Holy moly we’ve got SPAM on our hands!!

()

And I’m not talking about the meat!

I posted a list of quick tricks for IDing SPAM and avoiding internet phishing scams on the Schipul Blog this morning but I think it’s a pretty important topic so I wanted to repost it here.

Especially since (and I’m not admitting anything here) I may have fallen for it… right in front of our IT director.

So yesterday I received an email that looked like this guy below (minus the pink arrows of course)… I clicked the “UPDATE” button and a window like this popped up… and holy moly.

At this point there was a whole lot of cussing and minimizing and I realized a blog post (or two) was definitely in order.

So let’s talk internet scams…

Facebook Scam Email

What questions should you ask when receive an email from your favorite site?

  1. Who is the email from? If it’s not coming from the actual site that is requesting action from you then it is probably spam. But beware. Email addresses are super easy to spoof. Our example email looks like it’s from Facebook but when we check out the rest of our criteria for IDing spam, it’s clearly not.
  2. Who is the email to? If it’s not “to” the email address that is tied to the account that is requesting action then ignore it. The example email was sent to a group address at Schipul but my Facebook account is tied to my gmail address so I know this is fake.
  3. Who is the email addressed to? Social Media sites are created to be your buddy, so when they reach out to you via email they will almost ALWAYS use your real name (Dear Maggie McDonald) or your username (Dear MagsMac), if they don’t use a familiar name when they, then they do not know your account. SPAM!
  4. Are they asking you to click a link in the email? If an email has failed all of the prior tests then most assuredly DO NOT CLICK ON ANY LINKS in the email. Go directly to the site and check their to see if they need any info from you. If they really need something, you can bet they’ll tell you right when you log in and not just in some random email.
  5. Even if the email looks like it’s from the site, beware! See point #1. Emails are easy to spoof. The example email includes the correct address for Facebook headquarters but that doesn’t mean it’s really from Facebook.

Check out ebays guidelines for IDing a legitimate ebay email. They take internet security VERY seriously and are a great company to use as your email benchmark.

So in summary, be careful what you click. If in doubt don’t click anything and head on over to the site requesting action for more information!!

Oh… on a related note. Twitter SPAM is out of control this morning. I have received no less that ten requests that I check out a site to help me “cleanse fat” and I’m either really insulted or assuming your account got hacked.

Tip: If you have entered your Twitter password into any third party software lately, I would suggest you change it lest you inundate your friends with DMs like these:

Twitter Spam

*** Avatars Starred to protect the innocent.

2 Responses

  1. happykatie says:

    Great points! Another rule of thumb I use is the 'does it make me feel mildly icky / confused' question. The layout of the email, the color in their banner, a little blur to a logo image — sometimes there are things that are 'just not right' that you can train your brain to catch.

    Weird or inconsistent fonts or occasional misspellings are dead giveaways too. It's those little things that can be a huge neon 'HEY I'M FAKE AND TOTALLY SCAMMING YOU' sign in a phishing scam.

    Boo hiss to spammers.

  2. chris Stagg says:

    thanks for the tips Margaret

Leave a Reply