Author Archives: anachostic

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is one of those “almost had it” types.  I have done work for a company called SupportSpace, who had a contact named Monika.  The filename referenced used my online handle to provide legitimacy.  However, I still didn’t bite.  I considered the following:

• I’ve never heard of “SendSpace”.  There are no links to their website in the email and the email is not sent from a sendspace.com domain.  For being the best file sharing service, they don’t know how to promote themselves.
• The capitalization of the company name differs in the email.  This would not happen in a professional communication.
• The capitalization of the sender’s name is odd.
• Checking the link address of the download link points to some random site, not anything related to sendspace.com.

Be even more careful when you see something that may be relevant to you.  When there is only once choice in an email, like “Download” in this example, be suspicious.  Businesses love to promote themselves whenever they contact someone.  The lack of logos, slogans, and promotional links is a red flag.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is working on the premise that you must act before thinking.  Like most spam, the link will redirect you to a page where you are at risk of virus/trojan/worm infections.  This email has the following traits:

• The FROM address is unfamiliar.  It uses the same domain as my email address, which could be effective in a large corporation, where you may not recognize the person, but the you familiarize with the email address.  This is known as “affinity fraud”.
• There is no personal information in the email to indicate that the email was sent directly to me.
• Most people would paste the URL to the bill in the email.  This email has the URL hidden behind a label (“Here is the bill”).  Although it isn’t difficult for the average person to do this, it isn’t likely that if the email was sent in a hurry, the sender would take the time to format the link in that way.
• I’m unsure of what the purpose of the “Secure Checksum” closing line on a lot of these spam messages means, but it’s beginning to be a sign of spam.

Always check the address of links in emails.  If the sender is someone you don’t recognize, slow down.  If you receive a message like this at work, check the company directory to see if it really is someone that works there.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is so full of mistakes, the spammer must be hoping that the recipient doesn’t even read the message and just clicks the link.  How many mistakes are there?

• The FROM email is from UPS, but the email message is from FedEx
• UPS and FedEx are always capitalized in that format.  Anything else is not their trademarked name.
• The link in the email does not go to fedex.com (or ups.com, either).
• Grammar and spelling mistakes.
• A non-professional closing, “With best wishes”.

Overall, the email looks sloppy.  A company would never sent out something that brief and simple.  If the email doesn’t catch your eye, or catches your eye in a “huh?” manner, it needs a second look over before clicking anything in it.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email tries to use terms that sound current.  News reports may be mentioning FDIC more often with the recent banking problems,  but a lot of people may not realize what an ACH transaction is.  The general fear the spam is trying to evoke is that you will not be able to do any bank transfers until you apply a security patch to your computer.

To think this through, why would an update to your computer help anything?  Your computer is not involved in financial transfers.  Those transactions happen between banks.  Even if this were legit – and it isn’t because the FDIC has no part in managing transfers – it would be a patch your bank would need to make to its computers.

Look closely at the language.  When would a company ever use the closing “Faithfully yours”?  That is very inappropriate language for business.  Moreover, the general grammar and terminology is poor.  There is no proper use of the phrase “update your security version”.  Also, the email address is not from the fdic.gov email domain.

Pay close attention to who the email is from.  If it’s a person, it’s probably not an email representing an organization.  Businesses have specific email address that they use to send bulk communication from.

A variant:

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This one should be easy.  It’s pretty unlikely that the recipient really did meet at a café, but the curiosity is there to see exactly what this is all about.  Don’t be fooled.  The link doesn’t download a DOC file.  It directs to a malicious web page.  Notice:

• The FROM name is different than the signature
• The spelling and grammar is terrible for a supposed business communication
• There is no personal greeting

Be careful of emails that sound intriguing or juicy.  The spammers want you to click that link.

A slight variant:

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This spam is actually listed as a news item on www.nacha.org.  There’s not much to go on, but if you mouse over the link, you will see that it doesn’t direct you to any site affiliated with nacha.org.  The only other suspicious thing about this email is the odd wording about “you or any other person”.  That’s not usual business language.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is one of those that gives you a single option and that is the option that will wreak havoc.  Here’s the signs of spam:

• A subject that makes you feel you need to take immediate action.  A traffic ticket that is wrongly issued would scare most people into taking action.
• The FROM address is from AOL.  It is not likely the LA police department is using AOL for email.
• A strange formatting of an official document.  “POLICE AGENCY” is very out of place.
• The time is misformatted (“0:14 AM”).
• Although the date format is DD/MM/YYYY, and that format is used by the military and federal government, it typically is not used in normal communication.  It may make the notice seem more official, though.
• Lack of details such as license plate, your name, anything more than “SPEED OVER 90 ZONE”, which in itself doesn’t make any sense.
• The email is marked as being replied to and forwarded, but the email body has no headers from previous recipients.
• The link address does not go to any website that would even make sense for entering a plea.

Don’t rush to click the first link you see if the message freaks you out. There is plenty of time to evaluate a notice.  Always check link addresses.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is somewhat obvious, but maybe curiosity would cause some to get tricked.  Check the following:

• The email is from the USPS, but the email address is not from usps.gov.
• The email does not give any personal information such as name, location, or recipient.
• The grammar in the message is very poor and there is a misuse of words to make the message sound intelligent (“erroneous” in particular).
• No one sends attachments anymore.  All businesses will link you to their web site to download a file or a report.
• The attachment is not a PDF, it is a zip file.  If you look in the zip file, there is an EXE file, which is clearly not a report.

Even if you did send a package on or near the date mentioned in this email, how did the USPS know your email address?  Don’t let curiosity get the better of you – wondering what the shipping label says, wondering if you can claim a package that isn’t yours.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This message is spoofed as a Facebook notification.  Here’s the signs of spam I see in this message:

• I don’t know the sender.  If you are excited about getting a message from someone you don’t know, you need to learn restraint.  The name is also in all caps, which is suspicious to a small degree.
• The message excerpt is very short and generic, hoping you will click the link for the full message.
• Hovering over any link shows that the address will take you somewhere other than Facebook.  Even the profile image is suspect.  Luckily, Outlook blocked all the images. 
• Notice the notification date.  Now look at the email send date.  The spammer tried to make it seem like the notification had been sent right away, but the spammer is in another time zone, which made for a large gap in the time sent vs. the notification time.

Always check the links in an email before even downloading the images.  If you don’t recognize the name, don’t assume it’s someone trying to be friendly.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

Being a member of Linkedin, this one made me pause.  I don’t recognize the name, so my assumption is that it is a tech recruiter, which I wouldn’t really want to deal with anyway.  Everything looks pretty legit about this message except for the links.  If you mouse over them, they show that they will redirect you to a site that is not LinkedIn.  All three of the links in the message go to the same address.  The address in this particular case had the word “terrorize” in it.  Probably a good indication of the anticipated result.

Always check the address of the links in a message before clicking them.  They should have the company name in them.