What’s Wrong With This Email?

One of my pet peeves is phony security warnings by e-mail, or masquerading as pop-up warnings on your computer.  By the way, if you are getting pop-ups, your machine is already compromised.

I am going to show you a couple of e-mails from my Junk Mail folder as an example of e-mails you definitely want to delete without opening.  They are images are jpegs, so the links are not functional.

Lets look at the first one.  Click on the image to enlarge it.

AVG Internet Security correctly marked this message as SPAM and dropped it into my Junk Mail folder.  If your security product is not filtering your Outlook or Outlook Express inbox you should find out if it can, and enable the feature, or look for a new security suite.

The From address is usually a clue – who are these guys?  Reputable security vendors can be verified by searching Google for the domain name, in this case "wholovesdealz.com."  A quick search revealed no information about this company.  With everyone and his uncle fighting for search engine ranking, the utter lack of information says everything – this is a fly by night outfit that will be gone as soon as they can clear out your bank account.

Outlook 2007 correctly disabled the links in this e-mail as potentially dangerous.  If you are using some form of web mail (AOL, gmail, Yahoo, hotmail) and reading your mail in Internet Explorer, make sure your e-mail service provider is filtering your SPAM, and that the feature is enabled.

Now lets look at the second one for the Golden Firewall.  It exhibits most of the same issues.

These e-mails come with unsubscribe options, which also should be avoided.  Clicking on the unsubscribe link just verifies that your email address is valid and actively in use.  Clicking on the unsubscribe link usually will increase the amount of SPAM you receive, as validated addresses are sold for premium prices to other spammers.

The best thing to do is mark them as SPAM or Junk Mail with your security program, email program, or webmail service, and move on.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.