March 21, 2005

Tips for Identifying Phishing & Fraudulent E-Mails

Microsoft, in its battle against spam and online fraud, has a very good article describing deceptive e-mails. It covers how they work, and how you can spot their characteristics.

To summarize, many deceptive e-mails have the following attributes, either separately or in combination:

  • Requests for personal information
  • Urgency, such as closing or deleting your account unless you respond
  • Deceptive links (HTML e-mails can display seemingly valid links, but the underlying link goes elsewhere)
  • One or more images to get past spam text filters and/or phone home as web beacons
  • Attachments containing all kinds of malware
  • If it sounds too good to be true -- it is
I'll add one of my own: False authority. Many appear to come from recognized companies and organizations.

Say what you will about Microsoft security, but I applaud their efforts to educate people on these attacks. Protective software and security only go so far, especially when it comes to e-mail. The rest is up to the recipients, so we need to know how to protect ourselves.

Topic(s):   Privacy & Security
Posted by Jeff Beard