E-mail from my Sister!

Thanksgiving morning. Early. I check my e-mail and see a message from my sister.

3:24 a.m….. She was up early. Or maybe was still up from Wednesday night.

She said “hi phil” and then included a link, closing with her name in the format doejane (although it had her real name instead of doejane).

I looked at the link and it appeared to go to some blog.

Why is she just sending me a link?

image of e-mail described in this post

I am always suspicious when I receive an e-mail with just a link, especially if the link looks to me like it is a blog. And yet, it appears to be from my sister on Thanksgiving day. Could it really be legitimate?

It was sent to my e-mail address that I only give to my family and a couple of other restricted places. So, if it isn’t my sister, how did they know I have this particular e-mail address.

If this were to happen to you, what would you do?

As for me, I wouldn’t follow the link. If it isn’t a safe link, clicking on it is a good way to get your computer compromised . Even if the e-mail is really from someone you know. I looked a little further.

The e-mail address was [mysistersname]@tampabay.rr.com. Well, that’s strange. If it ends in tampabay.rr.com, that means that the person sending it gets their Internet service from Charter Communications, previously Time Warner Cable. More specifically, they get it from the TampaBay location for that provider. That means they are/were located in the Tampa area. (Or they are faking their address as coming from there.)

But my sister lives in the northeast part of the nation.

Strange.

same image as above, but with 'tampabay' circled

So, now I have the following information:

The person sending the e-mail connects from a Tampa area account (or pretends to).
The person’s e-mail sounds like a personal e-mail but only includes “hi phil” plus a link, and then their name (run together with no space, last name first).

This is pretty suspicious. It has to be an attempt to fool me. If I were to click on that link, I would likely have a compromised computer.

But the perpetrator did several things amazingly well.

1) They used my sister’s actual name. It is a bit unusual that it is lower case and signed “last name first,” run together with no space. But some of my friends sign their names all lower case.

2) They sent it to me using my e-mail address that is given out to very few people. I give out my other e-mail addresses to lots of people, but not this one.

3) They sent it on Thanksgiving Day, a time that loved ones are more likely to be in contact with us.

Would you have clicked on the link?

 

So, how should you handle this? The bad guys are smart (at least some of them). You don’t want to ignore e-mail from loved ones.

Let’s examine this situation. There are clues that there might be a problem.

The biggest clue is the address specifies it came from the wrong part of the country. But if the address had been from @gmail.com, we wouldn’t have that clue. And, even for me, I didn’t discover the problem with the address until I started looking, which was after I was already suspicous.

The biggest giveaway for me was that the e-mail contained only a link between the greeting and signature. This is always suspicious to me. Of course, some of my friends regularly send e-mails like that. Maybe some of your friends do as well. With those friends, at least that is their pattern for sending e-mails. But, I often don’t click on their links either.

My response to such cases is the following:

* I pay attention to the link itself. I recognized this as likely being a blog. I know that a lot of attempts by attackers use this technique. (It really helps to become familiar with the techniques attackers use so you can recognize attempts when they occur.)

* As a rule, I don’t click on links just because someone sends them. I evaluate the likelihood that it is safe and also whether I think it might actually be of interest.

* If I thought this really did come from my sister, I still wouldn’t click on the link because it looks too much like the style used by attackers. I would contact her first and make sure it really came from her (even if the e-mail address was her true e-mail address) and try to get some more information about it.

(By the way, I did receive an e-mail from my sister later that day. It didn’t have links to blogs, but had actual sentences with relevant remarks. Also, it came from her REAL e-mail address, which was in the format of janiedoe@…… instead of doejane@.)

Final analysis:
The e-mail likely came from someone who was either trying to compromise computers or someone trying to sell something. (I’m sure you’ve seen spam e-mails for weight loss, body part enhancement, pills, etc.)

Be careful when you go through your e-mail. Even if it comes from someone you know or is about something you are interested in. The bad guys will use holidays, events, or anything else to trick us into opening their e-mails.

 

What else are they likely to do at this time of year? You may have seen e-mails about failed delivery attempts from DHL or UPS. Do you have any packages coming at this time of year? I do.

Image of package on porch, wrapped as gift

In fact, UPS failed to deliver the package I had ordered. The tracking information said it was on the truck for delivery this past Monday, but it didn’t arrive. The next day, it was scheduled again to be delivered. A little after 3:00, I looked online and the tracking info said they had delivered it. Nobody had rung the doorbell but I looked around outside. The package wasn’t here. I had to call the shipper, and they are filling the order again.

But, what if I had gotten an e-mail from UPS? It would be tempting to open it since they had failed their delivery a couple times already. If a bad guy had sent me one of these e-mails in the last couple days, the scenario was ripe for me to open it to find out what was happening with my delivery. Knowing that this is how the bad guys operate, I still wouldn’t have opened the e-mail. I would have gone to the shipping company’s site using the tracking number I already had (which is what I did). Then, I would have called them using the number I already had (which I also did). They said there was nothing they could do since it was marked as delivered.

They didn’t send me an e-mail about this. But what if they had? Do you think I would have opened it, because of being upset about their failures and hoping for some kind of satisfaction? Suppose a bad guy had sent a malicious “failed delivery” e-mail this week. I’ve certainly received a bunch of those in the past. But this time I already knew there were delivery problems. And I wanted it fixed!

What would YOU have done? Would you have clicked to find out what was going on with the failed delivery?

 

The main thing I want you to take away from this is:
Think before you click.

Many of us are overloaded with information. Some of that comes through e-mail, especially if you get lots of e-mail. If we are feeling like there’s too much information coming our way, it is easy to pay less attention to individual e-mails. That could put us at risk for falling prey to at attacker’s tricks, because we fail to think before opening the e-mail or clicking on a link.

I get a couple hundred e-mails daily. Most of them are never opened. I scan through the sender names and subjects fairly quickly. Some are deleted. I place the majority into an “archive” folder without opening them. They are there if I ever need to refer back to or search for something. Only a few get opened. One of those was the e-mail from my sister. Or rather, the one that looked like it was from my sister.

It is important to keep paying attention. As we open the e-mails that we think are of interest or from someone we want to hear from, we need to be aware of the possibility that it could be a trick. It could be someone pretending to be our family or friend. Or it could be an e-mail about something that is very relevant to our life on that particular day, such as a package that we are trying to get delivered. Holidays are a time that some of the bad guys step up their attacks. It is also a time that we may be more susceptible.

Again, the main thing I want you to take away from this is:
Think before you open or click.

The second thing is to become aware of the tricks the bad guys play so you don’t fall victim to them.

Daily Tip 28 – Surf at Your Own Risk

What kind of web sites can infect your computer?

a) Sites that provide up-to-date news stories

b) Sites about the hottest celebrities

c) Porn sites

d) Sites where professionals go to keep up-to-date on developments in their field

e) Sports sites

f) All of the above

Hint: The answer is not the one that is probably your first guess

(Scroll down for the answer)

.

.

.

.

.

.

.

.

.

Answer: F) All of the above

Daily Tip 27 – Unknown links

We are told to be careful of clicking on links. There are some you should not click on, like those that say there is a problem with your account and that say you should click on the link to fix it.

But there are others that look strange or that don’t seem to go where you think you want to end up, but they are actually perfectly OK. There are legitimate reasons for using these. On the other hand, they could also be used for malicious purposes.

The lesson is that you can never be sure where a link is going to take you. You need to exercise caution.

It is hard to tell if a link is safe. But context and whether or not you trust the person providing the link can help.