Top Posts & Pages

  • Sometimes I Surprise Myself
    Sometimes I Surprise Myself
  • Rescue Rover
    Rescue Rover
  • The Modern J. R. Hartley
    The Modern J. R. Hartley
  • It's The Thought That Counts
    It's The Thought That Counts
  • Outsider Thinking
    Outsider Thinking
  • The Universal Instruction Manual
    The Universal Instruction Manual
  • Paper Versus Pixels
    Paper Versus Pixels
  • Print Anything
    Print Anything
  • Slow News Days
    Slow News Days
  • Reminiscing Isn't What It Used To Be
    Reminiscing Isn't What It Used To Be

About

Thoughts on technology, science, food and modern life by Andy Vickers.

Recent Comments

Taswegian1957 on Retail Impatience
Taswegian1957 on Whoopin’ an’ a Hol…
Taswegian1957 on Timeshift
Andy Vickers on A Shot in The Arm
Taswegian1957 on A Shot in The Arm

Recent Posts

  • Whoopin’ an’ a Hollarin’ Live From Madison Square Gardens
  • Retail Impatience
  • From Paper to Pixels, By Phone
  • Timeshift
  • A Shot in The Arm

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

About the Author

Andy Vickers - A glass merchant, writer, photographer and bag collector who spends too much time contemplating modern life.

Community

  • Widgets
  • Search

Longfellow's 21st Century Lunch

tall man, small world

Society, Tech

On Malicious Mail

October 10, 2012Andy VickersConfidence trick, Email, Email client, Login, Phishing
English: Nice old postbox

English: Nice old postbox (Photo credit: Wikipedia)

As we become ever more comfortable in our digital world we can become complacent and forget that the internet does still harbour many scams which are as easy to fall for as clicking an email and this is mainly due to the increased attention to detail and sophistication of the scammers’ efforts.

Earlier on I received on my work email a message purporting to be from Facebook, saying someone had added a picture of me to an album.  I know this isn’t real without opening it because there’s no mention of my work address on my Facebook account but some people would believe it and click on it excitedly.  I did however use Outlook to view the email’s properties and could see from that that the message originated from facebookmail.com.  The question is this: why can’t email services providers be forced to reject attempts to obtain addresses like this one that clearly are pretending to be the real service and are only likely to be used for malicious purposes?  You only need a list of major targets say Facebook, outlook, yahoo, Gmail etc and you filter those regardless of the prefix or suffix.  If someone wants todaysoutlook.com for a weather site then that can be manually allowed but facebookmail.com can only conceivably be used for malicious mail, not even for fair parody.  Organisations like Facebook would take a company to court for trademark infringement over such an address if they were simply trying to trade on the name but as such addresses are so often scams by the time it comes to light the damage is done.

FastCompany has looked into this particular domain extensively:  the email links to a fake Facebook login that steals your credentials.  As the article points out the proliferation of “log in with facebook” buttons and hence users familiarity with them could increase the number of these fake logins as all someone needs to do is place a fake login button on a spoof site offering celebrity pics or special offers and they’ve got your details and could log into other sites with Facebook login buttons.

The takeaway lesson is to be familiar with what real messages from sites you’re signed up with look like and consider whether you would be receiving emails from them at all.

Share this:

  • Twitter
  • Facebook

Like this:

Like Loading...

Related

Standard

Post navigation

→ Pets & Passwords
← I’m Listening
Create a free website or blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
%d bloggers like this: