Spam. Nobody likes it, but everybody gets it. In the first quarter of 2015 spam comprised 59.2% of email traffic! Of course, it doesn’t just annoy the end user, it also interrupts business productivity. Worse, spam is a security risk; bringing with it any number of phishing or malware attacks. Because spam is plentiful and comes in many varieties designed to confuse and manipulate the recipient, it is important to first implement a powerful anti-spam system. However, remember that utilizing anti-spam software is only the minimum of what you can do to protect yourself. You should also educate yourself on how to recognize and handle suspicious emails. Paying attention to the following 5 tips to identify dangerous spam emails, before you open, click, download, or share data will go a long way toward protecting your data.
One of the most important ways to protect yourself from dangerous spam is to install powerful anti-spam software. Liquid Web’s ServerSecure Plus is ideal because it both tags emails as spam (giving you the freedom to delete or recover as you see fit), and blocks dangerous malware, virus, email spoofing, and phishing attacks.
2. Watch for Spoofed Email Addresses
Pay close attention to the sender’s email address in any suspicious message you receive – and don’t reply or click any links. Attackers often use spoofed email addresses (email addresses that appear to come from a trustworthy source) to trick the recipient. These emails often include phishing attack attempts. Spoofing is done in a number of ways, but a few of the more common ways include:
- Changing the name of the sender so that it does not match the sender’s email address: It’s easy to change the header information of an email so that the sender’s name doesn’t match the sender’s email address. In the image with Example #1, the spammer changed the name to read “Katrina”, in an attempt to make the email appear as if it was from a familiar source. The email address, however is clearly unfamiliar and untrustworthy: “email@example.com.”
- Using characters that are similar to actual letters in order to make the sender email address to appear to be from a recognizable source: For example, many Greek characters look similar to latin letters, such as the Greek character “ε” and the letter “e”. Emails may use the Greek character instead of the letter “e” in the sender’s address, like this: “example@liquidwεb.com.” Unless the recipient is paying attention, they might not notice the email address is incorrect.
- Creating a fake sender address that references a normally trustworthy institution: Emails like “firstname.lastname@example.org,” as in Example #2, are a clear attempt to convince the reader the email is actually from AIG Direct. However, a quick google search reveals that legitimate emails from AIG Direct will probably end in “@aigdirect.com.”
3. Don’t Give Out Personal Information
Phishing scams usually appear to come from legitimate businesses, like your bank and contain URLs that link to malicious web pages asking for your private information. Legitimate businesses will, most likely, never ask for personal information such as passwords or credit card numbers via email. Giving out your information can lead to drained bank accounts or even identity theft.
4. Avoid Strange Attachments or Unfamiliar Links
The best policy is to refrain from downloading files or clicking through links in a strange email unless you trust the source. Malware, viruses, and other types of malicious material can be easily downloaded to your server or computer through attachments or malicious links, such as the Dropbox link in Example #3. In addition, dangerous files can come in any form, even with familiar extensions like .docx, and are often zipped to conceal their true file type.
5. Seem Too Good To Be True? It is.
Another sign of a dangerous spam email is when the content seems too good to be true – often in the form of a promise for large sums of money. Such emails are actually phishing schemes trying to collect bank account information from the recipient. These scams come in many forms, including the story about the government owing you money in Example #4. You might also see promises of money from foreign royalty, the announcement of a fake lottery win, and even get rich quick schemes.
The goal of an email that seems too good to be true is to encourage the recipient to click a link and provide their bank account information – a classic phishing scam.
Spam can be dangerous and can leave your computer or server vulnerable to future attacks. Following the above tips can help you identify the most common types of spam. Also, don’t forget that even replying to spam or attempting to “unsubscribe” can come with its own set of dangers!