I'll start off here with a disclaimer: not every chain/mass email is a malware spreading missive of misinformation, or yet another piece of scammer spam. Some truly are amusing, inspirational, or even informative. I've received things that have made me laugh out loud, moved me to tears, or been worthy of sending on in turn to other potentially interested parties. But like just about everything else on the intarwebs, the noise to signal ratio is high, and gems among the junk are far and few between.
A few months ago, I received yet another chain email from a friend who seems to do little with her inbox other than forward the daily contents to everyone in her address book. We've all got one: that friend or relative who happily shares every junk item they receive, apparently with the belief that someone, somewhere, will find it of some value, or perhaps with the fear that they really will get run over by a transit bus if they don't forward Oprah's Secrets For Success to at least seven people. Filtering my nearest and dearest straight into the spam folder isn't a viable option, and requests to be excluded from future mass mailings seem to be the one type of email that never gets through, so I usually just hit [delete] and move on.
However, this email was not only utter garbage, it was utterly outdated garbage. If you're going to send me crap, at least make an effort to send current crap. This time, I was compelled to compose and send a thorough reply.
Either $Friend ignored my reply or never saw it (I'd bet the latter; it probably got buried in a pile of Acai Berries), because the very next morning I received several more spam servings from her. With a little luck, she at least stayed true to form and forwarded my email to everyone in her address book. In case she didn't, and for the benefit of the few people left on the planet who aren't in her address book, I am posting an "open letter" version of my reply here. Hopefully it will resonate with many...and actually sink in with a few.
Dear Friend,
You know I love you dearly, but you need to not be forwarding this kind of stuff. I'm not even sure you DID forward it on purpose; this sort of spam often is spewed out by an infected computer behind the scenes without the owner even knowing it is happening. Hubby got the same email from you, and when he opened it, it suddenly copied itself all over his inbox - viral red flag behavior for sure. Girl, we want to see you SAFE, online and off. We can't do much about the latter, but we do the former for a living as best we can, for anyone and everyone (un)lucky enough to get on our radar. So, here goes:
1) "THIS TOOK TWO PAGES OF THE TUESDAY USA TODAY - IT IS FOR REAL"
No, it's not. It never was, never has been, and never will be. Honestly, just about every time I see something that blares out in all capital letters "IT IS FOR REAL", that's a dead giveaway it's NOT. And the more "!!!!" that follows said blaring, the more fake it generally is. That it was supposedly real in USA TODAY is the final capper. C'mon - when was the last time anything in USA TODAY was for real?? ;-P
2) "SORRY EVERYBODY.. JUST HAD TO TAKE THE CHANCE!!! I'm an attorney"
All tacky lawyer jokes aside, no self respecting attorney would be forwarding junk chain-email. Unless they're A) really bored and doing it for a joke or, B) their infected computer is doing it for them behind their back. Oh, and notice it's ALL CAPITAL LETTERS and has 3 "!!!" after it. DING DING DING - THAT'S A FAIL!!!
3) "Bill Gates sharing his fortune."
No, he's not. Bill Gates won't even share his fortune with his own kids, from what I hear. Oh, and FYI, Big Bill retired from Microsoft over a year ago - that IS a fact.
4) "It's all marketing expense to him."
No, but somewhere along the line it's probably "marketing" *income* to the yellow bellied pondscum sucking mouthbreathing spammer(s) who *start* these kinds of things, and who obfuscate themselves so that they're nearly impossible to trace. You are not "bound to get at least $10, 000.00". All you are bound to get, eventually, is bounce back notices from friends whose email inboxes have filled to capacity from viral emails like these. Or whose computers have crashed all together.
