What’s in my Inbox? Recent Spam and Phishing attempts

Until social engineering fails as an exploit or it becomes unprofitable to scam companies and individuals via email, there will be Spam and Phishing. Spam and Phishing now accounts for more than 50% of global email traffic and has a diverse portfolio of subjects, origins, support websites and exploit software. Rather than getting overly technical, lets discuss the Junk in our own Inbox.

What’s Junk in My Inbox?

My Spam

I get some really boring spam. Home Warranties, Insurance, Credit and Retirement planning offers are the majority of my trash, but I get some interesting consumer spam around Wild Seafood and Diet Chocolate. Why seafood and diet chocolate? I have no idea. I only moderately like seafood and hate low-end chocolate. The rest make tremendous sense – all of them have a significant financial impact.

Keys to Recognizing Spam and Phishing

  • There is a financial incentive
  • There is an overwhelming sense of urgency
  • There is a need to login or check on your account – immediately
  • The origin is a company with which you have no connection
  • The subject line is strange or hyperbolic
  • Something is offered free

If you think it’s spam or phishing?

  • Don’t open it – Legitimate emails track open rates, and so do spammers. Fraudsters know who is a decent mark if you open it.
  • Don’t click on any links – In addition to showing the spammer that you are game, they’ll now have the opportunity to try to get you to download malware, provide login details or give them your credit card.
  • Don’t unsubscribe – You just told them that your email address is valid. Spammers will use it in other attempts. They are constantly refining their pitch and you just told them one of them failed.

Things you can do…

  • If you suspect this is a legitimate communication from a website you actually use – You can go directly to the website. Don’t click the email link, instead, Google the domain or go directly to the .com.
  • If you think it is a scam – Google the subject line or the sender. If it’s a scam other people may have questions about it and many security companies keep lists of spam subject lines.
  • If you must open it – You can Google some of the content or URLs in the content. That will give you information on the potential for scam. You can also use MxToolbox’s Spam Analyzer as a gauge to test the spaminess of the email.
  • Mark it as Junk – Every Inbox Provider has a method to mark an email as Junk or Spam. This feeds into their algorithms to detect new Junk and Spam. Marking it gives your Inbox Provider additional information in their pursuit of a Spam-free inbox.