Architected Futures™

Tools and strategies ... for boiling the ocean

Spam Awareness

Submitted by joe.vansteen on Thu, 12/08/2016 - 10:38

I received a interesting spam email today and thought I'd share my journey. I was intrigued since it did not get caught by either the Gmail spam filter, which normally catches a lot, nor by by Outlook email spam filter which normally catches almost all of the remainder.

Like most folks I've been doing some holiday shopping. Like most folks, some (a lot) of my shopping has been via the internet, with package deliveries via the postal service, DHL, FedEx, Amazon deliveries, etc.

So today in my inbox i get an email with the title that says:

[Norton AntiSpam]JOE, Delivery Notification, ID 00000793464

from a sender whose name starts with:

FedEx Interna...

the only part I can really see without somehow playing with the incoming email.

On top of the email spam filters I am also running Norton Antivirus, I have a certain risk tolerance, a backed up system, and a healthy curiosity. And, oh, did I mention there was an attachment.

Anyway, I decide to let my curiosity get the best of me, and I decide to at least click on the email in my inbox, to let it open in the email window, so I can see a little more of what this is about.

Full name of sender:

FedEx International Economy [[email protected]]

Not good.Bad continuation on a bad start. (This was somewhat obvious from the original title on the email.)

Message content:

Dear Joe,

This is to confirm that one or more of your parcels has been shipped.

Delivery Label is attached to this email.

 

Thank you for choosing FedEx,

Seth Everett,

FedEx Delivery Agent.

Attachment:

FedEx_ID_00000793464.zip (5 KB)

I Google "Seth Everett" and it turns out what I get is a hit on a guy who is a radio announcer in the New York City area.

I Google "maderaslasabana.com" and I get a bunch of hits. Each hit is on a "page_id=123" type references, all in Spanish, with a Google offer to translate. I click on "translate this page" and I get a Google error message that says: "This page was not retrieved from its original location over a secure connection." ... on a couple random picks, and a redirect to yoursprize15.com on one of the hits.

I don't actually get redirected to the site. Instead Google gives me a red screen with the content:

Deceptive site ahead

Attackers on yoursprize15.com may trick you into doing something dangerous like installing software or revealing you personal information (for example passwords, phone numbers, or credit cards).

Clicking on "details" on the Google page adds:

Google Safe Browsing recently detected phishing on yoursprize15.com Phishing sites pretend to be other websites to trick you. Learn more. [Another Google hyperlink.]

You can report a detection problem, or, if you understand the risks to your security, visit this unsafe site.

I've played with this enough to satisfy my curiosity on this one that got through. I'm very aware of the issues so I back out of the site with my browser, delete the email, and then permanently delete all of the items in my deleted email folder.

Sorry Seth, almost guaranteed not to be your name. (Your real name is highly likely to be something either Russian, Chinese, Korean, or Iranian.) I have no desire to have my computer join a bot net. I need my cycles for my own productivity. MS Windows has been stealing enough of my cycles recently with the funky forced update to Windows 10 Anniversary Update.

"Be careful out there folks!"

 

Update December 11, 2016

At first I thought it was an interesting one off occurrence. But today I got a second one of these, and my wife says she has also received one.

Today’s message was generally the same, malicious email with attachment “from FedEx” trying to get me to open an attachment “shipping label.”

This one claimed to be from Franklin Richmond at “portfolio.madehuge.com” sending me my shipping label info … Franklin wants to make me money. He claims to be a “mail delivery clerk.”

Now, why do I think he's not who he claims to be? => delete without opening. Do not waste time with further reading.

 

Be careful out there!

Joe

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
SystemsThinking