojan horse.
  • Asking for money to give money. Even more so if the e-mail claims it’s from an established organization. If it’s really an established organization, they won’t ask for money to give you money. Moreover, having them giving you cash outright is questionable – even Apple’s 10 billionth app download winner didn’t get any real money but store credits instead.

An Example

Recently I received an e-mail that claims to be from Samsung Europe that said I won € 750,000, a laptop, and a mobile phone. Then they wanted me to contact their notary and keep the e-mail confidential. Let’s dissect this scam mail blow by blow.

Scam mail 2

If you notice carefully, the reply-to address is from the @europe.com domain and not samsung.com – this is the first thing that you should notice and raise a red flag in your brain. Secondly it points to a non-existent web page – www.samsung.com/europe doesn’t point to a proper regional site but a “select country” site.

Samsung Europe

In fact, I suspect that the whole “www.samsung.com/europe” thing is just to confuse you into believing that it’s return address of collection@samsung.europe.com belongs to Samsung – which is obviously not. 

 Scam headers 7

Then who owns europe.com? According to its whois entry, the domain belongs to “World Media Group, LLC” that is based in Bedminster, New Jersey.

Registrant Name: ATTN Domain Inquiries
Registrant Organization: World Media Group, LLC
Registrant Street: 90 Washington Valley Rd., #1128
Registrant City: Bedminster
Registrant State/Province: NJ
Registrant Postal Code: 07921
Registrant Country: US
Registrant Phone: +1.9089030200
Registrant Phone Ext.:
Registrant Fax: +1.9082759105
Registrant Fax Ext.:
Registrant Email: domains@world.com

The company’s official website at http://worldmediagroupllc.com shows that World Media Group is really a “domain squatter” organization. They buy single-word domains like lawyer.com and doctor.com and build advertising sites on it – which at this point the credibility of lawyers and doctors on that site may as well be questionable. 

World Media Group LLC

Last but not least, the THIS IS NOT A SPAM first line. With asterisks. Yeah, just like the folks who walks out of a pub with their faces red and not standing straight saying that they’re not drunk. Luckily Gmail classified this particular e-mail as spam. But we might not be so fortunate and the next time it may got through Google’s spam filters.

Just remember: be vigilant. This e-mail belongs to a class of techniques called social engineering – it manipulates the most powerful yet error-prone part of the security system: the bag of meat at the keyboard. Play your part in the human firewall to keep yourself and your colleagues safe.

Until next time, you stay safe.

 

The Virtual Post-It Note

Say that someone comes to your door and no one was around to answer. She needs a way to leave a message saying that shDelivery Mane was around and needed to contact you. At this point of time there are several options available to her: 

  • She could stick a post-it note to your door. Provided that she has one handy – or at have least pen & paper readily available to slip under your door. Hopefully the note doesn’t get blown off by wind or taken out by your neighbour’s naughty children.
  • She could try calling your phone – provided that she knows your phone number and you can answer her. Similarly she could send you a text message or e-mail – but again this information needs to be available somehow. You could display your phone number (or e-mail address) on your door, but this makes you vunerable to spammers and telemarketers.
  • She could just try coming back later. However this takes time and effort and she’ll doubt that you’ll be present the next time she comes around and may decide not to come back – hence you may miss an opportunity.

What if there’s an easy way for people to contact you but still keep your contact details safe from irresponsible callers and spambots? Just like an executive secretary who takes phone calls and fends off monkeys from wasting her boss’ precious time.

If this is your problem, we believe it can be solved by a web form. That is the visitor can simply fill out a form on the web saying that she was here and provide some information for you to call her back. Now you may ask, “if she’s not on the Internet, then how can she fill out the form?” Well, with the proliferation of smartphones, people tend to _already_ be on the Internet most of the time – since they have an always-on data connection on their phones. Even better, web forms can filter out spammers better than most e-mail filters when equipped with a CAPTCHA. Moreover reading a message takes only a fraction of the time than taking a phone call of similar content – which is a good defence against telemarketers.

Then all you need is to have a web form somewhere and prominently display its address on your door so that visitors know how to reach you when you’re not around. Tell them to open that form using their smartphones and leave their notes there. Since most people won’t have post-it notes handy, this virtual post-it note should prove useful.

So here’s our idea. Using our app you can print a poster that you can stick on your door – containing your name, web form URL, and a QR Code to make it easy to enter the form’s URL. Visitors will see this prominently-placed poster then either scans the QR Code or type in the URL below it on their smartphone.

QR Code Poster

On their smartphones, they’ll see a web form to write their message to you. The form is deliberately made simple and thus only two fields are mandatory: the message itself, and a CAPTCHA to ensure that this is a real person who are posting the message.

Virtual Post It Note

Furthermore if the visitor desires, she can leave their name and contact information if she wants you to call her back. What’s nice about this is that the smartphone’s web browser should be able to auto-fill this information in the form – letting her name, e-mail address, and various other details for you to use to get back in touch with her.

Do you think this is useful? Contact us or leave a comment below and let us know what you think!