Google+ Take the Quiz: Find 5 things wrong with this email By Justin Ferris ~ High Tech House Calls
Expert Computer Consulting for Homes and Small Businesses

Let there be hope...

Life has changed there is no doubt and we wanted to reach out to see how you are doing.

As we go through this interesting time, we are trying to look at this as an opportunity to focus on our family and on friends like you. Let us use this extra time to catch up and talk more. Let us cook food that is not fast, but interesting and satisfying. Let us learn to enjoy a time to try new things. Let us find ways to enjoy time at home!

Computer Security

If my client base is any experience, anyone can be a victim of a Ransomware, Malware or Virus attack.

What can you do about it?

I conduct audits of your entire computer infrastructure and apply best practice solutions to plug the security holes on your computers, Smartphones and networks.

Now offering consultations to give you the best protection possible:


404.229.0839
carlthorne@hthcatlanta.com

Jack of All Trades, Master of Many

Jack of All Trades, and Master of Many

We provide technical support for:


Homes and small businesses

Windows and the Mac OS platform

iPhones and Android Smartphones

Wireless and wired networks

New device setup

Old device upgrade or repair

One-on-one training

Remote assistance


How To Stop Malware

Monday, February 15, 2016

Take the Quiz: Find 5 things wrong with this email By Justin Ferris

 Here at Komando.com, we're always telling you to watch out for fake emails that hackers use to trick you into visiting malicious sites or downloading viruses. But spotting these emails can be tough sometimes. So today, we're going to show you a typical phishing email and you get to see if you can spot the five reasons you should be suspicious if it, or one like it, appears in your inbox.

Just to let you know, two of the reasons are going to be tough without having the real email in front of you. However, these are things you should look for in any email you get. That being said, here's the email.
amazonfake
-advertisement-
From: "Amazon" <xxxxxxxxx>
Subject: We Have an issue with your account
Date: November 17, 2015 at 10:08:28 AM MST
To: xxxxxxxxx
Reply-To: xxxxxxxxx
Dear Amazon.com Customer,
During our usual security enhancement protocol, We observed multiple login attempt error while login in to your Amazon account .
We have believed that someone other than you is trying to access your account for security reasons,
We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update
Ready to find out how you did? Keep reading for the answers. We'll start with the two hardest ones.

1. Email addresses

For privacy reasons, we had to redact the email addresses from the image; it appears this email was sent out from a hacked personal account. However, we can tell you that the From and Reply-to addresses were not Amazon addresses. While hackers can trick the "From" to give any name they want, if you hover your mouse cursor over the From name, or click on it, in most email services you'll see the actual address pop up after a few seconds.

In this case, the address was clearly a personal address. Even if the address did say "Amazon" in it, though, look for tricks like "amazon.something.com," or "amazon@something.com" where Amazon isn't the actual domain. Legitimate emails from Amazon will only end with "amazon.com".

2. Links

Again, you couldn't tell this from the example above, but the links in the email weren't to Amazon. Instead, the email's links were to a form page on a random server that didn't say Amazon anywhere in the address.

If you had gone there, there would likely be a spot to enter your Amazon username and password. Typing it in would have given the hackers access to your Amazon account.

To spot this trick in other emails, hover your mouse cursor over the button or link. You'll see the real link pop up after a few seconds. You could also right-click on the link, copy it and then paste it into a text document to see where it would really send you.

3. Language

The hallmark of most phishing emails is the terrible use of the English language. Even in cases like this where the hackers take the time to get a template of a real Amazon email (although that security logo is an obvious late addition), they still can't seem to write good copy.

While a company's official email might have the occasional misspelling or grammar gaffe, a standardized notification email like this should be perfect. Plus, this sentence alone would get any Amazon employee fired: "We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update"

4. Instructions

Aside from how the email is constructed, pay close attention to what it asks you to do. It says that there was a security problem with your account and you need to click a button to log in. That's a classic phishing technique.

Any responsible company that's sending out an unsolicited security notification will tell you to go to its website home page and log in to your account from there. It might tell you to call customer service with any questions. It won't tell you to click a button or link, or download an attachment.

5. Fine print

Because this template was stolen from a real Amazon email, the fine print at the very bottom doesn't match up with the main body. Specifically, this line stands out: "Please note that product prices and availability are subject to change. Prices and availability were accurate at the time this newsletter was sent; however, they may differ from those you see when you visit Amazon.com." Obviously, this was a deal or product notification email the scammers used, not a security email.

So, how many of those problems did you spot? Would this email have fooled you if it showed up in your inbox? Let us know how you did in the comments, and if there was anything else that tipped you off that we didn't cover.