Online & smartphone security: Fraudulent Email

Cell phone vs Smartphone

Cell phone vs Smartphone

By Catherine Haug, December 23, 2015 (Image, right, from tekhandy.com)

Fraudulent email, a type of cyber attack, can be received on your desktop or laptop computer as well as mobile devices.

There are many different types of fraudulent emails.The best way to protect yourself from these is to “Regard All Unsolicited Email with Suspicion,” and “Treat Email Attachments with Caution.” (6)

Sometimes an email may look like it was sent by a friend or family member, when it was actually sent by a hacker (see ‘spoofing’ example, below). I address spoofing and phishing below, but there are many others as well.

For more about fraudulent emails, see:

  • FBI home page: fbi.gov
  • FBI on email scams (4)
  • FBI on reporting online crime or email hoaxes (5)
  • US Cert: recognizing and avoiding email scams (6) has LOTS of good info
  • Wikipedia on types of email fraud (7)

Examples of fraudulent emails

There are many types of fraudulent emails, with new twists introduced all the time. This type of fraud is likely to increase greatly, as credit and debit card fraud becomes more difficult with the replacement of analog magnetic strips with digital chips.

Spoofing email 

This is a common type of email that Wikipedia defines as “the creation of email messages with a forged sender address.” I’m sure you’ve seen these. The fraudster hacks the email address and email address book of someone you know, then sends an email to all or part of that address book, The sender spoofs their actual email address by co-opting your friend’s address. These emails can contain various potential sources of harm to you or your computer.

For example, those that lure you in and then ask you to send money. Examples:

  • They pretend to be one of your friends or a family member and tell you they are traveling abroad and all their money has been stolen.
  • Or they have been arrested on false charges and are now in jail; their money has been taken and they need you to bail them out.

To view images of different types of fraudulent emails, use your search engine (google, etc.) to search for “fraudulent email images.” I discuss three common types below.

Phishing email 

This type attempts to get more information about you. For example, an email I received today, that wants my credit card information and thus steal my financial identity:

I just received an email purporting to be from earthlink – one of my email hosts. As you can see in the copy below, the ‘from’ address reads service@earthlink.net. But if I hover over the “myaccount (dot) earthlink.net”  link in the text (link text disguised by Cat to protect ESP’s web server), I see something different: “bit.ly(slash)1TZsV1n” (also disguised by Cat). Furthermore, I do not pay my Earthlink account with a credit card. Here’s a copy:

fraudulent/phishing email

I believe this to be a fraudulent, phishing email, and I did not click on the link. Instead, I forwarded a copy to Earthlink’s ‘abuse’ department and to the FBI’s IC3 website (5). I included the complete header (not shown in the image above; see below for more about the complete header) which will help them track its path from the fraudster to me.

After reporting the fraudulent email, I put them in my spam folder and then ‘erased’ the contents of the folder to protect my hard drive.

Trojan horse email

This type of email contains a link to a downloadable file containing malware, but the link is disguised as something harmless.

Here’s an example I received this week; it may or not be a trojan horse, but it is definitely not what it appears to be. It purports to be from Skype Service. I got a similar one purporting to be from Google Service. I reported these on the FBI’s IC3 website (5). After copying the complete header from each (for the IC3 report), and taking a snapshot of the email for use here, they went into my spam folder to be ‘erased.’

fraudulent email Skype

At first glance this looks legit. The sender is “SkypeService,” a legitimate business, and it has the logo copyright information at the bottom.

But on deeper study, clues this email is spam at its best, or a trojan horse bearing malware at its worst are noted:

  • While the sender appears to be from Skype, the actual email address (disguised) is “dgqdxkyamnzgvm (at )hms-pa (dot) com”, which is not Skype.
  • The ‘View emails’ link: If I let my mouse hover over the link (or right click and choose ‘view link’ or ‘copy link’), the actual url is for a dot-com called “Alberta Log Cabins,” but the text of the link includes “plugins” which means it could download a plugin to your hard drive that could then infect your computer – a trojan horse. I googled the name of the business, but did not find it in the long list of search results.

After reporting the fraudulent emails (see below), I put them in my spam folder and then ‘erased’ the contents of the folder to protect my hard drive.

Reporting a fraudulent email

If you have been a victim of online crime involving email, you should report it to

  • The FBI’s Internet Online Crime  Complaint (IC3) Center (5). Every report will help them track down the criminals; and
  • The company the email pretends to be from such as the sender’s email host. See the Skype and Google examples in the “Other fraudulent email” section above.

One of the most important things you need when reporting the fraud is the complete header.

What is a header? The header is typically at the top of the email;

  • The simple header indicates the sender, the recipients, the return path (if different from the sender’s address), the date it was sent, and the subject of the email. See the “Skype Services” example email, above, for a typical simple header.
  • The complete or full header contains the information in the simple header plus more. It is not normally displayed, but can be accessed if you know how (Ask your email account provider how to view a complete header, as the method may be different for each provider). One of the important details in the complete header is the sender’s IP address; this is especially useful when the sender spoofs a friend’s email address (see above), in that the IP helps the FBI track down the real sender.

Here’s just the beginning lines of the complete header for the phishing email example, above (NOTE: I disguised the ‘Return-Path’ address, and put the ‘Originating IP’ in bold to help you find it):

X-Msmail-Priority: Normal
Status: U
X-Elnk-Received-Info: spv=0;
X-Authentication-Results: dkim=”fail”; (2:no or failed dkim processing); dmarc=”none”; (1); dwl=”miss”; den=”not exempt”
X-Elnk-Info: sbv=0; sbrc=.0; sbf=bb; sbw=010;
Return-Path: <service (at) earthlink (dot) net>
X-Originating-Ip: 70.193.168.230
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
Mime-Version: 1.0

References:

  1. cellphones.about.com/od/coveringthebasics/qt/cellphonesvssmartphones.htm
  2. webopedia.com/DidYouKnow/Hardware_Software/smartphone_cellphone_pda.asp
  3. Rural Montana, February 2015 issue, “Smartphone Security; Tips & Tricks to Hep Keep your Data Safe on Mobile Devices” by Ryan G. Hall; online at online.fliphtml5.com/oztl/mitw/#p=9
  4. FBI: email scams: fbi.gov/scams-safety/e-scams
  5. FBI: reporting online crime or email hoaxes: ic3.gov/default.aspx
  6. US CERT (Computer Emergency Readiness Team) pdf on email scams:  us-cert.gov/sites/default/files/publications/emailscams_0905.pdf
  7. Wikipedia on email fraud: en.wikipedia.org/wiki/Email_fraud

This entry was posted on Saturday, December 26th, 2015 at 11:57 am and is filed under Community, Security. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.