For a virus to infect your computer, you have to run it. Most often, thevirus attaches itself to an email message and usually (but not always) justviewing the email message is safe. However, that starts a cat and mouse gamewith the virus writer saying anything and everything he/she can think of totrick you into opening the attached file and thus running the virus andinfecting your computer.
Here are some examples of the ploys used to getyou to open an attached file. In these cases the messages came from someoneunknown to the recipient, but be aware that the FROM address of an email messageis very easily forged. Don't treat a message with less suspicion because it seemsto have come from someone you know. Also, see the note at the end of this topic;you may not be seeing the full file name of attached files.
| My Comments | Sample Virus Infected Emails |
| You didn't ask for this file, but perhaps think you did or you are curious as to whether it's an honest mistake. It's not. Also, never open a file of type ".pif". | Subject: Re: Your product From: arielb@rice.edu Here is the file. Attachments: your_product.pif 23k |
| Lies, lies, lies, solely designed to get you to run the attached .EXE file. | Here is the archive with those information, you asked me. And don't forget, it is strongly confidential!!! Seya, man. P.S. Don't forget my fee ;) |
| The W32.Sober.K@mm virus. Some viruses are hidden inside ZIP files. As usual, the FROM address is forged. | Subject: You visit illegal websites From: Officer@FBI.gov Dear Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached. Attachments: indictment_cit2987.zip |
| You did not request the attached document, never open a .pif file and note that the message is RE a message you never sent in the first place. | Subject: Re: Re: Thanks! From: jbmiklas@capousd.org Your document is attached. Attachments: document.pif |
| Inside the .ZIP file was a single file, not two. The file was an .SCR file which is often used by the bad guys because most people don't know that this is an executable file, just like .EXE. Considering I run a few web sites, this one made me pause at first. | Subject: Photo Approval Needed Date: Sep 29, 2005 7:01 PM Hello, Your photograph was forwarded to us as part of an article we are publishing for our October edition of Web Review Monthly. Can you check over the format and get back to us with your approval or any changes you would like. If the photograph is not to your liking then please attach a preferred one. We have attached the photo and article here. Kind regards, John Andrews http://www.webreview.com/ Attachments: Photo + Article.zip |
| No text in the body of the message is not uncommon. Never ever install any software without doing a background check on it. | Subject: A special funny game From: s.connetable@bio-inova.com Attachments: rock.exe |
| Don't look at the attached file, even if it is from someone you know (the FROM address might be forged). The two REs in the subject are phony. | Subject: Re: Re: Thanks! From: mschaus@haverford.edu Please have a look at the attached file. Attachments: document.pif 29 k |
| Never trust an email message that tells you to do something regarding a virus infection. More below... | Subject: something for you From: brendenxcort@hotmail.com You are infected. Read the details! Attachments: old_photos.rtf.scr |
| The Sober virus, from April 2005, was a new wrinkle. Bad grammar, spelling and capitalization are often a clue to the fraudulent nature of the message. | |
| The attached file is called: your_text.zip and it contains a copy of the virus in a file called mail.document.Datex-packed.exe | Subject: I've_got your EMail on my_account! Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you and zipped then. Make sure that this mails don't come in my mail-box again. |
| The messages below are particularly clever and are from a virus that first starting circulating in March 2004. In each case, the name "mikesdomain.org" is merely for illustrative purposes. For more on this particular tactic, see Viruses Try New Tactics by Lincoln Spector in PC World March 17, 2004. | |
| Still another trick to get you to open (and thus run) the attached file. The FROM address here was forged. It came from a "bad guy" not from the staff running the web site mentioned. Again, the attached file is a .pif. | Subject: Notify about your e-mail account utilization. Dear user, The management of Mikesdomain.org mailing system wants to let you know our main mailing server will be temporary unavailable for next two days,to continue receiving mail in these days you have to configure our free auto-forwarding service. Further details can be obtained from attached file. Sincerely, The mikesdomain.org team http://www.mikesdomain.org Attachments: TextFile.pif 16 k [ application/octet-stream ] |
| The latest variation in this ongoing cat and mouse game. By compressing and password protecting the attached file, the virus writer is trying to prevent anti-virus programs from being able to read the file and detect the virus. | Subject: Important notify about your e-mail account. Dear user of mikesdomain.org gateway e-mail server, Your e-mail account has been temporary disabled because of unauthorized access. Further details can be obtained from attached file. For security purposes the attached file is password protected.Password is "27815". The Management, The mikesdomain.org team http://www.mikesdomain.org Attachments: Document.zip 16 k [ application/octet-stream ] |
