ELM Bulletin - December 15, 2009
Recent Email Hoaxes
Several email hoaxes have come through my email recently, each doing its best to look like something I absolutely positively had to deal with. Thankfully, I have reliable anti-malware installed and updated and so the emails were sent to quarantine before they had opportunity to infect my computer. Whew!
The emails used two different subject lines but each was transporting the same malware. The subject lines read:
- “DHL Office. Get your parcel…”
- “Facebook Password Reset Confirmation! Customer Support.”
Since we receive a fair bit of shipping here at ELM, and since I am also a Facebook user, these emails very nearly fooled me. In fact, I had actually opened the first Facebook email I received.
As I said above, it’s a very good thing that I use a reliable anti-malware product and keep it up-to-date.
It isn’t easy to decide whether or not a particular email is legitimate and it’s going to get more difficult in the future. A big clue for these emails was that the receiving addresses exist only on our corporate websites to give potential clients a contact point with ELM. Neither Facebook nor DHL had any reason to send email to these addresses since are never used for any other purpose.
Other methods to determine that these were bogus emails are listed below.
1 – With regard to the DHL email, some clues that they were bogus include:
- Almost all of our shipments are delivered either by UPS or Purolator; although a DHL shipment would not be out of the question it would be a bit of an anomaly
- Our office is always staffed, there is no reason for a shipment to have been undeliverable
- We were not expecting a delivery from any of our clients or suppliers
- Courier companies typically leave a note to indicate a delivery failure; email is rarely, if ever, used
2 – As for the Facebook email, since a password reset is a possibility, it was a little more difficult:
- I knew I had not initiated a password reset request
- If a password reset had been requested then someone had cracked my Facebook account and I’ve got bigger problems to deal with than bad email
- Password reset confirmations typically arrive once, within minutes of the initial request, these emails continue to arrive day after day
This is not a complete list of all the ways to test suspected bogus email, but it does provide a point of departure. You probably have your own ideas how to expand this list. (If you wish, you can send them to me for inclusion in the web version of this ELM Bulletin.)
As I have said before in these bulletins: Malware writers are not stupid, just bad. They can and do come up with extremely convincing bait to get us to install their software on our computers. Using the tips above we can all be more careful with suspicious email.
The last thing anyone should be doing this Christmas is removing malware; celebrating the season and visiting with family & friends is much more important and enjoyable.
As always, please do not hesitate to contact me if you have any questions about this or any other issue.
Past issues of the ELM Bulletin are available from our website, feel free to forward them to anyone you wish.
You have received this ELM Bulletin either by request or because you have given your contact information to an ELM employee. If you no longer wish to receive the ELM Bulletin, send us an email with "Remove Me" in the subject line and we will remove your email address from our distribution list.
Peter Rhebergen Telephone |
Websites & Publications Product Websites |