5) "Please forward this to as many people as possible." <-- **DANGER WILL ROBINSON, DANGER** If there's one written phrase in the English language that'll make me immediately smack the delete button, it's that. Well, that and hearing from some Nigerian banker that an Uncle I never knew I had just got killed in a plane crash and left me $5,000,000. All I have to do to claim it is send Mr. Noobiscam my bank account information and contact his lawyer perrymason@hotmail.com. Um, yeah. I'll get right on that. IMPORTANT (yeah, I know, all caps. So contact the "attorney" who sent this and sue me. ;-)): just how many email addresses are now attached to this sucker anyhow...? To: (MASSIVE EMAIL LIST WITH MULTIPLE FORWARDS - note: in my original note, I copied in roughly a half a page of email addresses, and that was less than half the email addresses in the multiple forwards)
That isn't even all of them, I was just making a point. Guess what? At best, that's how many more times this junk mail has circulated, and how many more people have to pick through it. At worst, that's how many computers are now infected if you've unwittingly forwarded a chain email that contains a link to a "driveby download" website, or worse, an embedded malicious payload. And no, badware doesn't have to come in an attachment anymore. It can be stuck right into the body of an email, if that email contains code or scripts that will run when the message opened.
Girlfriend, if I didn't care, I wouldn't have taken the time to write such a lengthy reply. Please, update the antivirus on your computer and do a scan NOW. And please, please, please, do not forward these sort of emails, and don't answer them. It's entirely possible the person you got it from didn't even send it on purpose. If they did, there *is* one email you can forward on to them - this one.
Give yourself, your husband, and the kids hugs from me and hubby, and if *they're* forwarding junk chain emails, whack them with a keyboard for me. 'kay?
Your sis,
-Peg
So, in closing, if you must forward, forward with some forethought, and not just for the sake of forwarding (and I promise, if you DO get run over by a transit bus, it won't have anything to do with bad email juju...unless you've been forwarding mass quantities of spam to a distribution list of bus drivers). If you take the time to weed out the junk and share only the gems, they're far likelier to actually be read, and even appreciated, by the recipient(s). Don't spread the spam. Think about it: do you stuff all the credit card offers, pizza coupons, and real estate flyers you get in your mailbox into an envelope and mail the whole mess off to your best friend, or your mom?
Oh, and if you get an unexpected email exhorting you to "CLICK HERE" in large red letters - like I just did - just don't.
Don't forward it, either. ;-)
Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts
Tuesday, January 5, 2010
Wednesday, November 18, 2009
A Phew Phishing Phacts
Hopefully by now, everyone who's had an email account for any length of time has not only heard the term "phishing", but actually knows what it is. Almost certainly anyone who's had an email account for any length of time has gotten at least a few phishing emails (for varying values of "a few").
CNET recently posted sort of "phishing primer" article that's worth the read. In a nutshell, phishing is, in its most common form, that scary/shrieking/somber missive in your inbox that proclaims to be from ->insert official organization and logo here<- and tells you to click the embedded link and log in to verify your information now or risk having your PayPal/eBay/CheckFree/Amazon/whatever account shut down.
Alternatively you may be facing an audit (or a refund!) from the IRS, or your bank has just been declared "failed" (I got one of these the other day, which made me smile - I've already given my bank a "FAIL" many times over the years, so I hardly need an email notice about it); the list goes on and on. One of my personal recent favorites is the one proclaiming to be from the email provider itself, warning that the "servers" are due to be "upgraded", so all user account information needs to be verified beforehand. Yeeeeah...so I guess they're not planning on backing up all that "account info" themselves prior to the "upgrade", and in fact have never stored or backed it up at all. C'mon, folks, if your email provider has to email you to provide them with your basic email account information via an email reply...think about it. Have some aspirin handy.
There's a few more phishing facts worth elaborating on:
The warnings to be wary of .exe file attachments are all well and good. Problem is, malicious code can be embedded in .doc files, .xls files, .ppt files, .zip files, .gif files, .pdf files - bascially any kind of file that can have executable code embedded in it. So be wary of any attached file you aren't specifically expecting. And do yourself a favor - turn off the preview pane in your email client. Now. The days when you had to explicitly open an attachment for it to deliver its payload are long gone; just opening the email it's attached to can be enough. The content of the email itself can be enough, if it's got Evile Dancing Bunnies in it and you have your email client set to render .html when you open a message. Guess what the preview pane for your inbox does?
