Must Read: No niche for iPad: Why I returned mine

Topic: Collaboration

Can you spot a scam? (screenshots)

Summary: If an attacker knows your name, the companies you deal with and your email, then it can craft some convincing emails that have a much better chance of fooling you.

Andy Smith

By |

 |  Image 10 of 12

Customers should be wary of scams that seek to harvest details for identity crime.

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10
  • Thumbnail 11
  • Thumbnail 12

Topics: Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

38 comments
Log in or register to join the discussion

  • RE: Can you spot a scam? (screenshots)

    Wouldn't it be a great idea if every time you started a brand new computer (or freshly installed browser) it took you through a web safety tutorial before letting you loose on the web?
    AndyPagin
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @AndyPagin?

      Were the tutorial skippable, the very people who need it would skip it. Were it not skippable, those who did not need it would be in a state of justifiable fury.
      �conomist
      Reply Vote

      • RE: Can you spot a scam? (screenshots)

        @?conomist ... Agreed, and IMO that information should be part of the windows "tour" or whatever they call it so it's not creating excessive numbers of documents to read. Proper treatment in the TOC might draw some users to it also. I have noticed that a lot of people play around in the tours on their machines and like clear and concise tutorials, which is another possibility.
        The above, plus people getting behind such a move regardless of who makes it first, might even shame other companies into doing the same thing so as to keep up with the hype of information.
        At least the information would BE there this way, rudimentary as it may be, but accompanied by some reliable and trusted links could open a world of information or just enough to get by on for a lot of the masses.
        I go by two rules:
        1. Don't even bother to look at the contents of a spam. It's easy to know whether you've had contact with a mailer just from the initial informaton at the top of the mail.
        2. Even if I am dumb/curious enough to read it, I never, ever click on any link in it, nor do I spend any time messing with it once I know it's spam. Some, as demonstrated here, might take a little thinking, but never use a link or any information in an email you weren't expecting and that there is no reason for you to be getting it.
        3. Next thing I do is parse the Headers and submit complaints to the spammer's ISP after tracing it as best as possible. Tracing emails isn't so easy to do so if you can't do that, then just delete the spam and forget it.
        4. Finally, I protect my email addresses and use only throwaway accounts to contact any site I'm not sure of. But I type in the URLs myself, from my own lists of resources, or usually simply ignore the whole thing.
        5. And I never ever touch an attachment. That's often another place the malware can be hiding.
        6. I don't open ANY attachments unless I know who sent it, and was expecting it.
        7. And then it's also just as important to perform "safe hex"
        http://www.claymania.com/safe-hex.html
        http://www.mvps.org/winhelp2002/security.htm
        http://www.sophos.com/security/best-practice/

        See? It's pretty easy to do.
        tom@...
        Reply Vote

      • RE: Can you spot a scam? (screenshots)

        @?conomist

        How true that is.
        bobiroc
        Reply Vote

      • How to get folks to TAKE the tutorial

        The idea of including a phishing tutorial as part of the Windows "tour" has merit. I would additionally suggest that it be made into a "game" such as this presentation was. Interactive presentations would not only generate a higher "hit rate" but would also encourage closer attention paid by the end-user as they try to "beat" the game. Maybe I could finally get my wife and my mother-in-law to be more discerning with their emails if they could teach themselves instead of relying upon their geek-connection.
        KevMen
        Reply Vote

      • RE: Can you spot a scam? (screenshots)

        @AndyPagin - great concept. As @?conomist points out, the concept just needs a little fleshing out.

        A couple of ideas just off the top of my head:
        1. Tutorial on new "out of the box" computer is optional, right up until the point mandatory "scam-detection" software registers a hit. Then,
        Penalty A: Internet connectivity is disabled until the user has watched the tutorial ~and~ passed the quiz.
        Penalty B: Computer goes into "limp" mode, displaying a "Service Required" alert every 3-5 minutes. The offending computer returns to normal operation only after a charitable contribution to the "Association of Responsible Computing People" has been received.
        2. Develop a "New Computer Purchaser Registry" and require enormous volumes of paperwork, background check, and mandatory waiting period before taking delivery on any new computer purchase.
        3. A three strikes and you're out policy...to be forever relegated to dumb terminals!
        4. Get tougher on the "supply" side...no excuses...just make it happen.

