Don't Get Hooked

It is not required to be familiar with DMARC in order to apply our security guidelines to your Email message viewing. DMARC, to be discussed elsewhere, is part of an email authentication system utilizing SPF & DKIM to validate Email and report abuse. DMARC, SPF and DKIM are strictly enforced on the NoSpin Web. Therefore, without further acronym chatter, we offer the following guidelines to keep you safe on the Email frontier.

Don’t Trust the Display Name

First and foremost, do not trust the Email header displaying the From address. A favorite phishing tactic among cyber thieves is to spoof the display name of an Email message. Nearly half of all Email threats spoof a trusted brand in the display name. For example, if a thief wanted to spoof the Chased Money Bank (we made this one up), the Email header would resemble the following:

To: Jane Doe <jane@nospinw.com>
From: Chased Money Bank <custservice@bankingspoof.com>
Subject: Unauthorized login

Since Chased Money Bank doesn’t own the domain bankingspoof.com, DMARC will not block this email on Chased Money Bank’s behalf, even if Chased Money Bank has set their DMARC policy for chasedmoneybank.com to reject messages that do not authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. In addition, thieves not only spoof brands in the display name, but also spoof brands in the header from email address. Hence, we recommend viewing the Raw Source when one must understand the origins of a dubious Email message. If you use Apple Mail, for example, go to View > Message > Raw Source to display everything you need to know about the origins and journey of an Email message. The first Received from near the top of the source listing indicates your mail server; i.e, the server responsible for collecting your Email. The physical world analogy would be the post office that sorts your mail before it goes on delivery vehicles. If the rest of the information doesn’t add up, e.g, the return path doesn’t agree with the Email header, the message is more than likely a spoof.

Depicted to the right is a screen capture of an actual phish in the trash can of my Email account in use since ’97 and never covered by ID protection (not recommended!). ID protection from the NoSpin Web Hosting is only $5.49 a year, but I digress. Ignoring the observation of a virtually identical message in my trash arriving just 3 minutes later (zoom in for details), the selected message appears somewhat official. Actually, my first clue was the thief forgot the Amazon trademark smile so this phish smelled a bit funky to me immediately.
Now take a look at my next trash can screen capture below and to the left. What I did before snapping the picture was right click on the From Email header to reveal a spoofing attempt from a known deceptive domain which should be shut down by the network owner. Unfortunately, I’ve spent enough valuable time writing to abuse@ Email accounts to know the best offense regarding Email abusers is a good defense. The screen capture to the right displays what happens when entering the domain name into the Firefox URL window.
Since the following concepts are more or less self-explanatory, they are presented as a bulleted list.

  • Hover Before You Jump

    Hover your mouse over links embedded in the body of the Email for a couple seconds. If the displayed URL associated to the link doesn’t make sense, don’t click it. If you want to test the link, open your browser and submit the address into your browser’s URL window as depicted above.

  • Don’t Open Unsolicited Attachments

    A common phishing tactic includes malicious attachments containing viruses, etc. which can damage files on your computer, steal passwords; i.e, cause electronic mayhem.

  • Check for Bad Grammar

    Reputable brands are pretty serious about email. Legitimate messages usually do not contain poor grammar.

  • Pay Attention to the Salutation

    Legitimate businesses normally use a personal salutation with your first and last name rather than address the message to “Valued Customer”.

  • Don’t Provide Personal Information

    Legitimate banks, etc. will never ask for personal credentials in an Email message.

  • Avoid Messages with Urgent Subject Lines

    Language that invokes a sense of urgency or fear is a common phishing tactic. Beware of subject lines that indicate your account has been suspended or experienced an unauthorized login.

Your Eyes May Deceive You

There is no shortage of phishers who are extremely good at deception and I’ve seen better Amazon forgeries than my example above. After all, if you’re going to spoof Amazon at least rip off their logo! Con artists have been a scourge to the free enterprise system long before Email became popular and I predict the unsuspecting will continue to fall prey to thieves no matter how sophisticated our authentication methods become. Even if an Email message contains a convincing brand logo, language, and an apparently valid email address, it may still be illegitimate. When I really need to understand the origin of a message, I view its raw source, which is simpler than it sounds. If you have any problems or questions regarding your Email accounts, please submit an Email support ticket in the Client Portal.

NoSpin Logo