I almost got caught out by a spam email!

[Brendan Burgess]

I saw an item in an auction catalogue last week and emailed the company for more information.

They sent me the information.

I got another email just now from them headed "Survey d" and the message

"has sent you 4 video request"

with a link "Read your confidential message"

I thought that they may have videoed the item I was interested in and was just about to click on the link... when I thought, why would it be cofidential and realised that it was most likely spam.

Looking back on the poor English, it's blatantly obvious, but I can see how people get caught out. They are in correspondence with someone, and they get an email, and they just click on the link...


Brendan

 

[runner]

Mrs Runner got caught with one of these last week -no damage done as I got it sorted quickly.
I told her there is no such thing as a 'confidentail message' within a message!

 

[Brendan Burgess]

What actually happens if you click on the link?

Should your anti-virus software kick in?

Coincidentally, I just got a message from Avast telling me that they had disinfected a threat in another email.

Brendan

 

[Brendan Burgess]

While I am on the topic, I just got this from Pay Pal. I think it is probably genuine as they have my full name and I am a customer. But why should I take the risk? Presumably anyone could have set up the domain name paypal-survey.com.

I think that the likes of PayPal should avoid contacting people by email like this. It could cause me to lower my guard e.g. if I got a phishing email tomorrow.

Dear Brendan Burgess,
In a continuing effort to provide your business with the best possible payment experience, we randomly contact PayPal business account holders like you to participate in surveys. Your feedback will help us to enhance your PayPal experience.
To complete the survey, simply click on the web address shown below (or copy the address into your browser). The survey should take 10-15 minutes to complete.
By completing this survey, you will be able to enter a sweepstake for a chance to win £1,000.
https://www.paypal-survey.com/survey/selfserve/9dc/papxxxxxxxxcx




We would greatly appreciate your valuable input.
Yours sincerely,

PayPal

 

[jhegarty]

Depends on the purpose of the email.

Most will be :

Dodgy medicine sales (No risk to your computer, just to your health if you purchase)
Virus (Is a risk to your pc, will come as an attachment usually with .zip , .scr , .exe)
Advance Fee Scam (You best friend from Nigeria has just died , no risk to your computer)

 

[SparkRite]

While I am on the topic, I just got this from Pay Pal. I think it is probably genuine as they have my full name and I am a customer. But why should I take the risk? Presumably anyone could have set up the domain name paypal-survey.com.

I think that the likes of PayPal should avoid contacting people by email like this. It could cause me to lower my guard e.g. if I got a phishing email tomorrow.

Dear Brendan Burgess,
In a continuing effort to provide your business with the best possible payment experience, we randomly contact PayPal business account holders like you to participate in surveys. Your feedback will help us to enhance your PayPal experience.
To complete the survey, simply click on the web address shown below (or copy the address into your browser). The survey should take 10-15 minutes to complete.
By completing this survey, you will be able to enter a sweepstake for a chance to win £1,000.
https://www.paypal-survey.com/survey/selfserve/9dc/papxxxxxxxxcx




We would greatly appreciate your valuable input.
Yours sincerely,

PayPal

That one is more than likely legit, as "Paypal-survey.com" is actually owned by Paypal.

http://who.is/whois/paypal-survey.com/

 

[serotoninsid]

I thought I could never be caught out by these types of phishing emails. However, I got one of the paypal type emails last year - and it just -by pure chance - coincided with a time when there was a need for a password reset on my account.

It was first thing in the morning and wasn't at my sharpest - had just input my credit card number when I realised and stopped what I was doing.


Have to be very careful with any of this stuff.

 

[jhegarty]

That one is more than likely legit, as "Paypal-survey.com" is actually owned by Paypal.

http://who.is/whois/paypal-survey.com/

It also has Paypal SSL and Identity cert. So it's probably legit.

 

[Gerry Canning]

It also has Paypal SSL and Identity cert. So it's probably legit.

..............

