email | Dangerous Common Sense

So, How Does Malware Get on Your Computer?

No one intentionally installs an application that is going to encrypt their files until they pay a ransom, log their keystrokes and report their bank passwords to crooks in Russia, or hijack their web browser to show ads instead of the sites they want to go to. Bad guys have to trick you into going to some web site, looking at an infected message, or clicking on a link to allow them to download their toxic programs.

Basically, YOU have to give the jerks permission to infect your computer.

You’re not likely to click on a button that says, “YES, Download your malware and steal my identity!”

So the people who want to get inside your computer send you clever, urgent messages to get you to unleash their poisonous computer code on your computer. Frankly, the inventiveness and smart marketing techniques these folks use are praiseworthy.

Here’s the invitation to be a sucker that arrived in my email yesterday:

Look! My Mastercard is going to charged instantly! (A classic injection of urgency to get someone to act NOW!)

I can see the details of this instant charge — and also unleash the evil software embedded in the Word document — by simply clicking. I mean, who wouldn’t want to know why their Mastercard is about to be charged a hunk of money?

Well, probably someone like me who doesn’t have a Mastercard. But, more importantly, YOU! Even if you have a Mastercard, you should be in the habit of NOT clicking to open attachments or follow links on emails you’re not expecting.

In this case, the scammers messed up somewhat by showing a return address of stroydom [email protected]. That’s an email address without a name, and the “.ru” means it supposedly comes from is from RUssia. If they’d been smarter, they would have used a generic From name and spoofed the return address, something like “Sarah Jones <[email protected]>”. Even better would have been spoofing the name and email address of someone I know, if that had access to my email address book.

Every day I get messages trying to trick me into clicking a box or a link that would instruct my computer to let the would-be hackers install their evil code on my system. Then they could take over my machine and lock up my data for ransom… or do something more subtle like watch me login to my bank’s website so that they can learn my password. Many of these attempts are stopped by my email’s spam/malware filter, but some get through.

Here’s what the latest attempt to hoodwink me reminded me:

Don’t click on anything in an email unless you know the person who sent the email AND you were expecting a message from them.
Use Chrome or other browsers who warn you if you try to go to a site on their dirty list.
Use up-to-date antivirus software. That will block the downloading and installation of evil programs… so long as the antivirus program knows about it.

Follow these guidelines and don’t get shocked into clicking where you should’t!

A $3,100 unexpected charge on your Mastercard? Don’t panic. And, don’t click!

By Ozdachs|2017-11-13T15:36:42-08:00November 13th, 2017|Scams|0 Comments

How Not to Avoid Spam

One of my clients contacted me today because people are complaining to him that emails they send are bouncing back. My client wanted to change the contact address on his website to one on another email server that is more “reliable.”

The email system he’s using is the same that over 20 other of my clients have, and none of them have reported problems with messages to them bouncing back to the sender. So, I looked at his Contact Us page to see if I could find a problem.

Oh.

When we created the site several years ago, the client was concerned about the amount of spam he was receiving. Spammers were scraping the website and collecting email address. They then were clogging the inboxes with the normal collection of get-rich-quick schemes and offers for panacea pills.

So, my client asked me to delete the email link and to instead list his address as Name <AT> domain.com. His address appeared as mine would if I posted my email address as Galen <AT> ozdachs.com.

This method kept the screen scraping automated programs from collecting his email address. It’s worked for years.

Ozdachs Business Contact Form

However, there are side effects! Some percentage of his clients apparently cannot figure out how to cut Galen <AT> ozdachs.com, paste it into their email program, edit it to become [email protected]. I’m guessing that they’re leaving in an errant space or to. Trying to send email to Galen @ ozdachs.com won’t work.

Basically, web surfers expect to be able to click on a link to send you email, or else they want to fill out a form. You don’t want to make it fancier than these two options because some percentage of your potential clients are not going to be able to figure it out!

I use both ways, an email address that leads to a spam protected mailbox and a contact form, to keep my spam down.

The form on the right is the way to contact me that I provide on my business website.

And, I use SpamArrest to protect messages sent to my personal email account, [email protected]. If you send a message to that public email address, you’ll be sent a message back asking you to click on a link to prove that you’re a human before your email is delivered to me.

These techniques keep the automated mass-mailing messages from appearing in my inboxes.

Of course, determined spammers are going to get their message to you. Some companies hire workers in poor countries to go through sites and fill out inquiry forms with their spammy messages. And, other bulk-mail senders respond to the spam challenge messages sent out by services like SpamArrest.

But, the use of forms with a CAPTCHA (those PQAJ characters in the picture at right) and the use of a spam challenge system will stop almost all of those unwanted email messages.

These two methods work. Asking your customers to cut, paste, and edit your email address leaves a lot of people out.

By Ozdachs|2011-11-20T12:13:38-08:00November 20th, 2011|Web Design|0 Comments

This Email Killed a Deal

This is a picture of a real email message I received this afternoon from a firm wanting to sell services to one of my marketing clients:

Turquoise Email Message (click for original size)

The woman who sent it had sounded very nice, competent, and on top of her work when I spoke with her on the phone.

But, then I got her follow-up email.

The color scheme is unreadable. (Click on the photo to see the original message. I left some unidentifiable paragraphs in it unblurred.)

She sent it with the false “high priority message” flag which only spammers seem to use. She acknowledges that the web site that she had told me to go to for more information was for a different business. There were spelling and capitalization errors in the text.

I am now afraid to recommend her services — which sounded perfectly reasonable on the phone — to my client. I am concerned about the professionalism of the email sender’s company. Part of their job would be to represent my client to prospective new customers. What impression would these prospects get of my client’s firm?

Do I really have to tell people not to use pastel colors in their email? At best it’s cute. At worst, it’s difficult to read and cutesy.
Do you really not know to not mark emails “high priority”? Especially when they are really just a sales call follow-up?
Do people really send business emails out without spell checking? Wrong-word typos are forgivable (maybe because I do them so frequently myself!), but most mail programs will automatically check your emails for non-words, if you let them. So let them!
Does anyone looking for business really not have a website featuring that work? And, if you don’t have a web site that features your business, don’t send people to the web site for another business you work on. Really. I mean, where are you focusing your energy?

This real-life example of a deal-killing piece of email. You’re not sending anything like this out, are you?

By Ozdachs|2010-07-14T05:51:16-07:00July 13th, 2010|Marketing|0 Comments