WhitePaper:Spam
Adangeroustimewaster
Introduction
It’sestimatedthat80%ofallemailsentintheentireworldisspam.Only2in10emailsare
legitimate.That’saLOTofspam.Andspamisn’tnew-it’sbeenaroundsinceemailwas
inventedinthe1980’s.Whilethisoldenemymayseemeasilyavoidableforsome,itremains
theno.1causeofvirusesenteringandinfectstaffcomputersorevenentirenetworks.This
whitepaperwillexplainwhattolookoutfor,providesometipsonspottingfakeemails–
eventhosethatlookveryreal-andhowyoucanreduceyourexposuretospamlonger
term.
Surelyno-onebelievesthosefakeemails!?
You’dbesurprised.Somepeopledoactuallybelievetheycanbuycheapmedicineonline,or
havecertainpartsoftheirbodies“enhanced”,orthattheyhaveindeedmissedaFedEx
deliverytheyweren’texpecting.Onesurveyputitashighas30%ofpeopleopeningand
readingtheseemails.Theveryfactthatspamexistsmeansitworks,itmakesmoney,andit
fundscriminalsdevisingevermoresophisticatedwaysofconningpeople.
Whycan’tmyanti-spamprotectionstopthem?
Thechallengewithanytypeofsecurityprotection–anti-virus,anti-spametc.–isthatthe
attacksareconstantlychanging.It’sagameofcatandmousethatneverends.Adecent
anti-spamfiltersuchasSpamFighterwillhopetostopabout90%ofspam,whichisgreat,
butthatmeans1in10arestillgoingtohityourinboxandpresentyouwithasecurityrisk
thatcouldinfectyourmachinewithavirus.Youneedtobesufficientlyawareofwhatto
lookforsoyoucanprotectyourselfdirectly.
Whattolookoutfor
Thinkofspamemailssimplyasvehiclestodeliveravirustoyourcomputer.Theviruswill
presentitselfinoneoftwoways:
1. Asanemailattachment(azip/word/excelfileforexample)
2. Theemailwillcontainalinkwhich,whenyouclickonit,takesyoutoawebpage
thatdeliversthevirusthatway–doreadourRansomwarespecialformoreontypes
ofvirus
Thepointisthat,ontheirown,spamemailsdon’thurtyou.Theyrequireanactionfromyou
toinitiatetheinfection,andthisiswhereyoucanbesmart.Donotclickonlinksinanemail.
Donotopenattachmentsfromapersonorcompanyyoudonotknow.
Spottingafakeemailversusagenuineone
Spammersarecleveratmakingspamemaillookgenuine(atechniqueknownasspoofing).But
therearetwosimplechecksyoucandotoquicklyidentifyisanemailisspamornot:
1. LookattheFROMAddressandDomaincarefully
Lookattheexamplebelow–theemaillookslikeit’sfromPayPal–samelogo,samefonts–butlook
attheemailaddressit’[email protected],whichisPayPal’sgenuine
domain.It’scomefrom<[email protected]>,nothingtodowithPayPal.Spammerscan’t
sendfromagenuinedomainlikepaypal.combecausetheydonotownthosedomains.Anyemail
yougetwherethesender’sdomaindoesnotmatchtheexactcompanydomaintheyarepretending
tobefrom,shouldbedeleted.
EmailaddressisNOTpaypal.com
2. Checklinksbeforeclickingbymovingyourmouseoveralinkandlookatwhatcomesup.
Theothersimplecheckyoucandoishoveryourmouseoveranylinksorbuttonsintheemail.DO
NOTCLICKTHEM,justhoveroverit.Youwillseeapop-upappear,showingyouwhatwebsiteit
wouldtakeyouto,ifyouweretoclickonit.
Lookatthebelowscreenshot.It’saspoofedLinkedInemail,andagainitlooksgenuine,butthereare
telltalesignsthatit’sfake.Firstofall,lookattheFROMaddressagain–it’sfromadomaincalled
ambrunnen.de–nothingtodowithLinkedInwhatsoever.Butalso,whenyouhoveryourmouse
overthelinkintheemail,whichlookslikeitislinkedin.com,you’llseethatifyouweretoclickit,you
willactuallybedirectedto
CLICKIT!Justdeleteitimmedaitely.
whichwillbeavirussite.DONOT
OurConclusions
Eventoday,thenumber1causeofvirusessuccessfullyinfectingcomputersistheuserbeing
dupedintoclickingalinkinaspamemail,oropeninganemailattachment,andgrantingthe
viruspermissiontowreakhavoc.
Thebestvirusandspamprotectionintheworldstillisnotperfectandthereforeyoumust
beawareofwhattolookfor-youarethelastlineofdefence!
Thesesimplechecks,alongwithageneralcautiousnesswhenusingemail,andtakingan
extrafewsecondsbeforeyouclickalink,willprotectyou.Andremember,ifthereisevena
minutedoubtinyourmindaboutthelegitimacyofanemail,justdeleteitandpickupthe
phone–noharmdone
FurtherReading
EthicalIT’sfreeguidetoRansomware–areallynastynewtypeofvirusoftendeliveredby
Spamemails:http://www.ethicalit.net/resources/Whitepaper-Ransomware-V2.pdf
Generalarticleaboutemailsafety:https://www.getsafeonline.org/protecting-yourcomputer/spam-and-scam-email/
TheEthicalITKnowledgebase,withlotsofinformationontopicslikePCmaintenance,
Movingoffices,Internetconnectionsandmore,alltotallyfree:
http://www.ethicalit.net/knowledgebase.php