Spam, scam, phishing!

Spamming, phishing, junk. It can sometimes feel like your email address is constantly under attack. So what to do? This is my experience, and hopefully other members more experienced than moi will add pointers, advice and suggestions.


For starters, get a Google (or whichever you prefer – Hotmail, etc.) email account. Always use this account if you need to provide an email address to access a website. I use Google all the time because they have good anti-spam and anti-phishing filters. I back up these emails into Outlook AFTER they have been through Google. I also use Google to fetch emails from my other accounts, as I have several email accounts through my own two websites. Hopefully, those of you who use other providers such as Yahoo, Hotmail, etc. can add to this.


If you run a website for your business, DO NOT put a link to your email address on the page. You can easily use a “contact” form (available free if using Wordpress). If this option is unavailable, you can edit the HTML so it looks like this: sheila.walshe [at] gmail.com. If you think it’s necessary, you can also post in smaller text “please copy and manually insert the “@”.


GOLDEN RULE 1: Never, ever click on a link in the email message. If you think the email might possibly be genuine, open a new browser page and manually type in the URL and investigate further.


GOLDEN RULE 2: Never, ever respond to emails seeking any personal information. A recent Facebook scam directed people to a page to “verify” their accounts. It looked good, looked like a genuine FB page – the giveaway was a box to fill in your credit card details. Always log into Facebook via secure log-in, i.e., https.


So, as happened to an SFN member this morning, you’ve received an email from EDF saying your bank refused the latest request for payment. Is this genuine? NO, it’s not. Most reputable companies (and I use this term advisedly when referring to EDF!) will not contact you in this way. Perhaps you’re still concerned and think the email might just be genuine. Ok, then follow these authentication steps (taken from Google this morning):


Recipients can use authentication to verify the source of an incoming message and avoid phishing scams. For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information.


You can view the authentication information by opening a message and clicking on the 'show details' icon below the sender's name .




  • If a message was correctly DKIM3 signed, a 'signed-by' header with the sending domain will appear.

  • If a message was SPF authenticated, a 'mailed-by' header with the domain name will appear.

  • If no authentication information exists, there will be no signed-by or mailed-by headers.


If you would like to know more, here is the Google link: http://support.google.com/mail/bin/answer.py?hl=en&answer=8253&topic=1669056&ctx=topic


Many of us run hotels, gites, B&Bs, and we will all have received those emails enquiring about availability for “X” number of people for “X” weeks (insert your own figures here). Here’s a classic example I received a few weeks ago:


THIERRY VIGNON


Adresse : Place de la république, Boulevard Mitterrand


11 bp 475 Bamako 11


Téléphone : 0022 566 832 361


Bonjour


Je suis Mr THIERRY VIGNON je vous contacte afin de vous faire part de


mon intéressement pour votre location de votre bien pour une période


de 3 semaines à compter du 07 juillet 2012 pour mes petites vacances


étant donné que ma mission de travail prend fin bientôt .


Je désire avoir plus d'informations sur votre location a savoir une


bonne description des lieux et le tarif pour la période demandée.


N'hésitez pas à me contacter par si vous êtes intéressé par ma


proposition 0022 566 832 361 ou sur mon adresse e-mail:



Most of us will spot this as a scam straight way. For starters, he says: votre location de votre bien. The genuine enquirer would at least have made mention of the area. Also, full details of the house, and the charges are set out on the websites. A useful exercise to perform is to do a Google search on the sender’s name, and/or copy a line or two of the text and paste into Google search.


I hope this helps, and please add your knowledge and advice here.