If you feel irresistibly compelled to call a phone number contained in a suspicious email, do not call from your cell phone. Call from a land line you don't care about, or borrow a cell phone from someone you don't like. The scammers will happily settle for a working phone number they can sell off to telemarketers or use for SMS spam if they can't get the goods via email.
If you've clicked on an embedded link and been directed to a website, it's too late to worry about being fooled. Chances are good you already have. Shut down your web browser, kick off a complete virus scan, and go play outside while it runs. If you don't have a working and updated antivirus installed on your computer, slap yourself sharply across the face and then go shopping for one. When you get back, start looking for those restore CDs that came with your computer. You might need them.
Finally, as always, never EVER respond to any sort of spam, even to give the spammer what-for and demand they blot your email address forever from their consciousness. All you're doing is confirming for them that A) your email account is in fact active, and B) you opened their email. Jackpot for them, but no cookies for you. Well, except the ones they may have scattered all over your hard drive while they sold your verified email address to fellow spammers for the highest bid.
Time for me to wrap up a post that's turned waaaay longer than I intended...I need to go check my email. :)
CNET recently posted sort of "phishing primer" article that's worth the read. In a nutshell, phishing is, in its most common form, that scary/shrieking/somber missive in your inbox that proclaims to be from ->insert official organization and logo here<- and tells you to click the embedded link and log in to verify your information now or risk having your PayPal/eBay/CheckFree/Amazon/whatever account shut down.
Alternatively you may be facing an audit (or a refund!) from the IRS, or your bank has just been declared "failed" (I got one of these the other day, which made me smile - I've already given my bank a "FAIL" many times over the years, so I hardly need an email notice about it); the list goes on and on. One of my personal recent favorites is the one proclaiming to be from the email provider itself, warning that the "servers" are due to be "upgraded", so all user account information needs to be verified beforehand. Yeeeeah...so I guess they're not planning on backing up all that "account info" themselves prior to the "upgrade", and in fact have never stored or backed it up at all. C'mon, folks, if your email provider has to email you to provide them with your basic email account information via an email reply...think about it. Have some aspirin handy.
There's a few more phishing facts worth elaborating on:
The warnings to be wary of .exe file attachments are all well and good. Problem is, malicious code can be embedded in .doc files, .xls files, .ppt files, .zip files, .gif files, .pdf files - bascially any kind of file that can have executable code embedded in it. So be wary of any attached file you aren't specifically expecting. And do yourself a favor - turn off the preview pane in your email client. Now. The days when you had to explicitly open an attachment for it to deliver its payload are long gone; just opening the email it's attached to can be enough. The content of the email itself can be enough, if it's got Evile Dancing Bunnies in it and you have your email client set to render .html when you open a message. Guess what the preview pane for your inbox does?
If you feel irresistibly compelled to call a phone number contained in a suspicious email, do not call from your cell phone. Call from a land line you don't care about, or borrow a cell phone from someone you don't like. The scammers will happily settle for a working phone number they can sell off to telemarketers or use for SMS spam if they can't get the goods via email.
If you've clicked on an embedded link and been directed to a website, it's too late to worry about being fooled. Chances are good you already have. Shut down your web browser, kick off a complete virus scan, and go play outside while it runs. If you don't have a working and updated antivirus installed on your computer, slap yourself sharply across the face and then go shopping for one. When you get back, start looking for those restore CDs that came with your computer. You might need them.
Finally, as always, never EVER respond to any sort of spam, even to give the spammer what-for and demand they blot your email address forever from their consciousness. All you're doing is confirming for them that A) your email account is in fact active, and B) you opened their email. Jackpot for them, but no cookies for you. Well, except the ones they may have scattered all over your hard drive while they sold your verified email address to fellow spammers for the highest bid.
Time for me to wrap up a post that's turned waaaay longer than I intended...I need to go check my email. :)
Subscribe to:
Posts (Atom)
Posts
