PSA on Spam, Infections, Phishing and email scams

As a follow up to yesterday’s post about the breach of the Epsilon email providers (and mentioned on the Stolen Droids Podcast #2) here is some advice about spam, phishing and emails. Emails, instant messengers and social media posts (i.e. Facebook) are a major form of internet communication. While we will be concentrating on emails in this post, it can be applied to instant messages and social media posts.

When someone attempts to gather your information by tricking you into responding to an email or clicking on a bogus link in an email, it is called Phishing. Any company worth their salt will not ask you for information over email (or IM). On our last podcast, Zuke gave some really good advice about suspicious emails with links. If you think the email is bogus, use a google search to find the official website of the company and use that to correspond with them.

Another plague for emails, IMs and social media posts are links to websites that try to infect your computer. The basic form of these will be an email only containing a hyperlink. This should send up red flags from here to the Delta Quadrant. A step up from these may contain a short message asking if these images/video are of you? Or did you see the latest on (insert latest name here) celebrity. These can also be sent by IM or posted on a Facebook wall. A plaque that has been hitting Facebook is the “see who’s reading your profile” or “You’ve been tagged in a photo” link that could also be sent via email. Most of the time you can hover over the link and look in the lower left hand corner of your browser to see where the link is really going. Any link not ending with the generic top-level domains (common enders at the end of the website address like .com, .net, .org, .edu, etc. The best rule is, if it smells fishy, don’t click on it.

Another thing that has been bugging me lately with some of these spam and virus emails is how easily people give up their email addresses to these scumbags. Let me give you a big hint that could help cut back on that. Anytime you get an email from someone that says “forward this to everyone you know” DON’T DO IT!!!!! People just get in the habit of forwarding the same email without cleaning off all of the email addresses that you added to the email itself. It doesn’t matter if it’s a virus alert, search for a missing child, “facts” about a political issue, petition for a change or a candle to remember those affected by the XYZ disaster (most are bogus anyway) once you forward that email with all of your friend’s email addresses on it, you no longer control where that information is sent. I’ve been trying to tell my grandmother for years that these emails are bogus and only give spammers a chance to harvest her email lists. Yet on a daily basis I still get these junk mails from her (and others) that I have to delete.

So what do you do when you get a note from friends that your email, IM or Facebook account has been sending out virus/junk messages? First thing you would want to do is scan your computer for spyware, malware and viruses. There are several scanners out there, but I’ve used a few different ones. AVG has a free edition of their virus scanner. Spybot S&D and SuperAntiSpyware are two good anti-spyware programs. Malwarebytes will also help scan your system for malware on your system. These programs are also free as well for home users. Once this is done, change your passwords to your emails, IMs and social media. If your account has sent out anything, follow up with them to let them know not to click on the links and delete the emails.

The best part about the internet is sharing our knowledge. What tips do you have to combat viruses, infections, scams and spam? What programs have you found useful in removing infected systems?

Comments

  1. says

    A good example is the spam I just got today:

    < <<<<>>>>>>>>>>

    This is a reminder to log in to your Western Union account as soon as possible. We recently received a report of your account and we need you to confirm your information. Be sure to log in securely by going to: http://www.wureglogin.com/westernunion/

    Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety. __________________________

    (c) 2011 Western Union

    HSZJSSTHFMZCGMEXDFQVKOZDLDYDOPDJBNPTXQ
    < <<<>>>>>

    It doesn’t address me by name (because I don’t have an account). It doesn’t say what the report is about. It’s not directing me to Western Union, it’s directing me to wurelogin. It lacks any official logo, letterhead, whatever.

  2. Dr Squishy says

    Good advice. This is a post I’m certainly going to pass on to me mother in law. Let’s just say she’s had more problems with spam than the entire state of Hawaii.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>