Written by Megan Durham

As someone who develops websites and manages social accounts for various clients, our CTO Megan gets a lot of email. She is the catchall on at least four different domains and gets the administrative emails for upwards of thirty websites.

Because of this, she gets a lot of spam emails. Most of the spam is fairly innocuous.  It’s a mix of badly translated ads for pharmaceuticals, shady SEO schemes, and sites selling various luxury knockoffs.  In general, it’s the kind of thing that can be deleted without even looking at it.

However, some of the emails are a little more suspicious.  And some of those are obviously malicious, while others are more subtly so.  

Today, we’re going to share with you some of the most interesting spam emails to hit her inbox.

The business will take place in London

This spam email clearly falls in the obviously malicious category.  Even if it wasn’t typed entirely in caps, the request to “OPEN ATTACHMENTS FILE TO SEE THE DETAIL” in both the subject line and the first line of the body reeks of desperation.  Add to that the fact that the email recipient is spoofed, and it quickly enters the delete pile. I’m sorry Dr. Caleb, but we are not interested in your London business.  We don’t even think you’re a real doctor.

 

In the same line of malicious emails comes this request from the poor Jose Pachi, who is apparently a Spanish teacher who needs help with his curriculum.

How about no.

Nigerian Prince Variants

This scam is a fairly transparent variant on the typical “Nigerian Prince” scam; however, out of all the variations on Nigerian Prince emails that come in a daily basis (everything from companions of ousted Ukrainian President Victor Yanukovych to bank officials representing deceased rich victims of Typhoon Haiyan), the following two stood out.

The first stood out primarily because of the language involved—what kind of diabolic powers or human wickedness did the author find her relatives “thratening” [sic] her with?  How did this result in her mother’s death?

Once you begin contemplating those issues, more questions start to pop up.  Why does Rita need my telephone number, CV, and identification papers if she already got my contacts and profile during her desperate search?  Why is there a question mark after the amount of her inheritance?  Why is the email she has in the body of the email in Japan while the one she sent from was in Brazil? And is Desire a common name for a man?

 

This second spam email stands out mainly for one reason: the spammer didn’t even bother to try to spoof a real UBS email, instead depending on the fact that the recipient wouldn’t question a Hotmail email address with UBS and a name in the username.  It’s also interesting (and frightening) that Dr. Joe Miller asked for almost every piece of information that is necessary to take out a credit card in someone’s name. Also, how often do assistant managers at UBS have doctorates?

 

 

Restore Your Online Account Access

There are quite a few things wrong with the following spam email that made it clear that it was not actually from Amazon. First, it’s a generic message, addressed to “customer,” and not with the standard named greeting that Amazon usually provides.  A closer look at the email header showed a spoofed recipient address, as well as the fact that the sender’s email is not from amazon.com, but rather amazons.com. There were also the typical errors in the main body, “multiple login attempt error” and “we have believed” as well as “we have temporarily suspend”–to name a few. There’s also the standard application of pressure that most phishing emails include to make sure that you don’t simply ignore it.  In this case, it is the threat that if you don’t click through your Amazon account might be suspended altogether.

 

A look at the source shows that the images in the email are all remote images from someplace other than Amazon and that links out of the email go someplace else entirely:

 

We get several emails like this a week: emails that are essentially phishing scams trying to appear to be legitimate companies. Here’s another example email that appears to be from Wells Fargo:

We also periodically see emails sent to business email addresses that concern supposed missed payments, purchase orders, or deliveries.  They often look something like this:

Nope, we sure won’t be clicking that link any time soon.

When it comes to email, it’s a good idea to practice standard safe practices:

• Examine the recipient and “to” addresses.  Is it someone you know?  Is it going to your proper account or to undisclosed email addresses?  If there’s any question, go ahead and delete it.

• Does the email seem off? Is the email too good to be true?  Are there lots of language errors? Or does it just seem odd?  Did your friend send you an email without any information, simply an “I thought you’d find this funny” message and a link?  Does it have a vague subject line like “hi”?  Trust your gut – even trusted senders can get infected by malware.

• Think long and hard before you open any attachments.  If you aren’t totally sure that you trust the sender or the email message, don’t open it.

• Take warning emails from companies with a grain of salt.  If you get an email from a company, even one that you know and trust, don’t automatically click links within it.  Instead, log into your account in a separate browser and check to see if you have any messages there.  And if anything seems odd, contact the help department at the business rather than clicking links in the body of the email.

• Don’t unsubscribe.  An unsubscribe link on an email is still a link to a website that you don’t know is safe.  Unless you trust the sender, don’t click any links within the body of the email. Remember that the Internet is a much more dangerous place than it appears.  Keep a weather eye out, and stay safe out there.