Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Is That Email Legitimate?

Folks, a reader sent in a question I really think you should see…

Q: “Tech Paul;
For several weeks I’ve been keeping-up with your blog. Recently, I have been given some ‘devastating’ news and I turn to you for help. For many months I have been corresponding with business-people by emails. The incoming emails arrive directly to my ‘inbox’ not spam. The emails sent to me have ‘official’ government and bank ‘logos and tradmarks’. The emails also have ‘official’ government ‘seals’ and pictures of prominent leaders. Also received are ‘signatures’ and business ‘duty stamped seals of approval’. To say the least those emails look very sophisticated. The corresponce went on for months with the exchange of emails and telephone calls. Then all of a sudden the communication suddenly stopped. Without warning. Now, and most recently, when telephoning the other party; their phones are ‘disconnected’. When sending emails, my emails are returned to me ‘unanswered’. Needless to say I did send monetary payments (within a ‘time-limit’). Can you please tell me how one can ‘verify’ the legitimacy of an email? Is there any way to determine the ligitimacy of an email-address? I do enjoy reading your blog. However, the emails I receive leave me baffled, bewildered and perplexed. You have to see the emails for yourself. They look very professional and very sophisticated. They look genuine and authentic. And yet, when it comes to money payments; how can you tell if they are ‘fake’ or ‘real’? Your response is appreciated

A: Dear Reader,
It is rather easy to obtain, and paste in, official looking images…

But, without getting into your particular situation, and focusing in on what I understand your particular question to be — Is there any way to determine the legitimacy of an email?

The short version is: “sort of” but, no not really. You can look at the header (by viewing details) and see a more accurate picture of the Sender, but those can be faked (“spoofed“) or proxies used. Your real and true friends can have their machines get infected and used as spam bots, and mail from them (their machines) can be sent by criminals, and so on and so forth. Email without stringent controls in place (such as in a corporate setting) is a very insecure medium.

While we have invented “filters” which try to catch scams and spam, it is incumbent upon us – ourselves – to determine if an email is “legit”. Since the earliest days of the Internet, people have been told the basic Email rules:

1) Do not open mail from strangers
2) If they ask for personal information and/or money, it’s a scam
3) Write as if the whole world can read your words (or, “write like your mother will read it.”)
4) Don’t click links, open attachments, or “trust” email.

If you unsure about the legitimacy of an email, what you can do is look up the phone number elsewhere. Like, in the phone book. And call that number, not the number in the email, and you ask the supposed sender, “did you send me a email?

(But.. if you follow Rule #1, you don’t [usually] ever get that far..)

These scammers sometimes set up websites, phones, mailboxes, print up stationary, and more, to help pull off their cons.

… Since the FBI was nice enough to let me *borrow* their logo, I’m going to refer you to an excellent webpage they have; New E-Scams & Warnings, as well as a link to the FBI’s IC3 Internet Crime Complaint Center, (which, as you can imagine, is swamped..)

Here’s some tips on avoiding becoming a victim, (The Internet is literally filled with such advice..)

If you believe you have been scammed out of money, and therefore are the victim of fraud, there are many resources available to you.. (such as the one I discuss here, The World’s Largest Online Safety and Help Group) but I would start by talking with the local police. They can guide you as to your best immediate course of action.

I’ll say it yet again: you really do need to exercise Paranoid Common Sense on the Internet.

It ain’t Disneyland. (Please see, The Internet Is Not Disneyland)

We know about $105 billion per year in cybercrime ‘losses’, and we know that’s just the tip of the iceberg.. most go unreported. You listening, Cyber Czar?

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

Share this post :

December 13, 2010 Posted by | computers, e-mail, Internet, Internet scam, Phishing, security, tech | , , , , , , , , , , , , , , , | 2 Comments

CastleCops Takedown – Bad Guys Win (Again)

The odds are good that you never heard of CastleCops. Unless, of course, you were infected by a cybercriminal’s piece of malware* and turned to the Web for help.

castlecops_logo was one of those “good guys” sites, dedicated to combating the cybercrime that is threatening to render the Internet too unsafe to surf. (Many consider it that way already, btw.) It was, amongst other things, one of the places you could post your HiJack This! logs, and a volunteer team of antimalwareologists¹ would walk you through the steps to removing difficult infections.

There are “good guys” (aka “whitehats”) out there, and there are bad guys. CastleCops was definitely on the side of justice and good. Education and collaborative information sharing were among CastleCops highest priorities. They had been achieved by training the volunteer staff in their anti-malware academies and through additional services including CastleCops forums, news, reviews, and continuing education.

Which made them a target.

I guess I really shouldn’t have been surprised when I dropped in and saw this..
You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created. (click here to read the rest..)
PST 23 Dec 2008

This can only be construed as one more victory for the blackhats (whether or not CastleCops fell victim to direct attack.. such as DoS, as I’ve good cause to suspect). Some days, I get to feeling.. we’re not only losing the battles.. we’ve lost the war.

* virus, worm, trojan, “rogue antivirus”, (See Is that anti-spyware program really spyware?) etc.
¹ A word I made up to describe a person who studies the art of malware infection removal.. like, me. Not yet in Webster’s.

[note: though I am late, I would like to thank those folks who volunteered their time and talents at CastleCops. A big tip of my geek hat to you all.]shlogo_sm

[update: I have been informed that many of the wonderful antimalwareologist are now performing their generous deeds on SpywareHammer. Please see the Comments section for more.]

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

February 3, 2009 Posted by | computers, cyber crime, hackers, Internet, News, security, tech | , , , , , , , , , , , | 13 Comments