Our Blog

Malicious Emails

  July 30, 2013

By Heshy Friedman

The Internet is a very dangerous place. It is a world where predators, hackers, spammers, virus-spreaders, and trolls lie in wait for an unsuspecting victim. Even emails can be a danger if you aren’t aware of the hazards that exist with this  seemingly non-threatening process. In this post, I am going to discuss the different types of malicious emails and how to be smart and safe.

Simple Spam Emails: We all get them too often, and they are annoying. Spam emails can be promote anything from watch replicas, to medications, to performance enhancers and beyond. Sometimes they are just weird emails that don’t make much sense. For the most part, simple spam emails are just a nuisance, and we delete them and move on. If you are getting more than a few spam emails a day, contact your email provider to adjust your spam filter or install a new filter to block out the junk. If they give you a hard time, get a new email provider, or use Gmail, which is free and has excellent built in anti-spam algorithms.

Opt Out List:
Many legitimate companies use an ESP (Email Service Provider) to generate mass emails. Mass emails are not spam if they are intended to a specific customer base such as an opt-in list. For example, assume you ordered a product from an online store, and upon checkout you had checked to be added to their email list. You now get emails regularly from them, even if you now no longer want to be on their list. This type of email is considered legitimate and is not spam, since you originally opted in, and you are able to remove yourself from the list by opting out. However, should the email fail to provide an opt-out link, it now becomes classified as spam, and the company sending it out is considered a spammer. Such emails should be reported and blacklisted, even if sent from legitimate companies. There is no excuse for a mass-generated email not to provide an opt-out link somewhere in the body of the email.

Form Spam:
Many websites have a form such as a contact form that emails the submission to your email address. Although the occasional annoying solicitors try to sell their services to you through this form, the main problem with such forms is spam bots. Spam bots are automated scanning programs created by spammers that crawl the Internet seeking out form pages, and then auto-fill the contents of the form with junk. These junk submissions will be submitted to the site owner as emails. Most of these forms can bypass client-side JavaScript validation, and the only way to properly block these is with a “captcha”. A captcha is a set of randomly generated numbers or letters that are required to submit a form. These are used to ensure a human is submitting the form, since bots are unable to read the code which is in a graphic format, and therefore unable to submit the form. Over 75 percent of forms that I have programmed in the past without a captcha have gotten spam, and then required me to add a captcha to stop it. I now, by default, program all forms with a captcha, unless there is strong server-side validation on required fields that will prevent the spam bots, such as valid credit card numbers.

Phishing Emails:
These can be dangerous. Phishing emails mimic true emails and try to get you to enter compromising information which will be used against you. An example is an email from PayPal or a bank that says you need to update your account profile, and provide a link. If you click the link, you are taken to a spoof site where information entered will be stored to try to gain access to your accounts.  If you ever get an email from an institution that you have an account with that asks you to verify your information and update your profile, do not click the link under any circumstances. Instead, contact the institution on the phone and ask them about this email first. These phishing emails are usually easy to detect since many of them are poorly written and have obvious mistakes, and will also take you a website with a strange and suspicious URL. They are often created by foreign hackers, especially from China and Russia. However, phishers today have become more sophisticated and are getting better at making the spoof emails look very real.

PayPal is one of the most frequently “phished” venues. They ask that you forward all possible spoof emails to spoof@paypal.com so they can investigate. PayPal also has an anti-phishing quiz which is worthwhile taking. Take the Quiz.

Impersonating Emails
These are spam emails with a very dangerous twist. The emails come from a legitimate email address that you recognize, and they have a link in the email body, which will often take you to a compromised website. They may also provide an attachment that will open a corrupt file. The reason these emails are so dangerous is because they come from someone on your contact list, and you feel comfortable clicking the link or opening the attachment. Impersonating emails are the result of a computer infected with a virus or Trojan that seizes Outlook and uses it to send spoof emails to legitimate contacts of the originating computer. The results of clicking such a link or downloading the attachment can be devastating. I had a client who clicked on the link of an impersonating spoof email, and contracted a virus in the process. The virus spread to all the other computers on the network, and then their emails started sending out nasty spoofs to people on their contacts. They had to have their IT department redo all the computers in the network, resulting in a significant loss of time and money.

How to Stay Safe:
There are several things you can do to stay safe. The first and main rule is to NEVER click any link from any email unless you have a personal correspondence relating to that person and the email makes sense in context. In addition, NEVER open or download any attached file from any email, even someone you recognize, if the email is not in context. Always double-check with sender regarding any out-of-context email you receive that has a link or an attachment.

Make sure you have anti-malware installed on your computer. Also ensure that your anti-malware software is up to date, and updates regularly on its own. Though most anti-malware will prevent you from downloading a malicious email, and also will stop you from running a virus or Trojan, there are always those that can still slip through the cracks.

Even when an email with a link is in context, always check the link before clicking on it. Most links in malicious emails are hidden behind the words, but in most versions of Outlook you can place the mouse cursor over the link and a pop-up tooltip will preview the full link for you. If the link doesn’t look right and state the web address of the site it is intended to link to, it is probably trying to take you somewhere that you don’t want to visit.

Whenever you get a spam email or any malicious email, don’t just delete it. Junk it. The best way to do it is to blacklist it directly in your email server’s email settings if they have this option. However, this is usually an annoying process which requires you to login to your email control panel or contact your email server provider to set up the blacklist. The easiest thing to do if you are using Outlook is to right-click the email, and tell Outlook to add it to the Junk list. This way you will teach Outlook more patterns in Junk email to look for so that it automatically deposits them there.

Lastly, be courteous to others when sending out emails. Never send just a link or an attachment without explaining what it is. I get emails all the time that are blank aside from a link or just an attachment. I promptly delete such emails, and then contact the sender to ensure they are legitimate.