A legitimate looking email arrives from one of your contacts, a potential client, paypal, facebook, twitter or even from your own email server (see below). Something is wrong with your account and they need you to login and verify your password. Click here. Or one of a thousand other reasons why you would want to follow the link they provide.

This link is false. As is this one: http://www.client-x.com/cpanel

Hover over it with your mouse and see it links to an entirely different place on the internet. There, you’ll be greeted by your familiair (but fake) logon screen where you enter, or verify your name and password . These are now, of-course, in someone’s database, along with your IP address and possibly email address. The site might then send on your credentials to the real site and log you on so you will never even know the difference.

Or, you might not even fill in anything but an applet, or script, hidden on the page you were sent to has installed a virus, trojan or Adware on your PC. The possibilities are endless, take for example this example I was asked about this morning by client X.

Subject: your mailbox has been deactivated
Date: Mon, 16 Nov 2009 21:52:46 +0100
From: notifications@client-x.com
To:

We are contacting you in regards to an unusual activity that was
identified in your mailbox. As a result, your mailbox has been
deactivated. To restore your mailbox, you are required to extract
and run the attached mailbox utility.

Best regards, client-x.com technical support.

Now luck has it, we are actually technical support for client X and we sure had not sent the email. When the client wanted to forward the email to us, their anti-virus solution gave a first indication of trouble, the attached ‘utility’ contained a virus.

So how can you know what emails to trust? It is impossible to be 100% sure. There are, however, a number of red flags and things you can do yourself.

Red Flags & What to Do

1. Read the email closely. Does it make sense? Why would a system that you own ‘lock you out’?
2. Look closely at the ‘from’, and possibly the ‘reply to’ addresses. On close inspection, are they real? In the above case, the notifications@client-x.com address does not even exist.
3. Is there a link to click? Don’t. First hover over it and see where it will take you. Is this the same location as it looks to be? You can copy and paste the link into word or notepad if you cannot see it on hovering over. Is it really a link at facebook.com ? Or if you look better, does it actually goto facebook.com.23789myserver.ru ? If the link looks legitimate, BEFORE you fill in any personal information, check the URL or location bar in your browser. Do you see a lock indicating a secure connection? Again, are you really on facebook?
4. Copy a bit of the email and paste it into Google. If anyone else has writen about it, anywhere in the world, you’ll know. I copied the first line of the above virus into Google and got 16,700 hits.
5. And do we need to say? Don’t run any attachment. And if you have to, make sure your anti virus software is up to date and running!

And if you’re worried at all, DO contact us. We probably either heard already, or can find out about it.

UPDATE 8/12/09: The ever useful on-line magazine LifeHacker just posted an article on this subject with lots of useful info and links. Find it here…

UPDATE 25/01/10: Another email in our inbox, another variety of the same scam. We’ll be adding them as comments to this post as they come in…