Everyone gets junk mail, stuff from spammers who hope you’ll click on one of the links in the body of the email. As you know, clicking links in mail from someone you don’t know (or even from someone you do know!) can be dangerous. Today we got an email from wikimedia.org for a certain kind of product that shall remain nameless. Wikimedia? Sending out spam? Nope. Let’s see who it was really from.
1. Hovering over the email in our junk folder brought up this supposed ‘source’:
2. Here is what the email looks like when you right click it in your inbox and choose ‘view message source’.
3. Lots of numbers and letters but there’s one set of numbers that lead to the source of the email, in spite of what the address is on the email itself. This is who the supposed source of the email is:
4. This is the IP address of the real sender:
5. Here is that IP address copied and pasted into the search line at Who.is :
6. The search came up with this information for the REAL sender:
7. By the way, here is the real IP address of Wikimedia.org:
This might seem like an exercise in futility but these few steps will help you track down the source of many things, not just spam email. Knowing how to check an IP address is important, at least we think it is, plus discovering that Wikipedia isn’t sending out spam is reassuring, isn’t it?
Once you know the tricks, you can feel safer and more confident online. These tricks can be used to track down spam but they can also sort out suspicious emails from strangers who pretend to be from another country. Is your email buddy really from England or Canada or are they actually in China or Africa? Now you’ll know exactly where they’re from.
That’s it for today, thanks for reading! Comments and questions are welcome but Likes on our Facebook page get immediate attention. Here’s the link: Computers Made Simple on Facebook .
We’ve noticed so many new kinds of scams lately that we thought we’d update you with some tips on how to spot one. Off we go:
1. If it sounds too good to be true, it most definitely is. Just as you know you didn’t already win the Publisher’s Clearing House millions, you didn’t win the Yahoo/Microsoft email contest either. Oh, and about that money held in escrow in England after that guy died? Nope, not going to happen.
2. Most banks, if not every bank or financial institution will never email you about a sketchy transaction or suspicious activity. They’ll either call you on the phone or simply suspend your access until you both can sort it out.
3. Anyone you do business with already knows your name and account information. If someone calls you and asks you to verify anything with them, tell them no, then call the bank/company/whoever yourself, just to check. They will know immediately from their records whether they have contacted you recently.
4. Do not answer polls on the phone, specially ones about home security, no matter how legitimate the person may sound. While you are answering the questions, you’re also giving the caller all kinds of information about your home, your current state of security as well as the hours when you’re there.
5. Never give money to anyone who is going door to door in your neighborhood. Even if they say they are from the Children’s Wish Fund or the Heart and Stroke Foundation, don’t give them any money. Why? Most of the time these people are scammers. Even if they aren’t, they are making money from the money that you hand out. In most cases, they are paid reps not volunteers. Give directly to the charity, and choose the charity carefully. This ensures that the money goes directly where you want it to, not into some scammers pocket.
6. Never donate a dime to the folks who hang around just outside the grocery store collecting for children’s charities or pet adoption outfits. We’ve checked dozens of these and not one has ever been associated with a registered charity. The money you give goes directly into someone’s pocket, not to a charity.
7. If you get a message on your answering machine and you don’t know who called, don’t call them back if you don’t recognize the area code. The 1-800 series of numbers are usually OK but there are numbers out that that will cost you hundreds of dollars a minute in charges. You’ll get a big surprise on your next home phone or cell phone bill. Look at it this way. If it’s important, they’ll call you back, right?
8. Don’t add unknown apps to your mobile phone. Some of the horoscope or trivia apps will send you text messages every day or several a day, all the while charging you money for them. Getting out of these charges is next to impossible. This goes for some Facebook apps too. In the signup process the charges will be hidden in the fine print and, if you’re like everyone else in the world, you never read the fine print. Getting a daily horoscope just isn’t worth $2.50 per text message, is it?
9. Check emails for spelling mistakes. That goes for websites, too. If you happen to get directed to a website that looks legitimate, check for misspelled words, bad English, etc. Scam or spam email is known for grammar errors and words that are misspelled. ‘Informations’, with an s, is a popular mistake that you will see over and over again.
