# I almost got caught out by a spam email!



## Brendan Burgess (1 Jul 2014)

I saw an item in an auction catalogue last week and emailed the company for more information.

They sent me the information. 

 I got another email just now from them headed "Survey d" and the message 

"has sent    you 4 video request" 

with a link "Read your confidential message"

I thought that they may have videoed the item I was interested in and was just about to click on the link... when I thought, why would it be cofidential and  realised that it was most likely spam. 

Looking back on the poor English, it's blatantly obvious, but I can see how people get caught out. They are in correspondence with someone, and they get an email, and they just click on the link...


Brendan


----------



## runner (1 Jul 2014)

Mrs Runner got caught with one of these last week -no damage done as I got it sorted quickly. 
I told her there is no such thing as a 'confidentail message' within a message!


----------



## Brendan Burgess (1 Jul 2014)

What actually happens if you click on the link? 

Should your anti-virus software kick in? 

Coincidentally, I just got a message from Avast telling me that they had disinfected a threat in another email. 

Brendan


----------



## Brendan Burgess (1 Jul 2014)

While I am on the topic, I just got this from Pay Pal. I think it is probably genuine as they have my full name and I am a customer. But why should I take the risk?   Presumably anyone could have set up the domain name paypal-survey.com. 

I think that the likes of PayPal should avoid contacting people by email like this.  It could cause me to lower my guard e.g. if I got a phishing email tomorrow.

                                                                                                Dear Brendan Burgess,                                                                 
                                                                  In a continuing effort to provide your business with the best  possible payment experience, we randomly contact PayPal business account  holders like you to participate in surveys. Your feedback will help us  to enhance your PayPal experience. 
  To complete the survey, simply click on the web address shown below  (or copy the address into your browser). The survey should take 10-15  minutes to complete.
  By completing this survey, you will be able to enter a sweepstake for a chance to win £1,000.
https://www.paypal-survey.com/survey/selfserve/9dc/papxxxxxxxxcx




  We would greatly appreciate your valuable input.
                                                                                           Yours sincerely,

 PayPal


----------



## jhegarty (1 Jul 2014)

Depends on the purpose of the email.

Most will be :

Dodgy medicine sales (No risk to your computer, just to your health if you purchase)
Virus (Is a risk to your pc, will come as an attachment usually with .zip , .scr , .exe)
Advance Fee Scam (You best friend from Nigeria has just died , no risk to your computer)


----------



## SparkRite (1 Jul 2014)

Brendan Burgess said:


> While I am on the topic, I just got this from Pay Pal. I think it is probably genuine as they have my full name and I am a customer. But why should I take the risk?   Presumably anyone could have set up the domain name paypal-survey.com.
> 
> I think that the likes of PayPal should avoid contacting people by email like this.  It could cause me to lower my guard e.g. if I got a phishing email tomorrow.
> 
> ...




That one is more than likely legit, as "Paypal-survey.com" is actually owned by Paypal.

http://who.is/whois/paypal-survey.com/


----------



## serotoninsid (1 Jul 2014)

I thought I could never be caught out by these types of phishing emails.  However, I got one of the paypal type emails last year - and it just -by pure chance - coincided with a time when there was a need for a password reset on my account.

It was first thing in the morning and wasn't at my sharpest - had just input my credit card number when I realised and stopped what I was doing.


Have to be very careful with any of this stuff.


----------



## jhegarty (1 Jul 2014)

SparkRite said:


> That one is more than likely legit, as "Paypal-survey.com" is actually owned by Paypal.
> 
> http://who.is/whois/paypal-survey.com/



It also has Paypal SSL and Identity cert. So it's probably legit.


----------



## Gerry Canning (1 Jul 2014)

jhegarty said:


> It also has Paypal SSL and Identity cert. So it's probably legit.


 ..............

Rule of thumb; 

Treat e-mails that are requesting unsolicitated info as junk e-mails.
If important, they will find another route to contact you.
I would not know what a SSL and identity cert are , but if I can read them a scammer can surely do a passable copy.
I know we have to use E-mails 

But ,
In short , eject uninvited guests!


----------



## Brendan Burgess (1 Jul 2014)

jhegarty said:


> Depends on the purpose of the email.
> 
> Most will be :
> 
> ...



My main worry would be the virus. 

Is an attachment the only way to infect me?  