| Yet another variation on the same theme. From the WinXPnews newsletterof March 23, 2004. | Dear user of mikesdomain.org mailing system, Our anti-virus software has detected a large amount of viruses outgoing from your email account. You may use our freeanti-virus tool to clean up your computer software. Forfurther details, see the attached. The mikesdomain.org team |
| Lies, lies, lies. This is the Beagle virus (according to Symantec). The attached file was TextFile.zip. The real sender was a computer named BigJim at IP address 24.184.215.163. | Dear user, the management of mikesdomain.org mailing system wants to let you know that, Some of our clients complained about the spam(negative e-mail content) outgoing from your e-mail account.Probably, you have been infected by a proxy-relay trojanserver. In order to keep your computer safe, follow theinstructions. Pay attention on attached file. In order to read the attach you have to use the following password: 88446. Cheers, The mikesdomain.org team http://www.mikesdomain.org |
| Other viruses also pretend to come from an official source. | |
| I got this June 15, 2005. The incoming email virus scan done by my ISP did not detect this as a virus. It is. The attachment was account-details.zip. I run the JavaTester.org web site. The last two lines, about no virus found, are a total fraud. | From: service@javatester.org Subject: Warning Message: Your services near to be closed. Dear Javatester Member, Your e-mail account was used to send a huge amount of unsolicited spammessages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service. If you choose to ignore our request, you leave us no choice but tocancel your membership. Virtually yours, The Javatester Support Team +++ Attachment: No Virus found +++ Javatester Antivirus - www.javatester.org |
| In January 2004, the MyDoom virus/worm did a great job of fooling people into opening the attachment (Note: Symantec/Norton called this Novarg). | |
| MyDoom's message body varied, two of them are shown here.They look very much like messages from your email program. | Mail transaction failed. Partial message is available. The message contains Unicode characters and has been sent as a binary attachment. |
| An actual MyDoom message with a third variation on the theme. Lurking in the .zip file is a virus. | Subject: Status From: szuccotti@compuserve.com The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. Attachments: document.zip 30 k [ application/octet-stream ] |
In the message above that says "You are infected. Read the details!",the attached file is "old_photos.rtf.scr".You should not open .scr files either, just like .piffiles, Windows will try to execute them. The reason the file name has".rtf" in it is to fool people who know not to open files that areexecutable. An .RTF file is not executable. There is a very bad default inWindows Explorer that hides the file extension of files of known types. I thinkthis was done either to make Windows simpler for new users or to copy the Mac.It is a very bad way to go and all Windows users should change this option andforce Windows to always show you the full file name. If your copy of Windows isnot showing you full file names, you will see this attached fileas "old_phots.rtf"and feel safe opening it.
Still another trick takes advantage of the fact that many email messages arescanned by anti-virus programs before they reach your inbox. The virus inserts a forgedmessage at the bottom that looks like an anti-virus program scanned the email and gave it agood bill of health. For example:
+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com
As a point of comparison, below is a legitimate message from a server-sideanti-virus program that deleted a virus in an attachment:
++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++
+ Virus successfully cleaned out of attachment:
+ Attachment(s) deleted due to virus:
+ 1. Readme.vbs: W32.Beagle.W@mm
++++++Powered by Symantec+++++++++++++++
For more examples of this and long list of cat and mouse tricks from theNetSky worm, see Virus Descriptions : NetSky.Pfrom F-Secure.
I don't have an example of this, but another common approach to trickyou into opening/running an attached file is for the email message to appear tocome from Microsoft. The message seems to be a warning that you you should update your security software.In reality, Microsoft never ever sends software via email. In fact, no legitimate organization will ever send you anexecutable file attached to an email message. Microsoft won't do it, Symantec won't do it, McAfee won't do it, Apple won't do it, Adobe won't do it, Macromedia won't do it, etc.etc. etc. These companies may send you a message announcing that a new patch ornew software is available, but they will never send the program or patch as an email attachment. The only way to be sure that a program or patchcomes from the company itself, is to go the company's web site and download itfrom there.
This article (Worm Steals CNN Headlines To Stay Timely, Fool UsersBy TechWeb News January 21, 2005) describes another new tactic to fool you. Thesubject line and body of the virus-laden email message vary frequently and arecopied from current news at CNN. Again, never click on a file attached to anemail message.
