Can you spot a scam? (screenshots)

Can you spot a scam? (screenshots)

Summary: If an attacker knows your name, the companies you deal with and your email, then it can craft some convincing emails that have a much better chance of fooling you.


 |  Image 8 of 12

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10
  • Thumbnail 11
  • Thumbnail 12
  • The Hilton is another popular and trusted name in accommodation.

  • Unfortunately, its popularity is what could make it a good target. Even legitimate-looking email addresses will not necessarily be kosher.

  • Recruitment and career agency Robert Half was another victim of the Epsilon breach.

Topics: Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories


Log in or register to join the discussion
  • RE: Can you spot a scam? (screenshots)

    Wouldn't it be a great idea if every time you started a brand new computer (or freshly installed browser) it took you through a web safety tutorial before letting you loose on the web?
    • RE: Can you spot a scam? (screenshots)


      Were the tutorial skippable, the very people who need it would skip it. Were it not skippable, those who did not need it would be in a state of justifiable fury.
      • RE: Can you spot a scam? (screenshots)

        @?conomist ... Agreed, and IMO that information should be part of the windows "tour" or whatever they call it so it's not creating excessive numbers of documents to read. Proper treatment in the TOC might draw some users to it also. I have noticed that a lot of people play around in the tours on their machines and like clear and concise tutorials, which is another possibility.
        The above, plus people getting behind such a move regardless of who makes it first, might even shame other companies into doing the same thing so as to keep up with the hype of information.
        At least the information would BE there this way, rudimentary as it may be, but accompanied by some reliable and trusted links could open a world of information or just enough to get by on for a lot of the masses.
        I go by two rules:
        1. Don't even bother to look at the contents of a spam. It's easy to know whether you've had contact with a mailer just from the initial informaton at the top of the mail.
        2. Even if I am dumb/curious enough to read it, I never, ever click on any link in it, nor do I spend any time messing with it once I know it's spam. Some, as demonstrated here, might take a little thinking, but never use a link or any information in an email you weren't expecting and that there is no reason for you to be getting it.
        3. Next thing I do is parse the Headers and submit complaints to the spammer's ISP after tracing it as best as possible. Tracing emails isn't so easy to do so if you can't do that, then just delete the spam and forget it.
        4. Finally, I protect my email addresses and use only throwaway accounts to contact any site I'm not sure of. But I type in the URLs myself, from my own lists of resources, or usually simply ignore the whole thing.
        5. And I never ever touch an attachment. That's often another place the malware can be hiding.
        6. I don't open ANY attachments unless I know who sent it, and was expecting it.
        7. And then it's also just as important to perform "safe hex"

        See? It's pretty easy to do.
      • RE: Can you spot a scam? (screenshots)


        How true that is.
      • How to get folks to TAKE the tutorial

        The idea of including a phishing tutorial as part of the Windows "tour" has merit. I would additionally suggest that it be made into a "game" such as this presentation was. Interactive presentations would not only generate a higher "hit rate" but would also encourage closer attention paid by the end-user as they try to "beat" the game. Maybe I could finally get my wife and my mother-in-law to be more discerning with their emails if they could teach themselves instead of relying upon their geek-connection.
      • RE: Can you spot a scam? (screenshots)

        @AndyPagin - great concept. As @?conomist points out, the concept just needs a little fleshing out.

        A couple of ideas just off the top of my head:
        1. Tutorial on new "out of the box" computer is optional, right up until the point mandatory "scam-detection" software registers a hit. Then,
        Penalty A: Internet connectivity is disabled until the user has watched the tutorial ~and~ passed the quiz.
        Penalty B: Computer goes into "limp" mode, displaying a "Service Required" alert every 3-5 minutes. The offending computer returns to normal operation only after a charitable contribution to the "Association of Responsible Computing People" has been received.
        2. Develop a "New Computer Purchaser Registry" and require enormous volumes of paperwork, background check, and mandatory waiting period before taking delivery on any new computer purchase.
        3. A three strikes and you're out be forever relegated to dumb terminals!
        4. Get tougher on the "supply" excuses...just make it happen.

        None of the above applies to you if:
        * you have more than one fully functioning PC (virtual machines count)
        * you can name one Linux distro (from memory & 1 other than Ubuntu)
        * you can launch at least one command from the DOS prompt (heck....if you even know what a DOS prompt is might be good enough).

        Thank you all for humoring me.
    • RE: Can you spot a scam? (screenshots)

      If I dont Know 'em, I dont open 'em! plain and simple. 99.9% of any offers via the web are pure crap and I tell ALL my clients the same!
    • RE: Can you spot a scam? (screenshots)

      An even greater idea would be a way to get people to actually bother even reading it....much less heeding what it tries to teach. As Tater says - "Can't fix stupid".
  • RE: Can you spot a scam? (screenshots)

    Since a good sign of spam is the inclusion of spelling mistakes, you might want to fix the one on the second slide. That should be "a commercial email," not "an...."
    • RE: Can you spot a scam? (screenshots)

      There are several misspelled words in the piece.
  • Sounds scammy

    Marriott Rewards example: "should be also treated with caution."

    That's odd grammar - this gallery is suspicious. ;)
    • RE: Can you spot a scam? (screenshots)


      The grammar is correct. The war against split infinitives was lost decades ago:(
  • my main check

    using Thunderbird's/Mail's mouseover link exposure is unavailable in this test. For shame.
  • On the last slide...

    Shouldn't the word be skeptical (rather than sceptical)? Or is this a UK/OZ spelling?
    • RE: Can you spot a scam? (screenshots)

      From the online OED:
      (archaic & North American skeptic)
      Spelling help
      Remember that sceptic begins with sc- (the spelling skeptic is American).
  • RE: Can you spot a scam? (screenshots)

    Subject line Its Dream not Dreem
  • Good Examples

    Thanks for the examples of phishing scams. I caught a couple of misspelled words, "dreem" from the Disney ad and "youre" in another example. Poor spelling habits are becoming more common as well as confusion over homonyms such as then or than, your or you're, there or they're or their show up a lot in public responses.

    The use of a free email account for businesses as big as the examples is a good red flag. I get suspicious of email addresses that don't match the sender's name; such as sent by Al
    • RE: Can you spot a scam? (screenshots)

      @sboverie@... Agreed. And too many legiit companies also do that! They farm out all their e-mails to someone else and when you get it, even though it's legit, there's nothing there to indicate it actually came from who they say they speak for!
  • RE: Can you spot a scam? (screenshots)

    whenever i receive any kind of solicitation email, I always look at the sender. these examples show some e-mails coming from that right there is a dead giveaway that you are dealing with illegitimate senders.
    always look at the sender address folks!
    • RE: Can you spot a scam? (screenshots)

      @asg749d@... simply looking at the sender of an email is probably the biggest mistake that can be made. Just because it says, "From:", doesn't mean a thing! It is very simple to alter the "From:" address to read whatever heart desires. You are led to believe it's form, when it fact the actual address it's being sent from is more like <>. More providers have the option to view the header or source code (most often through right-click or option menu. This will give you the true identity and origin of the sender (which you can then use to trace the bastard......or at least sent viable information to their ISP and FCC.