Another day, another countless thousands of spammy emails cluttering inboxes all over the world.
Luckily, most such emails can be easily identified as spam, if you know what to look for. Consider last March, when news of the Netflix phishing scam first broke: would-be thieves sent out a mass of emails purportedly from Netflix and warning of a problem with the recipient's Netflix subscription. Anyone who fell for the bait hard enough would eventually give the thieves full access to their computers, and any personal files therein.
But that scammy phishing email contained plenty of hints that it wasn't a genuine Netflix communique — even before you do your own independent online search for Netflix's customer service contact information and (unsurprisingly) discover a phone number entirely different from the one the phishers wanted you to call.
Another example of “spam deconstruction” can be found on the PhishMe security firm's blog, which on April 29 posted a seven-point takedown of a piece of email spam with a particularly virulent piece of malware in an attached file. (If you had to choose one of those seven points as being most important, it's most likely number three: “Zip file – It is uncommon to receive a legitimate zip file in an email. More times than not, it’s bad.” That, in turn, ties in to the well-known malware-protection rule “Never download a suspicious or unsolicited file.”)
Ask yourself ...
PhishMe pointed out some other red flags indicating possible spam, including the fact that the email, which started out with the words “Hi, there! This is your neighbor writing here. Today your attorney popped you, but you were out, so he left a message for you,” actually had a Russian sender (is your neighbor Russian?).
The alleged attorney's message was in the infected zip file (which, if opened, would give hackers the ability to steal pretty much any files in your computer). But if you read the full text of the email – and imagine it's an email which actually landed in your inbox, rather than something you're reading on a security blog — you'll notice some other indications of spamhood which are quite obvious, if you think about it for more than two seconds.
For example: even assuming you do currently have an attorney, and are expecting her to give you some files, what are the chances she would ever say “Hmm, since my client's not home, I'll just give an e-copy of these super-important files to one of the neighbors”? (Hint: close to zero, because any attorney who tried this would be disbarred for violating client confidentiality.)
Another sign which most (though not all) spam has in common is its complete lack of specific, personalized details. Suppose you, personally, had to send an unexpected note (or email) to a neighbor. Which format are you most likely to use: “Hi there, this is your neighbor,” or “Hi [neighbor's name], this is [your name]”?
If someone knows you well enough to have your email address, they should know you well enough to know your name.