Evil Email Tricks

Evil Email Tricks (Beta)

Drive-by email

Email messages themselves now deliver malicious content, even though malicious attachments are still more common. The hostile content is either embedded in the message, or a link in the message launches to the attack. Sometimes attacks combine the two vectors, so that if the message doesn't get you, the attachment will.

Drive-by email attacks without the cooperation, or even the knowledge of the user. The malicious trigger is often a booby-trapped image or video. The attack relies on some underlying vulnerability in the computer system, like a missing security update. Automated attacks usually require administrator permissions, so a proactive defense is a good way to block them.

Lies, lies, and damned lies

Deception is the universal element in email from scammers. Almost everything about an email message, and any attachements, can be falsified in some way. Most evil email is delivered by spam bots these days, so there is a never-ending flood of it. [note]

"Oh, but this message looks like it was sent by someone I know and trust." Guess again. It's trivially easy to fake the name [From:] and address of the sender.

Does the message reference something that very few people would know? It's easy to search all the email and other information the compromised computer of one of your contacts. The villan has your email address, and simply composes a message that will look plausible to you.

Is it an urgent message telling you that you need to resolve some pressing problem? For example, a message from your broker instructing you to take immediate action on a breach of security. If you do, the evil doer grabs the account number and password for your account.

Michael Horowitz has good examples of what bad email messages look like.

Open this attachment

Did you just get a message from a friend (or relative) with a cool picture attached. Go ahead, click it. Guess what, it's a trojan horse that also carries a picture so that you never know something bad was installed on your computer.

Or maybe it's a nice birthday card from someone you know. You can see where this is going. ;-)

Curiosity killed the cat

The [Subject:] is intriguing. Everything else *seems* OK. You open the message before you think. Whatever was going to happen has now happened.

The reason is that Internet bandits have learned how to attack your computer as soon as you read their message. You don't have to click on a thing.

Learn more about evil email

Michael Horowitz's examples of bad email messages.
More about deception.
How phishing works.
Counterfeit email.
The perils of attachments

Note: It is possible to be virtually spam free. For several years now, I've gotten less spam in one year than many people do in one day. But that's another story.

<<-- Email-Security Start Page

• map of security section

• email security start page
• how to read email safely
• how to read webmail safely
• the new face of deception
• malicious email tricks
• the perils of attachments
• malicious attachments
• how phishing works
• bogus email and websites
• reduce spam <> cut hazards
• public PC and WiFi security

"When everyone is against you, it means that you are absolutely wrong. . .or absolutely right." --Albert Guinon