In the email I got there was a link "Read your confidential message"

I have no intention of clicking on it, but had I clicked on it, is there no way that that alone would have infected my pc?


----------



## monagt (1 Jul 2014)

> Is an attachment the only way to infect me?


 - No

Click on a link and visit a compromised site and you can be infected.


----------



## SparkRite (1 Jul 2014)

Brendan Burgess said:


> .............but had I clicked on it, is there no way that that alone would have infected my pc?




Quite the opposite Brendan, there is a BIG chance that, that alone,ie. clicking on the link, could easily infect your computer.


----------



## dub_nerd (1 Jul 2014)

When you click on links you will be depending on your real-time virus scanner to catch any malware. The simple rule of thumb is -- unless you specifically solicited the email, never ever clink on links (and definitely never on attachments).

One thing that bemuses me is that scammers don't seem to be willing to invest in paying someone with competent English to write their phishing mails. I got a raft of "Please update your Paypal account details" mails in the last week, coincidentally just after I'd used Paypal for the first time in a long time. However, they were all 10-year-old schoolchild standard of English. If anyone ever improves on this, it'll be harder to avoid threats.

One thing I do that stops a lot of junk/scam mail is to filter everything with the TLD .ru anywhere in the address, subject or body, straight into my junk mail folder. I've never had cause to exchange a genuine email with Russia, but a lot of the junk comes from there.


----------



## Time (1 Jul 2014)

Where people get caught is that links that look legit actually take you to scammer websites.

A link may look like it goes to say paypal.com but when you click you are taken to a phishing site that looks like paypal.


----------



## Janet (1 Jul 2014)

A good rule of thumb for emails asking you to change your password is to not use the link provided. Just open the website directly in your normal browser (by typing in the address or using your bookmark) and log-in normally. Then go and find the place in your profile that has the password change facility and do it there.  That way you don't have to be wondering whether the email was genuine or not.


----------



## monagt (1 Jul 2014)

> A good rule of thumb for emails asking you to change your password is to not use the link provided. Just open the website directly in your normal browser (by typing in the address or using your bookmark) and log-in normally. Then go and find the place in your profile that has the password change facility and do it there. That way you don't have to be wondering whether the email was genuine or not


+1

and check your email forwarding settings


----------



## jhegarty (1 Jul 2014)

Brendan Burgess said:


> My main worry would be the virus.
> 
> Is an attachment the only way to infect me?
> 
> ...



You can only cause an issue by downloading an attachment or clicking on a link.



Gerry Canning said:


> ..............
> 
> Rule of thumb;
> 
> ...



SSL and Identity will verify who owns a site.  They can't be copied / forged.  They can however be stolen , but it would have been big news if it happened to company like Paypal.


----------



## monagt (1 Jul 2014)

> You can only cause an issue by downloading an attachment or clicking on a link.


Or visiting a comprised valid website or a mal website
Or using a USB drive from someone else with malware
Or a non secure home WiFi network
Or using Public WiFis

Ulster Bank provide Trusteer software ................which validates web sites for its customers which is good.


----------



## Brendan Burgess (1 Jul 2014)

monagt said:


> Ulster Bank provide Trusteer software ................which validates web sites for its customers which is good.



I looked at this before and was told it would slow everything to a halt?


----------



## Setanta12 (1 Jul 2014)

I got an email with a .jpeg file - are these okay? Or are all attachments to be avoided if the sender is unknown?


----------



## Brendan Burgess (1 Jul 2014)

Hi Kildavin

When people I know send me "humorous" attachments, I find it simplest to just ignore them. They are rarely funny, and could be damaging. I don't want to remember  a set of rules about which are safe and which are not, so I just delete the emails.


----------



## Leo (2 Jul 2014)

Kildavin said:


> I got an email with a .jpeg file - are these okay? Or are all attachments to be avoided if the sender is unknown?



Definitely avoid if the sender is unknown. If the sender is known, it's a good idea to confirm with them if they sent you something unsolicited.

Image tags within html are a often used means of enabling malicious code to be executed on your machine.


----------



## monagt (2 Jul 2014)

> I looked at this before and was told it would slow everything to a halt?



Not my impression and I run it on a Laptop which is running multiple browsers and virtual machines.

http://www.marketwatch.com/story/sneaky-malware-lurks-on-your-computer-until-you-log-into-your-bank-2014-07-02?dist=afterbell


----------