        None of the above applies to you if:
        * you have more than one fully functioning PC (virtual machines count)
        * you can name one Linux distro (from memory & 1 other than Ubuntu)
        * you can launch at least one command from the DOS prompt (heck....if you even know what a DOS prompt is might be good enough).

        Thank you all for humoring me.
        jrhalli89
        Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @AndyPagin
      If I dont Know 'em, I dont open 'em! plain and simple. 99.9% of any offers via the web are pure crap and I tell ALL my clients the same!
      Jaytmoon
      Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @AndyPagin
      An even greater idea would be a way to get people to actually bother even reading it....much less heeding what it tries to teach. As Tater says - "Can't fix stupid".
      Star*Hopper
      Reply Vote

  • RE: Can you spot a scam? (screenshots)

    Since a good sign of spam is the inclusion of spelling mistakes, you might want to fix the one on the second slide. That should be "a commercial email," not "an...."
    SleepingCat
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @SleepingCat
      There are several misspelled words in the piece.
      dachiemom
      Reply Vote

  • Sounds scammy

    Marriott Rewards example: "should be also treated with caution."

    That's odd grammar - this gallery is suspicious. ;)
    ejhonda
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @ejhonda

      The grammar is correct. The war against split infinitives was lost decades ago:(
      mejohnsn
      Reply Vote

  • my main check

    using Thunderbird's/Mail's mouseover link exposure is unavailable in this test. For shame.
    rich@...
    Reply Vote

  • On the last slide...

    Shouldn't the word be skeptical (rather than sceptical)? Or is this a UK/OZ spelling?
    destockwell
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @destockwell
      From the online OED:
      (archaic & North American skeptic)
      Spelling help
      Remember that sceptic begins with sc- (the spelling skeptic is American).
      PercySludge
      Reply Vote

  • RE: Can you spot a scam? (screenshots)

    Subject line Its Dream not Dreem
    graphix1@...
    Reply Vote

  • Good Examples

    Thanks for the examples of phishing scams. I caught a couple of misspelled words, "dreem" from the Disney ad and "youre" in another example. Poor spelling habits are becoming more common as well as confusion over homonyms such as then or than, your or you're, there or they're or their show up a lot in public responses.

    The use of a free email account for businesses as big as the examples is a good red flag. I get suspicious of email addresses that don't match the sender's name; such as J.Smith@businessname.com sent by Al Jones@businessname.com.
    sboverie
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @sboverie@... Agreed. And too many legiit companies also do that! They farm out all their e-mails to someone else and when you get it, even though it's legit, there's nothing there to indicate it actually came from who they say they speak for!
      tom@...
      Reply Vote

  • RE: Can you spot a scam? (screenshots)

    whenever i receive any kind of solicitation email, I always look at the sender. these examples show some e-mails coming from hotmail.com. that right there is a dead giveaway that you are dealing with illegitimate senders.
    always look at the sender address folks!
    asg749d@...
    Reply Vote

    • RE: Can you spot a scam? (screenshots)

      @asg749d@... simply looking at the sender of an email is probably the biggest mistake that can be made. Just because it says, "From: admin@largewellknowncompany.com", doesn't mean a thing! It is very simple to alter the "From:" address to read whatever heart desires. You are led to believe it's form admin@whatever.com, when it fact the actual address it's being sent from is more like <backdoorbandit@tWoGIrLsOnEcUp.com>. More providers have the option to view the header or source code (most often through right-click or option menu. This will give you the true identity and origin of the sender (which you can then use to trace the bastard......or at least sent viable information to their ISP and FCC.
      beavo040
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close