4 Tips to Avoid Spam

Published September 25, 2017

1. Watch for Spoofed Email Addresses

Pay close attention to the sender’s email address in any suspicious message you receive – and don’t reply or click any links. Attackers often use spoofed email addresses (email addresses that appear to come from a trustworthy source) to trick the recipient. These emails often include phishing attack attempts. Spoofing is done in a number of ways, but a few of the more common ways include:

Changing the name of the sender so that it does not match the sender’s email address: It’s easy to change the header information of an email so that the sender’s name doesn’t match the sender’s email address. In the image with Example #1, the spammer changed the name to read “Katrina”, in an attempt to make the email appear as if it was from a familiar source. The email address, however, is clearly unfamiliar and untrustworthy: “huixinsoft105@foxmail.com.”

Using characters that are similar to actual letters in order to make the sender email address to appear to be from a recognizable source: For example, many Greek characters look similar to latin letters, such as the Greek character “ε” and the letter “e”. Emails may use the Greek character instead of the letter “e” in the sender’s address, like this: “example@εtczonε.com.” Unless the recipient is paying attention, they might not notice the email address is incorrect.

Creating a fake sender address that references a normally trustworthy institution: Emails like “aigdirect@rixobalkangrill.com,” as in Example #2, are a clear attempt to convince the reader the email is actually from AIG Direct. However, a quick google search reveals that legitimate emails from AIG Direct will probably end in “@aigdirect.com.”

2. Don’t Give Out Personal Information

Phishing scams usually appear to come from legitimate businesses, like your bank and contain URLs that link to malicious web pages asking for your private information. Legitimate businesses will never ask for personal information such as passwords or credit card numbers via email. Giving out your information can lead to drained bank accounts or even identity theft.

3. Avoid Strange Attachments or Unfamiliar Links

The best policy is to refrain from downloading files or clicking through links in an strange email, unless you trust the source. Malware, viruses, and other types of malicious material can be easily downloaded to your server or computer through attachments or malicious links, such as the Dropbox link in Example #3. In addition, dangerous files can come in any form, even with familiar extensions like .docx, and are often zipped to conceal their true file type.

4. Seem Too Good To Be True?…. IT IS!

Another sign of a dangerous spam email is when the content seems too good to be true – often in the form of a promise for large sums of money. Such emails are actually phishing schemes trying to collect bank account information from the recipient. These scams come in many forms, including the story about the government owing you money in Example #4. You might also see promises of money from foreign royalty, the announcement of a fake lottery win, and even get rich quick schemes. The goal of an email that seems too good to be true is to encourage the recipient to click a link and provide their bank account information – a classic phishing scam.

Spam can be dangerous and can leave your computer or server vulnerable to future attacks. Following the above tips can help you identify the most common types of spam. Also, don’t forget that even replying to spam attempting to “unsubscribe”, or even opening the email can come with its own set of dangers! If you believe something to be spam it is best just to delete it before even opening it.