Fake Twitter Emails, Fake Paypal Emails, Phishing Emails and Malware Links and Spam
I got this email this morning, it looks almost identical to Twitter emails except for the fact that the account I received it on does not have a Twitter account connected to it. Bit of a dead giveaway that, but still, it’s quite convincing.
The email says:
Hello, Twitter-er!
You have 2 (or more) unread message(s) from Twitter System.
With a URL underneath, which, in the body of a HTML email, appears to be directed to Twitter, but is in fact directing someplace else. This isn’t new, obviously, there have been emails like this around for years, for Facebook, for online banks, for Paypal and eBay – for every service you can imagine, the idea being to either:
A: Get your Username & Password – especially for financial services like Paypal.
B: Get your Credit Card number & related details.
C: Get you to click on a link that will download malware to infect your computer.
D: All of the above.
Whether it’s a phishing attack or a malware attack the results can be equally devastating so always take precautions. In many email clients all it takes is to hover over any hyperlinks to see where they point to. Worst case scenario you can always right click and copy the URL to the clipboard and then paste it into notepad. This way you’ll know for certain whether the hyperlink in the email is really pointing where it says it is.
Even this can be misleading however. Depending on the font used it can be difficult to distinguish from the real URL and a spoofed one, observe:
www.paypal.com – Paypal.com as normal.
Paypa1.com – Paypa1 (number one) in Times New Roman
PaypaI.com – PaypaI (capital i) in Arial
There’s a million other variants one can do with any number of legitimate websites.
So, if you’re still paranoid – congratulations, you should be! – then you can always look at some of these URL malware scanners to see if there are any nasty surprises lurking in the links of your emails.
Having a good virus and firewall protection layer and ensuring that these programs are regularly updated will help protect you from these sorts of attacks. As will ensuring that you also regularly update and patch your email client, browser and operating system.
Vigilance and common sense, however, is the only true protection – so always remember the five golden rules:
- If you’re not sure where the link goes don’t click on it.
- If you’re not sure what an attachment is don’t open it.
- If you receive unsolicited* (spam) email don’t ever reply to it
- Unless your email client or antivirus program already has an automatic email attachments scanning feature, always download and scan attachments first before opening them
- If the email comes from a known contact with links/attachments but with very brief and often baffling and grammatically-questionable text, e.g. “hey u – check this out!” always contact that person and ask whether he/she really sent it or not.
and finally
If they reply and say they never sent it then that person’s computer is infected with a virus which has most likely sent itself out to every one of their contacts already. This can be very devastating not just for the security and privacy of a business, but for its reputation too. So if you do suspect you’ve received such a virus be sure to tactfully inform them of that fact, as the sooner they’re made aware of it the better.
Be aware that whilst many spam emails pretend to have an opt-out link at the bottom these are often used to verify that your email address is correct and clicking on them will only result in more spam. It can be hard to tell, sometimes, because you may also be receiving legitimate ezines/newsletters that you subscribed to but have since forgotten about. When in doubt, look the company/organisation up on Google and if you’re still not sure, you can always just flag the emails as spam.
Read more about how to prevent phish emails & spam.