Report phishing emails to thePhishing Incident Reporting and Termination (PIRT) Squad
or to Phish Tank
Phishing refers to fraudulent email messages designed to trick you into providing personal information. This information is typically used to buy merchandise via credit cards and stick you with the bill.Be wary of any email message asking for your credit card number, Social Securitynumber, bank account number, phone number, mother's maiden name, etc.
The typical ruse is that there is a problem with your account and you have verify orre-enter this personal information. Tolearn more about the problem of phishing see www.antiphishing.org.
As part of the scam, the links in the email message do not take you where they appear to.Instead you are taken to a web site that looks real but exists on a computercontrolled by the bad guys.I have more details on the technical tricksused to fool you in my Links That Liepage.
Since a picture is worth a thousand words, here are pictures of some phishingemail messages:
The message shown at the right (click the image to see it full size) is a phishing email message. It was not from Chase bank, a bad guy sent it - the FROM address was forged. The link to "change your password" actually took you to:
chaseonline.chase.com.superclean-tech.com.tw/.usa/index.php?prospect_nfpb=
trueportlet_change_1_actionOverrideFchaseonlineFchangeFverifyDetails_
windowLabel_portlet_change_pageLabel_page_change
The web site is "com.tw" in Taiwan. The bad English and spelling makes this one pretty easy to spot.
Below is an excerpt from a fraudulent email message made to seem as if it came from someone selling merchandise on eBay. Since eBay has over 50 million users, it is likely to be sent to many of them, purely by accident. I am not an eBay user, making the fraud obvious. However, someone who does use eBay could be very easily fooled.
For more, see the full email message and the phony web page that the email sends victims to.
There is no reason that the phony web page could not look exactly like a valid eBay web page. It even includes links to many valid eBay pages - all part of the scam. The only thing that gives it away is that the address of the web page (URL) is given as a number rather than as "ebay.com". For more on fraudulent URLs, see my Links that Lie page. When an eBay userid and password is entered on this fraudulent web page, the bad guy saves it and then transfers you to a real eBay login page - one that looks exactly like this page. The scheme is that you think the computer never got your eBay userid and password and then you enter it again and, lo and behold, you are logged in to eBay.
The message shown at the right (click the image to see it full size) is also a scam. It was not from Citibank, a bad guy sent it. The FROM address "service@citibank.com" was forged. The link at the bottom actually took you to
http://218.36.71.193:443/citi/The logo was stolen from the real Citibank web site, a very common tactic.
Sample Phishing Emails
| A sample phishing message directed to PayPal customers | |
| Two things gave this away as the fraud it is. For one, I was not a PayPal customer at the time this message was sent to me. Secondly, the link did not go where it, at first, appears to go. Hovering the mouse over the link was all it took to see that it really takes you to thisismine.netfirms.com | Subject: URGENT: Verify Your PayPal Account! From: "PayPal" <security@paypal.com> Dear PayPal User, Due to the recent increase in online auction fraud it is now mandatory for you to verify your account before May 1, 2004 or your account will be frozen and all funds forfeited. We are sorry for the inconvenience, but this is an important step in stopping online fraud. Please take the time now to verify your account at https://www.paypal.com/verify.htm We hope you continue to use and enjoy the PayPal service. Thank You, PayPal Security Department |
| Another PayPal phishing scam | |
| This was sent to someone who is not a PayPal customer, a hint that it might be fraud. :-) You should see a fairly obvious pattern to these phishing scams by now. Again, the visible link was not in fact the real link. Clicking on it sent you to puipa1.com The from address was forged, as usual. This scam had a happy ending. The web site was hosted at sprintserve.net and when they were alerted to the scam, they pulled the site. | Subject: Urgent Regarding Your PayPal Account From: "PayPal" <Security@PayPal.com> Dear PayPal User, It is mandatory for you to verify your account due to your recent auction transactions. We are sorry for the inconvenience, but this is an important step in stopping online fraud. Please; take the time now to verify your account at https://www.paypal.com/verify/ Your account must be verified by June 1, 2004 or your account will be frozen until further action is taken. Thank You, PayPal Security |
| A sample eBay phishing scam | |
| This scam took advantage of a bug in Internet Explorer which is used by both Outlook and Outlook Express when viewing HTML based email messages. The visible link was not in fact the real link. That is, you thought that clicking on the link would take you to one web site, when in fact, it took you to a different web site. For more on this scam see antiphishing.org | Subject: NOTICE eBay Obligatory Verifying-Invalid User Information From: S-Harbor@eBay.com Dear Ebay user, We regret to inform you that your home phone number had an error on Ebay Inc. databases... To provide us with your phone number, just click the link below and please complete this form. Regards, Ian eBay Safe Harbor Investigative Team |
