The term "SPAM" is used to refer to e-mails that are junk — sometimes just pointless and annoying, sometimes malicious. Often SPAM is a vehicle for a "Phishing" attack, i.e. an attempt to get you to give away information or to trick you into clicking on something for the purposes of installing malware or carrying out a cross-site scripting attack. Often SPAM is pretty easy to pick out. Suffice it to say that any e-mail that asks for money, asks for passwords or account numbers, or tries to entice you into clicking on links should be treated with suspicion!

The laziest spammer ever

mouse-over to enlarge
"This is quite possibly the worst spam I've ever received. There's really no trickery at all ... the attacker just brazenly asks for the username and password with a lame attempt to tie it to my e-mail account. What really takes the cake, though, is that they didn't bother to hide their e-mail address ( which, quite clearly, is not from USNA. This attacker ought to be ashamed of themselves." — Dr. Brown


A better effort: playing on my fear of being overcharged

click to view
"This is an interesting spam/phish because the e-mail (which is HTML encoded) looks legitimate, and plays on my fear of being overcharged. First of all, I never ordered an e-book version (or any other version!) of "The Hunger Games" ... honestly! But if I wanted to, I'm pretty sure $89.99 would be way too much. (Maybe it was a first edition? ;-) So anyone looking at this is clearly going to want to contact amazon and say "it wasn't me!".

What you really need to look at with this one, however, is where the links are sending you. Hover over (but don't click!) the links in the e-mail and take a look at the crazy domain names you'd get sent to. If an e-mail notifies you of a problem with an account. Don't access the account by following links in the e-mail. Either call or type in the URL you usually use. Certainly don't follow crazy links like these! " — Dr. Brown


More obvious spam

mouse-over to enlarge
" Here is a pretty typical spam. First of all, I don't have an e-mail account at ... in fact, I've never heard of it. Also, although you can't tell this from the image, if you hover over the CLICKHERE link (which, by the way is badly formatting and trying way too hard to get me to click), you see that the link is trying to take me to instead taking me to some page connected with the mail server. " — Dr. Brown

Old School Phishing

mouse-over to enlarge
" This is an example of old school phishing. 15 years ago it was someone with access to an account setup by some deposed Nigerian leader. Now, apparently, it's the wife of the former Libyan leader Moammar Gaddafi. Either way, I don't think anyone really want my help in moving money ... except out of my wallet and into theirs! " — Dr. Brown