Spam. Nobody likes it, but everybody gets it. In the first quarter of 2015 spam comprised 59.2% of email traffic! Of course, it doesn’t just annoy the end user, it also interrupts business productivity. Worse, spam is a security risk; bringing with it any number of phishing or malware attacks. Because spam is plentiful and comes in many varieties designed to confuse and manipulate the recipient, it is important to first implement a powerful anti-spam system. However, remember that utilizing anti-spam software is only the minimum of what you can do to protect yourself. You should also educate yourself on how to recognize and handle suspicious emails. Paying attention to the following 5 tips to identify dangerous spam emails, before you open, click, download, or share data will go a long way toward protecting your data.
- One of the most important ways to protect yourself from dangerous spam is to install a powerful anti-spam software. Liquid Web’s MailSecure is ideal because it both tags emails as spam (giving you the freedom to delete or recover as you see fit), and blocks dangerous malware, virus, email spoofing, and phishing attacks. MailSecure has been proven to filter out the large amounts of spam that bombards inboxes today - as much as 85% of email traffic received by some Liquid Web customers was filtered, blocked and tagged as spam.
Watch for Spoofed Email AddressesPay close attention to the sender’s email address in any suspicious message you receive - and don’t reply or click any links. Attackers often use spoofed email addresses (email addresses that appear to come from a trustworthy source) to trick the recipient. These emails often include phishing attack attempts. Spoofing is done in a number of ways, but a few of the more common ways include:
- Changing the name of the sender so that it does not match the sender’s email address: It’s easy to change the header information of an email so that the sender’s name doesn’t match the sender’s email address. In the image with Example #1, the spammer changed the name to read “Katrina”, in an attempt to make the email appear as if it was from a familiar source. The email address, however is clearly unfamiliar and untrustworthy: “firstname.lastname@example.org.”
- Using characters that are similar to actual letters in order to make the sender email address to appear to be from a recognizable source: For example, many Greek characters look similar to latin letters, such as the Greek character "ε" and the letter “e”. Emails may use the Greek character instead of the letter “e” in the sender’s address, like this: “example@liquidwεb.com.” Unless the recipient is paying attention, they might not notice the email address is incorrect.
- Creating a fake sender address that references a normally trustworthy institution: Emails like “email@example.com,” as in Example #2, are a clear attempt to convince the reader the email is actually from AIG Direct. However, a quick google search reveals that legitimate emails from AIG Direct will probably end in “@aigdirect.com."
Don't Give Out Personal InformationPhishing scams usually appear to come from legitimate businesses, like your bank, and contain URLs that link to malicious web pages asking for your private information. Legitimate businesses will, most likely, never ask for personal information such as passwords or credit card numbers via email. Giving out your information can lead to drained bank accounts or even identity theft.
Avoid Strange Attachments or Unfamiliar LinksThe best policy is to refrain from downloading files or clicking through links in an strange email, unless you trust the source. Malware, viruses, and other types of malicious material can be easily downloaded to your server or computer through attachments or malicious links, such as the Dropbox link in Example #3. In addition, dangerous files can come in any form, even with familiar extensions like .docx, and are often zipped to conceal their true file type.
Seem Too Good To Be True? It is.Another sign of a dangerous spam email is when the content seems too good to be true - often in the form of a promise for large sums of money. Such emails are actually phishing schemes trying to collect bank account information from the recipient. These scams come in many forms, including the story about the government owing you money in Example #4. You might also see promises of money from foreign royalty, the announcement of a fake lottery win, and even get rich quick schemes. The goal of an email that seems too good to be true is to encourage the recipient to click a link and provide their bank account information - a classic phishing scam.