10. Update your technology regularly. Windows updates itself whenever a new exploit is detected. This goes for your mobile devices as well. For us, a new version of WordPress is installed as soon as we find out about it. These updates help you avoid identity theft. By the way, if you get a notice of an update that comes from an unexpected source, let’s say while you’re on a website, stop what you’re doing, close the site and restart your browser. Chrome, for instance, updates itself every time you start it. Internet Explorer doesn’t but that in itself is a great reason to switch to Chrome, isn’t it?
Stay safe out there. If you have a security concern, talk to us about it. If you have found a new scam, let us know so we can spread the word. Do it in the comments below or Like our Facebook page and tell us there. Here is the link: Computers Made Simple on Facebook
We’ll get right to the point of today’s post. Here’s an example of a bad and very dangerous email:
A credit card approval in sixty seconds, supposedly from First Premier Bank. A telltale clue is the address up on the top left. Do you think the First Premier Bank would use ‘edanasupermoistnep.com’ as their email address? Apparently, some people do, otherwise criminals wouldn’t bother sending out millions of these junk emails. If only one half of one half of a percent even answers one of these emails, the mission would be successful.
Here’s more:
The link in the email does NOT take you to First Premier Bank. Additionally, although the bank’s address in South Dakota seems to be correct, the Texas address isn’t. It’s a well known source for this and other suspicious emails. If you received an email like this one, you’d delete it right? We hope you would. If your credit isn’t that good, however, the attraction of a ‘Bad Credit’ card might be very attractive. Unfortunately, after a bit of digging, we discovered that a First Premier Credit card is the last credit card you’d want. With interest rates up to 79%, you’d almost be better off borrowing from a loanshark.
We did not click on any of the links here, obviously. It was a simple matter to block further emails from this address, at least it was on hotmail/live/outlook. We suggest you do the same.
Here’s an example of a real email from a bank.
We’re in Canada and we deal with several banks here. The Royal Bank is one of the largest banks in the world so we feel pretty safe doing some of our online banking with them. This email is simply a notification that our electronic statements are ready to be viewed online. No big deal, right? How do we know that this is a real, and safe, email? Well, it contains a real name, for one. The account numbers (blacked out) match ours and, as we said before, we actually have accounts with this bank.
Still, there are some things in this email that we should warn you about, primarily the contact telephone numbers. While the numbers shown in this email are virtually 100% safe, don’t use them to contact the bank. Why? Because sometimes hackers have access to some of your information but not all of it. Let’s say that someone knew we dealt with the Royal Bank and somehow obtained the last four digits of our account numbers. How could they do that? Maybe from a slip of paper blowing in the wind on garbage day, for one.
If this person needed the rest of our information, it wouldn’t take too much time to draw up an email like this and zip it off to us, complete with phone numbers that would be answered by that person. If you want to contact your bank, how would you find the real number? Easy. The number is on your bank statement, on your credit card and your debit card as well as on your cheques, at least in some cases. Additionally, make sure that you type in the url of the bank’s site, don’t trust the link. We are pretty sure that this email is completely safe but you never know, right? Why not take the extra bit of time to look up both the phone numbers and bank url yourself? If you get in the habit of doing that every time you contact one of your financial institutions, you’ll be well on your way to keeping your identity and your assets safe.
What have we learned? Mainly that you have to be suspicious of just about everything.
1. An email from your bank should have your name either in the body or in the subject line. Emails from Paypal, for instance, always have your name in the subject line. This simple precaution has virtually wiped out phishing emails attempting to steal your Paypal credentials.
2. Don’t click on links or phone the numbers in these emails, even if you are sure that the email is safe. Enter the bank’s URL yourself. Look for the bank’s telephone number in a bank statement, in the phone book or on your credit/debit card.
3. If you don’t deal with the bank that supposedly sent you the email, delete it. Most banks don’t use email to contact their customers except for simple statement notifications similar to the one we showed you above.
4. Above all, if a bank or credit card company has found ‘unusual activity’ surrounding any of your accounts, don’t you think they’d call you on the telephone? Think about it. Stay safe.
