There has been a lot of talk about fake E-mail messages, virus activity, phishing, and more similar attempts at nefarious activity on the Internet over the years. There probably always will be such talk. It's really nothing new and it isn't going away. There have always been bad people attempting some evil scheme aimed at taking something that belongs to someone else or to harm others for no other good reason than to do so. Your job is to avoid such scams and schemes, and this article is to educate you so that you can spot these schemes and scams before you get caught. Learning to recognize these scams is an important part of Internet life, and it is not difficult. I have saved an actual E-Mail to share with you for this purpose.
Here is a screen capture of that message. I opened the message and used an internal application to take a digital photo of it on my screen:
Here are a few quick clues that this is not or may not be legitimate:
- I have never heard of postcards from Yahoo
- The name of the sender of the postcard is not included in the message. I would expect such a message to contain something like, "You have a postcard waiting for you from John Smith." More on that later.
- The E-mail message has a live link in it (the blue, underlined text).
- It says, "Thank you for using our services !!!" That has an extra space in it and three exclamation marks?
Each of those may not mean much n their own merit, but all together in one message should be enough to make you suspicious, but WAIT! There's More! With every odd E-Mail message you get a free program that has the potential of ruining the data on your computer or even stealing your identity! So would you look at the card to see who sent it? Is your curiosity going to get the best of you?
Let's examine the internal workings of this message and see exactly what is going on inside. In many E-Mail programs there lies the ability to see the source code of the message. In this case the message is written in HTML code (Hyper Text Markup language- the code used to make Internet websites). You can tell it is in HTML by the live links:
The two lines of text which are blue and underlined are links. If you pass you cursor over them the cursor changes LIKE THIS..
Here is the actual HTML code used to display the Yahoo link.
This portion between the quotes: "http://www.yahoo.com"
is where you are taken if you click on it. The portion between the brackets:
>xxxx<
...is what you see on the screen: www.yahoo.com So that link is legitimate in that it links you to where it says it does. But that's only one of the two links in the message, and if you clicked on that first it can create a false sense of security.
Here is the other link:
[NOTE: I have disguised the actual address so that it will not be spread. -ED]
What this displays on the screen is:
The test displayed on teh screen tells you that you are going to get your postcard at yahoo.com, but the link actually goes to: http://www.a-------r.org/~alpha/postcard.gif.exe
If you have been paying attention to all my columns over the years, you already know that the file is an executable and that is trouble! You know it is a executable because it ends in ".exe":
postcard.gif.exe
What does it do? I don't know and I am not going to find out! It could be a legitimate card (I doubt it) but it could be a file that causes my computer to log every keystroke including user names and passwords of every website I visit and then send them to some other location without my permission. So what do you do to avoid such things?
- Be suspicious. Just because it is an E-mail message does not mean you should open it. Even if it appears to come from a source you know such as a bank or service provider, it may not be so.
- When in doubt, delete it. If it was that important the person will contact you again.
- If there is even the slightest doubt, never click on a link in an E-Mail message. If it looks important (like the credit card company telling you that someone has changed your password on your account), open your browser (Internet Explorer, Mozilla, Fire Fox, Opera, etc.) and either copy-and-paste the link or manually type in the address (http://wwww.americanexpress.com for example) and go to the site without using the link in the message. Do not copy-and-paste the link into the browser! If you can't find the information that way it is not that important or may be illegitimate.
- Even if the message appears to have come from a friend or relative does not mean it did so. Even if it says something like, "You have a postcard waiting for you from John Smith," and the name is someone you know, it still might be a scam. Some of these malicious messages get into computers, then use that person's computer to send the message to everyone in their address book! In other words, just because the message says it comes from "John Smith" does not mean that John Smith intended to sent it or even knew it was sent.
- Use an E-Mail application that avoids such confusion. In the newest version of Eudora (which has a free version) it warns you if the visual link does not agree with where it is about to send you.
- Watch for misspelled links. Would you go to www.washingtonmanualbank.com if the link appeared in a message that appeared to come from your bank? I hope you answered no!
So who is the person who perpetrated this scam? Did he do any damage? What if you clicked on the link and your computer was damaged? We probably will never know who that really was, and if you were somehow scammed you are probably out of luck. These people set up these accounts using fake ID and paying cash (or use a stolen credit card) hoping to nab one or two unsuspecting victims, then they are gone. Just after I received the message I tried to check for the account but it had already been deactivated!
|
