October is over, but we need to continue to be aware of security year round as we use online systems. Let’s wrap up National Cyber Security Awareness Month with Email Security. I’m going to give you two examples of emails that appear to be from a commercial vendor and give you some things to look for in determining whether an email is a legitimate email or from a spammer trying to compromise your security.
Look at the email image below and notice the numbered items as we analyze this email:
- The “Display Name” of this email says it is from WalmartPoints. It is extremely easy to fake any display name on an email. This gives you no indication that this is legitimately from Walmart.
- Notice the actual email address. It says it is from WalmartPoints@bonuslatestspecialinfo.com. It is not typical for a commercial vendor to use a domain name like this for legitimate email. From my own knowledge of Walmart, I would expect the email to be coming from @walmart.com. You may wish to review the first of our Cyber Security topics by clicking on Understanding URLs. Please understand that though it takes a little more work, faking the email address that the email says it is coming from is possible. This practice is called “email spoofing.” To read more about this, read the article at Wikipedia.
- The presence of a recognizable icon for a company does not guarantee that the email is coming from that company. It is very easy to copy icons and include in an email.
- Spammers often try to create a sense of urgency so that you will not think as carefully before taking action.
- The intent of this email is to cause you to click on the link to redeem your points. Before clicking on any link inside an email, hover your mouse over it. This will typically popup a display showing where this link will actually take you. Some spam email will show you, for example, a link at www.walmart.com displayed in the email, but when you hover over it, the link is actually taking you to a different domain. Before clicking on any link, be assured that it is taking you to a legitimate web site.
In this case, this email is from a spammer and is an attempt at “phishing” (For a definition, read this article at Wikipedia). Do not provide any personal or financial information to a web site that you are not sure is legitimate. Never provide personal or financial information as a reply to an email. A legitimate company will never ask you to reply with any information like that in an email. Also, a fillable form that is embedded in an email is NEVER secure. The only secure way to transmit information to a company is through a secure web site. Please reread Understanding URLs to review how to recognize a secure web site.
Now, let’s examine another company email by looking at the email image below:
- Notice the email address this email says it is coming from. As noted above, it is possible to “spoof” any address, but att-mail.com is a domain that AT&T uses. Since it is not att.com, it makes it necessary for you to know the common practices of the legitimate vendors with which you deal.
- Notice the popup when we hover of the link to “claim your special savings”. It is showing that it will take you to a web page hosted at e.att-mail.com. AT&T has made this more difficult by requiring you to determine that this really is a domain that is owned by AT&T in addition to www.att.com. But it is, in fact, a legitimate AT&T site.
- Be careful about dialing any phone number in an email. Please verify that this is a legitimate phone number for AT&T by visiting www.att.com and looking up their customer service phone number. Phone numbers, like web sites, are easy to create and can even have a legitimate sounding automated attendant on them.
- Again, this email has the company logo, but that is no guarantee that this came from AT&T.
- Both spammers and legitimate company emails can personal the email with your name. This isn’t a guarantee that this is legitimate.
- Both spammers and legitimate company emails use the technique of creating a sense of urgency. Take the time to investigate and ensure this is legitimate.
In this case, this is a legitimate email from AT&T. It has a lot of similarities to the above spam message. I determined the AT&T email is legitimate from my investigation of the information contained within and my knowledge of what legitimate AT&T emails contain.
At Southern, we have an aggressive spam filtering system called Sendio. It is more successful at stopping spam messages than many filtering systems because it goes beyond simply scanning emails for malware and looking at the characteristics of the email to determine whether or not it is spam. It also stops any unsolicited email from someone not in your trusted community of senders until they verify that they are a human and not a spamming computer. But a few spammers will respond to that request to verify they are a human. Sendio stops 90 to 91% of all incoming email to Southern, but there is no email filtering solution that can perfectly stop all spam email or that will not stop some legitimate email. Please read the article about how Sendio works to understand clearly what it can and cannot do for you.
For your own personal (non-Southern) email, investigate the capabilities of any email filtering solution your service provider has in place to understand what it does.
Chief Information Officer
Southern West Virginia Community and Technical College