Thanks for reading! We’ll continue this series over the next few posts. We will share more thoughts and links on our Facebook page. Here is the link to it:Computers Made Simple on Facebook.
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
Just this morning we read that 100% of attacks on computers are criminal in nature. What does that mean? Simply that hackers aren’t out just to have fun, they are actively trying to steal your personal information. It’s not only personal computers that are under attack. Read this story about how a major Canadian bank was scammed out of $87,000.00: Bank of Montreal Gets Scammed Once you read the story, you’ll see how all of this started. The customer’s email account, which had been hacked, was used to initiate the process.
We’ve written posts about how you can protect your email account(s). Here’s a link that shows some of them: Email Password Protection Make sure you read as much as you can about using a strong password as well as how to enable two-step authentication. For that matter, make sure you use multi-level authentication for virtually everything you do online. Most email providers as well as banks, social networks and financial institutions already require this. Make sure you take advantage of it.
Enough preamble, let’s get to a new type of scam that you might fall prey to. This involves Google Maps. Bear with us while we explain how it works:
1. If you run a business, you can put your location and business information right there on the Google map of your city, complete with your street address, your logo and your phone number. This is where the danger is, that phone number.
2. Hackers have found a way to install fake telephone numbers in Google Maps. Let’s say you’re looking for a bank branch in another city. It’s easy to check a bank’s name, just type it in and you’ll immediately see little flags all over the map. This works for anything, restaurants, hardware stores, police stations, etc. Here’s an example of the information you might see:
3. Before you call the Citibank number, it might be a good idea to check the number somewhere else, let’s say on Citibank’s real website. Use the map for the location but NOT for anything else. This doesn’t apply only to banks. Here’s a link to the story explains the exploit and how several people thought they were calling the FBI but were really calling a hacker, this time an honest one:
These are a few things to watch out for when you’re online. In our next post, we’ll get into a bit more depth on these scams and how you can protect yourself from them. Stay tuned. In the meantime, ask questions or comment below or on our Facebook page. Here is the link to it:Computers Made Simple on Facebook.
Thanks for reading!
________________________________________________
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
We’ve noticed a new email threat, this one involving a notice from Efax which tells you that a new fax has arrived. In the email there is a link, supposedly to the fax, which the sender expects you to click. If you do happen to click the link, you’re taken to a completely different site, not the Efax site that is indicated in the link. At that point you might download the file, a zip file which has ‘pdf’ in the name. In that zip file is a virus and/or malware which will most likely install a keylogger or other spyware on your computer. This is what the email looks like:
If you were to hover your cursor over the link, shown here in black, you would see another URL down at the bottom left. Here is where the link actually leads:
Now, Efax is a real company. We’ve used them in the past and they’re handy if you don’t have a fax machine or, in our case, when your telephone system does not support a fax machine. (VOIP lines do not support faxing.) If you were to check the apparent address of origin by hovering your cursor over the email in your inbox, you’d see this:
It’s only when we look at the message source (right click the email in the inbox before you open it and choose ‘view message source’), that we see where the email really originated. Here’s what we found:
To sum all of this up, here’s what we’ve got: An email that appears to be from Efax.ca, but isn’t. A link that appears to lead to Efax.com, but doesn’t. Finally we have a fax that isn’t a fax, it’s a zip file full of malware/spyware or a virus. Dangerous stuff, right? Our feeling is that you’d really have to go out of your way to get infected this way but people actually do get hit every day. We’d suggest reading this post a few times. All of the information you need to figure out if an email is legitimate is here. Feel free to share it with friends and family.
This post is about one email. Believe us when we say that we receive many such phishing emails every week. They might appear be from Efax, a bank, a government agency or a company that you may or may not have dealt with in the past. They all have one thing in common. If you don’t catch them and happen to click on the link, you’ll be in trouble. Be careful out there, OK?
Thanks for reading! Questions or comments are welcome. You can also ask questions on our Facebook page. Here is the link: Computers Made Simple on Facebook
_________________________________________
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
a little bit of hi-tech, a little bit of common sense and a lot of fun