Thursday, March 17, 2011
Fighting Email Scam through Simple Technical Detection
Over the last months, I received over 30 scam emails. I analyzed these mails to determine if there were technical commonalities that would help a lay user detect fraudulent emails. I found a two.
All the scam mails came from free webmail ids such as gmail and Yahoo, and for those which promised an award the user name was typically modified to resemble the company which offered the award
A scam mail promising an award from Microsoft titled “Message from Bill Gate” was sent from a personal id but requesting claimants to write to . In normal course the id would have been but to make it sound official “Microsoft” has been added into the username
Most scam mails have the reply address different from the senders address
Scam emails which require victims to communicate with the scammer in over 60% of the cases had a different reply address. This was done by setting a field in the email header unknown to a normal user. Identification is simple; when you click the reply button compare the reply-to address with the senders address in the body of the email. In most cases they were easy to distinguish as different, but in some made difficult
Easy: Sender Email - Reply To
Tricky: Sender Email - Reply To
Keep your desktop updated with the latest antivirus and change passwords every 60 days. Reduces your risk of downloaded malicious software remaining undetected for a long time and prevent downloads of known malware. If you do detect malware in a scan, it may be advisable to change your passwords. In any case frequent change of passwords reduces your window of exposure.