Spam and Phishing
Recognizing Phishing Spam & Fraud
This article is intended to help you to recognize fraudulent email by examining the destination address of hyperlinks.
What is Spam?
Spam is unsolicited junk e-mail send to large numbers of people to promote products or services.
Why is Spam a problem?
It is a serious problem for the future of the Internet, because it has resulted in the making e-mail an unreliable service. For many years e-mail has been an effective and reliable way to communicate, but spam is changing that. Some people have abandoned the Internet because of this problem.
What is the solution?
Some suggest that spam is not a problem, because all you need to do is press the Delete button. Every day, I get about 400 Spam messages and the time it takes to recognize and delete all of these messages is excessive. The solution is to use junk e-mail filtering software that will automatically identify spam. This junk e-mail filtering software comes in many forms and I will not discuss all of the options here. Unfortunately, the software is not perfect and some spam gets through the filter and you must use the Recognize&Delete method. The reality is that you must be able to recognize spam.
How do you recognize spam?
In most cases, it is easy to recognize spam. When the subject line say Buy Viagra, Special Mortgage Rates, or Discount Drugs, it is easy to understand the intent of the message. Many other messages are devious. I received a message with "Your Tracking Number" in the subject line but the message was an advertisement for Viagra. I could only determine this by opening the message, because the subject line implied something else. If you have made an online purchase, you are very likely to open a message that has "Your Tracking Number" as the subject line. This is devious and it takes a little longer to recognize this spam, but normally there is no problem determining the intent of the message once it is opened.
Why all of the spelling mistakes?
If your e-mail filter is looking for words like Buy Viagra, Special Mortgage Rates, or Discount Drugs, messages with the words By \/iagra, Speecial Moorgage Raites, and Disscount Druugs, get through the filter.
Why does the message include paragraphs of unrelated words?
Many e-mail filters identify spam by the percentage of spam words like buy, discount, special, etc. By including many other words, the percentage of spam words decreases and the message might get through the e-mail filter.
Good spam, Bad spam!
Although most people consider spam to be bad, many are interested in some products and appreciate getting information from some companies. I consider e-mail of interest to be Good spam. All other spam is bad, but there are different degrees of badness.
The worst spam is the kind that is fraudulent with criminal intent. The most famous of these is a category that it now referred to as the Nigerian scam. You receive a message from a wealthy foreigner (originally Nigerian) who needs help moving millions of dollars out of his country. In return for your help, you are promised a large amount of money, but need to provide fees to get this money. There are similar scams where you are told that you have won a lottery, but you need to send fees before the money can be paid to you.
How do your recognize these? Common sense helps. Experience in life. Skepticism about anything that is too good to be true. Whatever... This sort of thing is not unique to spam. These sorts of scams exist with the telephone and snail mail. You must be able to recognize this kind of scam.
Criminally Fraudulent Spam
Finally, we have come to a category where I can show you a technique to identify fraudulent spam. I have received a number of messages from financial institutions that ask me to update my information. For many of these messages, I have no relationship with the financial institution, so they are easily identified as criminally fraudulent spam. In some cases, I do have a relationship with the company and the message may look legitimate. The message includes official company logos, links and messages from the actual company. This type of fraud is commonly referred to as phishing when the criminal is trying to steal personal information.
How can you determine if this is legitimate or not? In all cases the message has a hyperlink to click where presumably you will be asked for your password and other personal information. The rule is to never use hyperlinks from an e-mail, but rather, go to the web site directly by typing the address yourself. If you want to determine if the message is fraudulent, hover the mouse pointer over the hyperlink to get the yellow box tool tip to pop-up and show you the address of where the hyperlink will take you. The example below shows a criminally fraudulent spam message that appears to come from eBay and includes an eBay logo, copyright notice and a TRUSTe logo, but the address of the 'click here' hyperlink is not eBay, but rather a numeric IP address which, no doubt, belongs to a criminal. Other hyperlinks in the same message do take you to eBay, but this is not enough evidence to assume that the message is legitimate.
The hyperlink address below shows that the link does not take you to eBay, but rather a criminal web site.
Fraudulent message congratulating me for winning US$500,000.00
Fraudulent message from apparent financial institution.