Article Published: Monday, December 14th, 2009 at 8:52 pm | Subscribe
3 Easy Tips to Prevent E-mail Spoofing
Article Published: Monday, December 14th, 2009 at 8:52 pm | Subscribe
I’m sure you have heard it before, “don’t click on suspicious e-mails, especially those with attachments!”. But how do you really know if an e-mail is suspicious in 2009? Most true spam e-mail now days doesn’t contain any e-mail attachments at all, actually a very large percentage of spam appears to arrive in your inbox from trusted sources like Microsoft and Facebook. Many of us receive numerous spam e-mails a day, much of which even the incredibly sophisticated algorithms in our Anti-Spam software can’t even detect. For the ones that make it through the cracks not all of them are very easy for a human to decipher either. These e-mails are far from the ones you receive sent from the heir of a rich Nigerian asking to politely deposit $1,000,000 into your bank account. So how do you really know if a modern e-mail message can be dangerous not only to your computer, but also your identity and safety. Here are a few tips.
1. Speak the language
If you receive an e-mail from Facebook urging you to click on a link and update your private information, good chances this is spam. Reputable sources like Facebook, Microsoft and Ebay very rarely send out e-mails requesting users to click a link to make changes to their account or profile. If the language in the e-mail appears to place urgency on things, be very weary. Navigate to the actual website in your browser by manually typing in the address, look for alerts within their site that will notify you of needed changes or updates as this is how most current web applications work. If you are still unsure, contact the supposed sender and ask the company directly what you need to do if anything to guard your account or to make any changes. Do NOT click any links in the e-mail.
1. Understand URL structure
A “URL” or Universal Resource Locator, in laymen’s terms is the address that your web browser looks for in order to find a website you are attempting to visit. Think of this as a house address. One of the most common spam techniques is called “spoofing”, this is essentially where the sender of an e-mail is attempting to direct you to a website that at first glance appears to be a trusted source like “microsoft.com” or “facebook.com”, but in reality this has potential to be very dangerous. A good way to avoid being spoofed by e-mail is carefully inspecting the URL that the sender is urging you to click on. The last word, phrase, number or letter before the extension (.com, .net, .org etc.) is the actual website you are visiting. If you look at the example above, at first glance it could appear that you are visiting “microsoft.com”, but really you are visiting what is called a “sub-domain” of “badsite.com”. Spoofers use this technique and have become so creative and stealth with it, that “badsite.com” will usually even look almost identical to “microsoft.com” in layout and design. Also look for slight variations in spelling, like “micosoft.com” and “mircosoft.com”. We all know those Nigerian phishing scammers aren’t very good at spelling and grammar as it is, but this is an actual technique solely used to trick you. In closing, this is one of the most dominate ways for “hackers” to collect your private information so be careful and never put your private information into a website you are unsure of!
1. Expose their stealth
This is one of the more difficult techniques to expose, but if you are successful you have become quite the savvy web user. Let’s say you were to click a link like this : http://www.microsoft.com then I would say, you would probably be in a lot of trouble. Why, do you ask? Take your cursor and hover over the link for a few seconds (do not click!), wait for a title box to pop-up, inside the title box is the actual “target” of that link, the same link that appears to be reputable “microsoft.com” would actually take you to “http://www.this-could-be-a-dangerous-site.com”. Be sure to inspect all links carefully, not only for spelling and sub-domains, but for the actual target that the link has been “stealthed” as.
Be sure to check e-mail headers, anyone can essentially send you a message from any e-mail address they want. I used to send e-mails to my friends in High School from “bill@microsoft.com”. In outlook it appeared that the e-mail was sent from none other than Mr Bill Gates himself. It’s an old trick, but some people are still pulling this off today. In your e-mail application look for an option that reads “Show headers” or “View Headers”, this will list the detailed information from where the e-mail is being sent from. If the e-mail addresses that it’s been sent from appear to be valid but you’re still unsure, copy the “IP” address from the “received” field and check it’s owner using “whois.net“. This will verify the owner/sender of that message, if the sender was claiming to be a Facebook Administrator this IP adress lookup should render the same results. Again if you are at all weary, be sure to check with the actual company or website claiming to send the message.
I hope these tips help, and if you have some tips of your own feel free to leave a comment!
Article Posted Under: Articles, Featured, Home Page Post, Security, Technology
This website adhers to web standards!
607.279.0884
INFO@MICHAEL-LOUVIERE.COM
Alright I’ll be the first to admit, this article was incredibly helpful! I get those stinkin spam emails all the time! I finally stopped opening them even if they looked even remotely suspicious, but when it comes to the one’s that are supposedly from ‘facebook’ or ‘amazon’ asking you to update your account info. etc. I’ve always been a bit hesitant. This definitely helps though. You can never be too cautious anymore these days. Thanks Mike!
Thanks Sarah! Yeah they can be tricky, but it’s all about understanding their methods and then it will be easy to figure out which ones are legitimate.
Or you could just be like me and avoid email completely =). Just kidding, good info. I’m too neurotic and paranoid to open unknown email. I just learned a little more to be safe though, thanks.
This blog was a very good read! I couldn’t have explained things better myself.
You made some Good points there. I did a search on the topic and found most people will agree.
Hullo, how are you? I genuinely like ur blog! I was wondering if u might help me (im sure other subscribers might also be interested). I want to get into writing a blog also and I at the moment use a blog with Word Press, but it is very confusing for me to create and I would like to attempt to get some decent training guides or courses (hopefully free) that can hopefully assist me in making use of wordpress correctly. As a word press web master yourself, do you maybe know where i could learn tutorials to be able to do this? Thanks Alot!
yeah, http://codex.wordpress.org/Getting_Started_with_WordPress happy bloggin!
Each article I have read is very well written and to the point. I would also like to state, not only are the posts well written, but the design of your site is excellent. I was able to navigate from post to post and locate what I was looking for with ease. Keep up the excellent work you are doing, and I will return many times in the near future.