| Targeting eBay again | |
| Simple. Clean. Elegant. Fraudulent. | From: Ebay Gift Support [mailto:ToryGriffith@melicerous.com] Subject: Ebay Customer - 187A1-167 ---------------------------------------- Dear [email userid], Your business is greatly appreciated and to show our thanks we would like to simply go to the following website and fill our form out and we will award you a free gift. http://www.protending.com/ebay/ Thanks Again and Enjoy! |
| Here is a (text-only) sample of another Citibank phishing scam | |
| The From address was forged. The Reply to address was also forged. Clicking on the link sent you to citisupportteam.biz which is not associated with Citibank. The name is registered to Enom International Corp. JavaScript was used to display a fake address as the destination link. They wanted you to think that clicking on "here" sent you to www.citizensbankonline.com It did not. | Dear Citibank valued customer, Citibank is committed to protecting the security of our clients personal information, including when it is transmitted online. Therefore our ATM services utilize advanced security technology to protect your personal financial information. In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software. This security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information here |
| And yet another Citibank phishing scam | |
The link went to a web site at IP address 66.98.211.105 which is customflix.com in association with breakdance.com | From: Citibank Online <online@citibank.com> Subject: Citibank Online Security Message Dear Citibank Customer, When signing on to Citibank Online, you or somebody else have made several login attempts and reached your daily attempt limit. As an additional security measure your access to Online Banking has been limited. This Web security measure does not affect your access to phone banking or ATM banking. Please sign on and verify your information here. You will be able to attempt signing on to Citibank Online within 24 hours after you verify your information. (You do not have to change your Password at this time.) Citibank Online Customer Service |
| A Sun Trust phishing scam | |
| The From address was forged. It was sent via jangae.bora.net. Clicking on the link sent you to a web page at IP address 220.82.29.51. This web site belongs to the DaeJeon Youth Counseling Center in Korea dycc.or.kr. Some youths there really do need counseling in the worst way. | Dear SunTrust Bank customer, Recently there have been a large number of identity theft attempts targeting SunTrust Bank customers. In order to safeguard your account, we require that you confirm your banking details. This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension. To securely confirm your SunTrust Bank account details please click on the link below: https://www4.SunTrust.com/internetBanking/ RequestRouterrequestCmdId=DisplayLoginPage Thank you for your prompt attention to this matter and thank you for using SunTrust Bank. |
| And finally, one for Washington Mutual customers | |
| This one is particularly well written. If you hadn't reviewed the samples above, it could fool you. The spelling errors in the next to last sentence are a big clue to the fraudulent nature of the message. The link really went to: 218.236.31.212/.wamu/update.html which is in China | Washington Mutual is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, Washington Mutual employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Washington Mutual system for unusual activity. We recently have determined that different computers have logged We thank you for your cooperation in this manner. |
Gone Spear Phishing December 3, 2005. New York Times. A new type of phishing
Read Citibank Rejects Phishing Report As Spam By Ed Foster (August 23, 2004) for another Citibank problem.
Take The MailFrontier Phishing IQ Test to see if you would fall for a phishing scam.
AntiPhishing.org also has details on an "AOL Billing Center"scam (March 10, 2004) and a "Please verify your Wells Fargo account"scam (March 9, 2004).You can report phishing emails to them atreportphishing@antiphishing.org.
In general, requests by a company to "reconfirm" or"verify" personal data is a ruse.
Any time you get an email that seems to be from a financial institution youdeal with, don't follow the link in the email. Instead type the company'saddress into your web browser manually.
If the email is addressed "Dear SunTrust customer" itis likely a fraud. A real message from a company you do business with wouldaddress you by your full name. This indicates the sender of the message does notknow your name.Citibank, a very popular victim of phishing scams, now includes your first name, last name and the last 4 digits of your account number at the top ofany email message from them.
It used to be that bad spelling and grammar were also a tip-off that amessage was fraudulent. Over time though, fewer phishing emails suffer fromthese obvious problems.
See 10 ways to recognize phisher (spoof) emailsfrom Earthlink and How Not to Get Hooked by a Phishing Scamfrom the FTC (June 2005).
Ciphertrust offers a free TrustedSource Toolbarthat integrates with Outlook and Lotus Notes and warns you with red and greenicons whether an email message is from a trusted source or not. A new version designed for Web-based mail (Hotmail, Yahoo, etc.) will be available during the second quarter of 2006.It requires the .NET Framework v1.1. If your computer has version 2 of the .NETFramework, you still have to install version 1.1.
