SPAM
The term "SPAM" is used to refer to e-mails that are
junk — sometimes just pointless and annoying, sometimes
malicious. Often SPAM is a vehicle for a "Phishing" attack,
i.e. an attempt to get you to give away information or to trick
you into clicking on something for the purposes of installing
malware or carrying out a cross-site scripting attack.
Often SPAM is pretty easy to pick out. Suffice it to say that
any e-mail that asks for money, asks for passwords or account
numbers, or tries to entice you into clicking on links should be
treated with suspicion!
The laziest spammer ever
mouse-over to enlarge
"This is quite possibly the worst spam I've ever received.
There's really no trickery at all ... the attacker just
brazenly asks for the username and password with a lame
attempt to tie it to my e-mail account. What really takes the
cake, though, is that they didn't bother to hide their e-mail
address (jlnorris@tie.cl) which, quite clearly,
is not from USNA. This attacker ought to be ashamed of
themselves." — Dr. Brown
A better effort: playing on my fear of being overcharged
click to view
"This is an interesting spam/phish because the e-mail
(which is HTML encoded)
looks
legitimate, and plays on my fear of being overcharged.
First of all, I never ordered an e-book version (or any other
version!) of "The Hunger Games" ... honestly! But if I wanted
to, I'm pretty sure $89.99 would be way too much. (Maybe it
was a first edition? ;-)
So anyone looking at this is clearly going to want to contact
amazon and say "it wasn't me!".
What you really need to look at with this one, however, is
where the links are sending you. Hover over (but don't
click!) the links in the e-mail and take a look at the crazy
domain names you'd get sent to. If an e-mail notifies you
of a problem with an account. Don't access the account by
following links in the e-mail. Either call or type in the
URL you usually use.
Certainly don't follow crazy links like these!
" — Dr. Brown
More obvious spam
mouse-over to enlarge
"
Here is a pretty typical spam.
First of all, I don't have an e-mail account
at ntc.edu ... in fact, I've never heard of it.
Also, although you can't tell this from the image, if you
hover over the CLICKHERE link (which, by the way is badly
formatting and trying way too hard to get me to click), you
see that the link is trying to take me to
https://docs.google.com/spreadsheet/viewform?formkey=dElRSW96VlJ1d0pQeFNGRDhmUTl0ZXc6MQ
instead taking me to some ntc.edu page connected with the
ntc.edu mail server.
" — Dr. Brown
Old School Phishing
mouse-over to enlarge
"
This is an example of old school phishing.
15 years ago it was someone with access to an account setup by
some deposed Nigerian leader. Now, apparently, it's the wife
of the former Libyan leader Moammar Gaddafi. Either way, I
don't think anyone really want my help in moving money
... except out of my wallet and into theirs!
" — Dr. Brown