Don’t Be Spoofed!

Frustrated-Computer-User

This is the high season for e-mail spoofing where cyber criminals pretend to be your bank, retailer or other business attempting to get your private information, steal your identity or install a virus on your computer. These spoof e-mails range from crude attempts to very convincing. Good spoofs can fool the casual, or even the spoof aware user. Especially vulnerable, are the older folks that don’t use computers too much and may be too trustful on the www. Let’s take a look at a few spoof examples and give you some tips to protect yourself and pass on to your those you think may be unaware.

E-mail Spoofing Examples

(from crude to pretty damn good)

 

Here is a bad spoofing job that I would hope no one would fall for.

cvs

Notice the logo is obviously cut and pasted from a website and the crudeness of the formatting. Those two things should immediately set off alarm bells. You should always look at the “From” line. Notice in this case they didn’t even take the time to spoof the cvs.com domain. Dead giveaway and time to hit the spam and delete buttons.

 

Here is another in the same category.

fedex

It shouldn’t fool anyone given the addresses in the “From” and “Return-path” lines do not look like FedEx business addresses.

 

The next is a SouthWest Airlines spoof that some more time was spent on (but not much).

southwest

At least they put “southwest” in the domain name on the “From” line. They also included a better looking logo but the addresses in the “From” and “Return-path” are certainly suspect and don’t look like something Southwest would use. Also notice that in the URL line that want me to click, my name is not formatted correctly. I think Southwest marketing has my information and would format it a bit better. One way to really make sure is to hover over the URL they want you to click (but please don’t click on it). When you hover over this one, at the bottom left of my email client it shows me that if I clicked on this URL it would go to http://www.poweredsouthwest.com/judca/dictatorialness/surprized/trailbalzers/citator.php

Definitely not legit. [I left out a part of it just so no one reading this would copy and paste it into a browser. Not sure why someone would do that but…]

 

 

The previous two examples were simplistic and hopefully no one would be fooled but they get better. Here is one I got that looked like it came from American Express and I just about clicked on it.

amex 1

I was in a hurry and didn’t look at the Return-path and was just about to click to get my “safe key” when I noticed a weird path when I hovered over the “here” URL. This one just about got me.

 

 

Another from American Express (seem to get a lot of these).

amex 2

The “From” line looks good and the “Return-path” line looks confusing enough that someone may click what looks like a proper URL. There are three giveaways on this one. First hovering over the https://www.americanexpress.com/ URL exposes that it would actually go to http://www.estibasideko.com/disney/grubbed.html. Second, I got this same email three times within minutes of each other with the name in the upper right changed. And third, I know from past experience that American Express does not send e-mails to me when they see irregular activity, they phone me. That being said, someone not used to the online world (our older generation for example) might be tricked.

 

Another dead giveaway but also one that can be potentially deadly to your computer is when the email comes with an attachment like the following.

amazon

Notice the attachment is “.zip” file. Beyond the fact that the return-path is wrong, any email sent to you with a “.zip” file attached that you were not expecting can inject malware into your computer when clicked. Delete it immediately. This goes for attachments that end in “.exe” or “.php” etc.

 

I could show many more examples as I seem to now be getting them everyday but you get the point. Any major company you do business with is being spoofed and the cyber criminals are getting good at it. I get them claiming to be Facebook, Paypal, Walgreens, Wells Fargo, Citibank, ADT, Intuit, Adobe etc. All companies I do business with so they seem on the surface to be something I would expect.

How to protect yourself from spoofing

So what do you do to thwart these attempts? Here is a list of seven tips to help you protect yourself.

  1. Never use e-mail. That would certainly protect you but not too realistic since e-mail is still the most used method for communications so let’s move on to #2.
  2.  

  3. Never open an attachment to an e-mail that you are not expecting. I am not referring to the e-mail from your friend with a picture (.jpg) attached. Almost all legitimate e-mails from businesses do not include attachments. Of course, if your accountant has told you that they will be sending over a document attached to an e-mail, it is probably okay.
  4.  

  5. Install anti-virus software that scans your e-mail for attached viruses. This will not protect you from spoofing scams that get you to click an URL but is good (not perfect) protection against malware that could infect your computer.
  6.  

  7. Always look at the full “From line” and “Return-path” as this is usually an immediate giveaway. If you do not see the “Return-path” look at the settings on your e-mail client and check the view option to see the full header.
  8.  

  9. Do not click on the URL in an e-mail unless you are absolutely sure that the e-mail is legitimate. If unsure, instead of clicking, type in the URL of the business into your browser so you are go to their site and not a look-alike that has been setup by hackers.
  10.  

  11. If you do click on the url and it takes you to a site that asks you to “verify” your credentials by entering your account information, stop immediately. Look at the url in the address bar of your browser. It is probably not the company url you thought you were at. Exit that site and type in the url of the business you were intending to visit.
  12.  

  13. Use your intuition. If it doesn’t look quite right it probably isn’t and you should mark as spam and delete. If there is something really urgent that a business is trying to get in contact with you about, they will ask again or call you.

These tips should keep you out of trouble for now but the hackers are getting more sophisticated and short of not using e-mail at all we need some tech to help us out. Thankfully there is a technology coming soon that will provide automatic protection, ensuring that the e-mail you are looking at is really from the person or company it purports to be. For a preview of how it works go to www.chiaramail.com.