Scammers get smarter every day – Scam emails get personal
We were very concerned this morning at Scam Detectives HQ when we received another round of “Facebook Password Confirmation” emails (containing a nasty Trojan to harvest your passwords/login details). Whilst we’ve seen them before, these were slightly different. They were actually addressed to us by name.
Why is this such a concern?
It’s always been one of the most glaring red flags with virus/scam/phishing emails. The email would be addressed to “Dear Facebook User”, “Dear Online Banking Customer”, “Dear Valued Member”. This immediately betrayed the email for what it was, a mass mailing designed to trick as many users as possible.
By addressing the email to you personally, scammers have removed this first line of defence and made it that little bit harder to spot a scam.
How did they get my name?
They didn’t. What they have done is to develop a mail merge script that takes everything before the “@” sign in your email address and insert it into the body of the email so it appears that it is personal to you.
We’ve had emails this morning addressed to “Dear Charles” (to charles@scam…..co.uk) but we’ve also had them to “Dear Sales” (to Sales@clear…co.uk) & “Dear Info”(to Info@scam….co.uk).
What can I do about it?
You now need to be even more vigilant.
- Never click on a link in an email that asks you to log in to your account
- Never open attachments contained in an email that purports to come from an organisation with which you have a relationship, including your bank, Paypal, Facebook or anyone else for that matter
- Never click on a link that says you’ve received an e-card, or that tells you that your photo has been posted online
- Always report such emails to the organisation they’re posing as by sending a copy to “spoof@YOURBANK.com
Be careful out there!
===============================================================================
We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).
Tags: Email Scams, facebook, Social Media, social networking, viruses and malware
[...] Scammers intend smarter every period – Scam emails intend individualized | Scam … [...]
[...] Scammers ɡеt smarter еνеrу day – Scam emails ɡеt personal | S… [...]
[...] Scammers get smarter every day – Scam emails get personal | Scam … [...]
>Never click on a link in an email that asks you to log in to your account
Good advice.
Actually I do click on email links sometimes (or copy-paste them anyway), fishy ones, to investigate (I’m curious).
I use an obscure browser on an obscure linux distro do to that, though, and do not actually enter any information anywhere, which helps.
I agree most people should NOT do that though, or on any link or attachment for that matter.
An interesting example,
http://www.sniperspy.com/works.html
I find the “It is not our responsibility to get the user to execute the module” statement on that page hilarious in its cheekiness, but the implications are not funny at all, are they?