Feb 8, 2009

FAKE EMAILS

Key facts about fake email messages
1. A sensible business will *never* ask you to reply to an email with your date of birth, credit card data, password, or other personal data. Never reply to one that does. If an email provides a link to a Web site to supply the information, don't use it. Open your browser and go there by your usual route.
2. Almost anything in the headers of an email message can be "spoofed", including the "From" and "Reply To" addresses. A bogus message may appear to come from a legitimate business, or from someone you know. Be a little paranoid about any message you wouldn't have expected to see.
3. You will never get email warnings about viruses and worms unless you have subscribed to an alert service or a newsletter. Bogus warnings often direct you to do something that damages your computer. Other's have attachments that are supposed to protect you against the threat, but install Trojan-horses instead.
4. Many bogus email messages are disguised as solutions to problems that are plausible or in the news -- charge account problems, investigations, loss of benefits, identity theft, anthrax, computer viruses, etc. They usually call for urgent action. Of course, they don't have your best interest in mind.

Master counterfeiters
Criminals have adopted the tricks of spammers and worm writers. In some cases joined with spammers directly. It's easy to send out millions of fake email messages using that technology. They try to make the messages look just like one you'd expect.
The "From" address is invariably "spoofed". That's trivially easy to do. You can probably do it yourself. The messages are sometimes very skillfully written. Stealing the graphics and images from a real webpage, say Homeland Security, and composing a message in HTML format can produce an even more convincing counterfeit. It looks just like what you'd expect.
It's very hard to tell some fake email messages from a real ones. But your instincts, along with safe email practices can help.
Email defense
1. Configure your email client correctly.
2. Know what to watch out for. Especially phish hooks.
3. Never click a link in a spam message -- even to "opt-out" of future email.
4. Handle your email safely.
5. Install anti-virus and anti-malware software.

No comments:

Post a Comment