In the early days of the internet, the dangers of spam were easy to avoid by following a few simple rules. You could dodge most security risks and identity theft by deleting unsolicited attachments and offers from “Nigerian princes.” Then, spam-recognition algorithms became advanced enough to rid us of most of the chaff in our inboxes. All the while, spammers and identity thieves developed more crafty strategies. Here, we discuss the modern spamming techniques of spoofing, phishing and pharming and how to identify spam that poses security risks.

Spoofing, Phishing and Pharming

The most basic type of spam is an unwanted e-mail. Some of the more sophisticated strategies you might encounter include: 

• Spoofing. This the practice of hiding the true origin of a message. The spoofer hopes to trick the recipient into thinking the source is trustworthy, usually someone they already know or do business with.

• Phishing. In this more targeted practice, the spoofed e-mails act as the bait. They entice the user to click through to a bogus website and provide passwords and other personal information. The sites are designed to look legitimate and often ask for account-verifying details and other info that will be useful for identity and financial theft. With spear phishing, thieves target recipients even more specifically by cues from social media and other public information.

• Pharming. With this more complicated strategy, the thieves reroute the DNS (domain naming system). The website url appears to be accurate, but the user redirected to a bogus site that will harvest their sensitive information.

Identify the Spam and Avoid the Scam

If you receive an unexpected e-mail that circumvents your server’s anti-spam system, you should scrutinize it. A lot of the same rules can keep you safe now as they did ten or twenty years ago, but it still pays to be vigilant. Here are some red flags to help you identify spam and avoid falling prey to scammers.

• The e-mail is unsolicited and contains attachments. Particularly in business, it’s typical for people to warn you before sending documents or other items that need your response.
• The e-mail arrives at an address you never gave the company. This may seem obvious, but it’s worth double-checking if you’re in doubt.

• The note addresses you in a generic way. For example, your bank will always address you by name and not “valued customer.”

• The sender’s address is suspicious. Be sure the e-mail domain matches the company. Make sure they haven’t slipped in numbers or other characters to replace letters and make the address look legitimate.
• The design is inconsistent with the company’s other communications. Businesses usually style their communications with brand consistency in mind.
• The link text doesn’t match the destination url. Regardless, It’s best not to click on any links from unsolicited e-mails.
• The e-mail asks for sensitive information. Companies will never ask for passwords, account numbers or other sensitive information. Internet thieves sometimes request these under the guise of account verification.
• The note threatens, pressures or bribes you. Obviously a reputable business would never do this.

Overall, it pays to scrutinize the source and follow your intuition. If there’s any doubt, you should contact the company in some external, verifiable way. Call them and get a representative on the phone.

Information Technology and Security Solutions from CRA

CRA has been providing organizations with IT and security solutions for more than 25 years. Whether you need a security tune-up or implementation of new security features, CRA has business solutions for you. Contact us for a free evaluation.