[Previous entry: "Suspicious annotations"] [Main Index] [Next entry: "Windows to Linux migration"]

01/12/2004 Archived Entry: "recognizing scam emails"

Yet another "phishing" scam, this time purporting to be from Citibank and (naturally) sending you to a web page where you can give them your account info.

We got the first tip on this from our friends at Miller Microcomputer Services, who sent us what I consider to be a perfect case study of how to read suspicious emails...in the spirit of "teach a man to fish" rather than "give a man a fish." They've given us permission to post it here, duly credited.


E-mailed MMS Client Messages are for the personal use of subscribers, and offer Windows/PC-based advice, flag money-saving opportunities at computer-chain store sales, and more. MMS consulting clients receive a courtesy subscription. Occasionally we send courtesy copies to others. Non-clients are welcome to subscribe for $25 through June 2004.

Hi, MMS Clients (and some other friends):

Today, MMS received a new flavor of an old spoof -- spam e-mail looking so official that you're likely to volunteer your personal credit information to identity thieves. We remind you NOT to click the tempting button.

A lot of these e-mail spoofs are running around, and this particular one is nearly identical to ones from last year. It was entitled, "Important Fraud Alert from Citibank", it wasn't flagged by our junk-mail filter, and it looked quite authentic. Except for an apparently unnecessary "Part 1.2" attachment, and a doubtful header line reading "Reply-to: Fionan_Illa@rocketmail.com". When we exercised Mozilla's [Ctrl-U] function to view the message header and full source code, we saw much more trouble. The sender was using very non-Enterprise mail software, the message had arrived via a foreign address, and it included a BIG attachment but no text of the message WE were reading.

When in doubt, don't proceed! Instead, I Googled "Important Fraud Alert from Citibank" and found multiple evidences that this was a scam. Then I browsed to "citibank.com" (MY entry of a safe URL). Sure enough, the REAL CitiBank web site has an "E-mail Fraud" link at the bottom of its main page, and that link listed many variations of this fraud. But it didn't show our specific variant, so we opted to tell them about it.

You can trace our steps to learn more. Or, just stay suspicious of unsolicited "official" messages. As you already know, check before tapping any of the handy links on any message that may be bogus!

This spam uses only one scam of many. Spam messages can load a virus that harms your computer, sends its data elsewhere, and more. Some spam attachments are disguised as tiny images, or buried within large ones. Some MS-Outlook/Internet Explorer users have had them auto-execute with no user intervention. That's just one of many reasons we push our clients to Mozilla, instead.

I'll echo their final advice: please use an email program that reveals the "gotchas" that can hide in email -- like attachment names, email headers, and embedded links -- and allows you to view email as plain text and in full (with all headers).

A followup to a previous posting: to use proxy auto configuration with Netscape 7.1 or Mozilla 1.4, just use the "no-ads.pac" file as distributed. You don't need to edit it to specify a proxy server. This also works with Internet Explorer, but you're not still using IE, are you?

brad

Powered By Greymatter