Rule of thumb;

Treat e-mails that are requesting unsolicitated info as junk e-mails.
If important, they will find another route to contact you.
I would not know what a SSL and identity cert are , but if I can read them a scammer can surely do a passable copy.
I know we have to use E-mails

But ,
In short , eject uninvited guests!

 

[Brendan Burgess]

Depends on the purpose of the email.

Most will be :

Dodgy medicine sales (No risk to your computer, just to your health if you purchase)
Virus (Is a risk to your pc, will come as an attachment usually with .zip , .scr , .exe)
Advance Fee Scam (You best friend from Nigeria has just died , no risk to your computer)

My main worry would be the virus.

Is an attachment the only way to infect me?

In the email I got there was a link "Read your confidential message"

I have no intention of clicking on it, but had I clicked on it, is there no way that that alone would have infected my pc?

 

[monagt]

Is an attachment the only way to infect me?

- No

Click on a link and visit a compromised site and you can be infected.

 

[SparkRite]

.............but had I clicked on it, is there no way that that alone would have infected my pc?

Quite the opposite Brendan, there is a BIG chance that, that alone,ie. clicking on the link, could easily infect your computer.

 

[dub_nerd]

When you click on links you will be depending on your real-time virus scanner to catch any malware. The simple rule of thumb is -- unless you specifically solicited the email, never ever clink on links (and definitely never on attachments).

One thing that bemuses me is that scammers don't seem to be willing to invest in paying someone with competent English to write their phishing mails. I got a raft of "Please update your Paypal account details" mails in the last week, coincidentally just after I'd used Paypal for the first time in a long time. However, they were all 10-year-old schoolchild standard of English. If anyone ever improves on this, it'll be harder to avoid threats.

One thing I do that stops a lot of junk/scam mail is to filter everything with the TLD .ru anywhere in the address, subject or body, straight into my junk mail folder. I've never had cause to exchange a genuine email with Russia, but a lot of the junk comes from there.

 

[Time]

Where people get caught is that links that look legit actually take you to scammer websites.

A link may look like it goes to say paypal.com but when you click you are taken to a phishing site that looks like paypal.

 

[Janet]

A good rule of thumb for emails asking you to change your password is to not use the link provided. Just open the website directly in your normal browser (by typing in the address or using your bookmark) and log-in normally. Then go and find the place in your profile that has the password change facility and do it there. That way you don't have to be wondering whether the email was genuine or not.

 

[monagt]

A good rule of thumb for emails asking you to change your password is to not use the link provided. Just open the website directly in your normal browser (by typing in the address or using your bookmark) and log-in normally. Then go and find the place in your profile that has the password change facility and do it there. That way you don't have to be wondering whether the email was genuine or not

+1

and check your email forwarding settings

 

[jhegarty]

My main worry would be the virus.

Is an attachment the only way to infect me?

In the email I got there was a link "Read your confidential message"

I have no intention of clicking on it, but had I clicked on it, is there no way that that alone would have infected my pc?

You can only cause an issue by downloading an attachment or clicking on a link.

..............

Rule of thumb;

Treat e-mails that are requesting unsolicitated info as junk e-mails.
If important, they will find another route to contact you.
I would not know what a SSL and identity cert are , but if I can read them a scammer can surely do a passable copy.
I know we have to use E-mails

But ,
In short , eject uninvited guests!

SSL and Identity will verify who owns a site. They can't be copied / forged. They can however be stolen , but it would have been big news if it happened to company like Paypal.

 

[monagt]

You can only cause an issue by downloading an attachment or clicking on a link.

Or visiting a comprised valid website or a mal website
Or using a USB drive from someone else with malware
Or a non secure home WiFi network
Or using Public WiFis

Ulster Bank provide Trusteer software ................which validates web sites for its customers which is good.

 

[Brendan Burgess]

Ulster Bank provide Trusteer software ................which validates web sites for its customers which is good.

I looked at this before and was told it would slow everything to a halt?

 

[Setanta12]

I got an email with a .jpeg file - are these okay? Or are all attachments to be avoided if the sender is unknown?