“Your PayPal account has been locked!”
“Confirm your Bank Information Now!”
“You’ve Received a Secure Fax From The IRS.”
Email spoofing, the process of sending emails designed to appear as if they were sent by another sender, is certainly not a new method of distributing malware that harvests personal information or financial data. Each year, potentially hundreds of new spoofing schemes appear, ranging from emails claiming to contain faxes from the IRS to videos of social events such as the Boston marathon bombing.
Mere hours after the recent Oklahoma tornadoes, the various email traps (often referred to as SpamPots, a take on the term HoneyPot) used by the StopSign research and development team to collect samples and monitor trends had already seen several large surges of emails attempting to capitalize on the disaster, almost all of which containing attached viruses or links to malicious web sites.
There are several key actions you can take to protect yourself.
- Don’t Click the Link — If a bank or merchant needs your information, you will always be able to enter it directly on their website, logging in as you normally would.
- Don’t Open the Attachment — If you are not expecting an email attachment, or if it seems out of character for the sender, don’t open the attachment, even if the sender is someone you know personally.
- Update Your Virus Scanner — Even emails you were expecting, and from people you know and trust, can contain viruses and links to malicious sites the sender may not have noticed.
Scanning every unknown file is always good policy, regardless of its origin. Even large corporations, which may rely on the browsing and email habits of hundreds if not thousands of people, are not free from the risk of infection. On more than one occasion, history has even seen companies accidentally distribute viruses via CD and even seemingly harmless devices containing flash memory. You can safeguard your own computer, but you can never account for another’s actions.