April 18, 2010

How to spot a spoof

"Spoofing" is a trick used by spammers, scammers, and hackers to make an e-mail that came from them look as if it came from somewhere else. We saw this before with the messages purporting to be about a package delivery.

Today I got one purporting to be from Hallmark. There are several red flags:

  • It says I received a card, but it doesn't say from whom.
  • The subject line starting with "Hey..." is not Hallmark's usual style.
  • The "To" line says "undisclosed recipients."
  • The subject line is missing a comma after that inappropriate "Hey."
OK, this last one is a copy editor's nitpick. The real clincher is that if you mouse over the "here" link without clicking, a popup shows the link actually directs to a server that's identified only by its IP address and not hallmark.com. It's also set to download a .exe, or executable file.
Since the file is called "Hallmark.exe," the unsuspecting might go so far as to launch it, and install a virus on their computers.
Hallmark offers a few other things to watch for, including these:
  • The e-mail will come from the sender's e-mail address, not Hallmark.com
  • Hallmark cards are displayed on their Web site, not downloaded.
Spread the word. Hackers will continue to send this garbage as long as there are uninformed people opening it.

No comments:

Post a Comment