Classic ScamTOP
Ignore messages from someone claiming to be a representative of the Nigerian government, promising a multi-million dollar reward for your help in transferring a huge sum of money.This scam, known as the "419 Scam" or the "Nigerian scam", pre-dates the Internet. Victims are asked for their bank account and other personal information. Invariably a "problem" arises and the victimis pressured or threatened to provide a large sum of money to save the venture. In another wrinkle, a person claiming to be from a third-world country, againwith custody of a large amount of money, offers to share the wealth with you if you willhelp them get it out of the country. The scammer needs your bank account information to deposit the money in your account. If you give it, youfind that money withdrawn from, rather than deposited to, your account. Here are two examples: Subject: NICE TO MEET YOU DEAR SIR, FIRST, I MUST SOLICIT YOUR CONFIDENCE IN THIS TRANSACTION; THIS IS BY VIRTUE OF ITS NATURE AS BEING UTTERLY CONFIDENTIAL AND TOP SECRET. THOUGH I KNOW THAT A TRANSACTION OF THIS MAGNITUDE WILL MAKE ANY ONE APPREHENSIVE AND WORRIED,BUT I AM ASSURING YOU THAT ALL WILL BE WELL AT THE END OF THE DAY. WE HAVE DECIDED TO CONTACT YOU DUE TO THE URGENCY OF THIS TRANSACTION, AS WE HAVE BEEN RELIABLY INFORMED OF YOUR DISCRETNESS AND ABILITY IN TRANSACTION OF THIS NATURE. LET ME START BY INTRODUCING MYSELF PROPERLY TO YOU. I AM MR. KONAL OXFORD,CREDIT OFFICER WITH THE UNION BANK OF NIGERIA PLC,LAGOS. I CAME TO KNOW YOU IN MY PRIVATE SEARCH FOR A RELIABLE AND REPUTABLE PERSON TO HANDLE THIS CONFIDENTIAL TRANSACTION,WHICH INVOLVES THE TRANSFER OF HUGE SUM OF MONEY TO A FOREIGN ACCOUNT REQUIRING MAXIMUM CONFIDENCE. THE PROPOSITION: A FOREIGNER AN AMERICAN,LATE ENGR JOHN CREEK (SNR) AN OIL MERCHANT WITH T HE FEDERAL GOVERNMENT OF NIGERIA,UNTIL HIS DEATH IN KENYA AIR BUS (A310-300) FLIGHT KQ430,BANKED WITH US AT UNION BANK OF NIGERIA PLC LAGOS AND HAD A CLOSING BALANCE AS AT THE END OF JANUARY,2000 WORTH USD25, 000,000.00 (TWENTY FIVE MILLION UNITED STATE DOLLAR),THE BANK NOW EXPECTS A NEXT OF KIN AS BENEFICIARY.VALUABLE EFFORTS ARE BEING MADE BY THE UNION BANK OF NIGERIA TO GET IN TOUCH WITH ANY OF THE CREEK'S FAMILY OR RELATIVES BUT TO NO SUCCESS. IT IS BECAUSE OF THE PERCEIVED POSSIBILITY OF NOT BEING ABLE TO LOCATE ANY OF LATE ENGR.JOHN CREEK(SNR)'S NEXT OF KIN (HE HAD NO WIFE OR CHILDREN THAT IS KNOWN TO US).THE MANAGEMENT UNDER THE INFLUENCE OF OUR CHAIRMAN AND MEMBERS OF THE BOARD OF DIRECTORS,THAT ARANGE HAS BEEN MADE FOR THE FUND TO BE DECLEARED "UNCLAINMED" AND SUBSEQUENTLY BE DONATED TO THE TRUST FUND FOR ARMS AND AMMUNITION TO FURTHER ENHANCE THE COURSE OF WAR IN AFRICA AND THE WORLD IN GENERAL. IN ORDER TO AVERT THIS NEGATIVE DEVELOPMENT, SOME OF MY TRUSTED COLLEAGUES AND I NOW SEEK YOUR PERMISSION TO HAVE YOU STAND AS NEXT OF KIN TO LATE ENGR. JOHN CREEK(SNR) SO THAT THE FUND USD25 MILLION WILL BE RELEASED AND PAID INTO YOUR ACCOUNT AS THE BENEFICIARY'S NEXT OF KIN. ALL DOCUMENTS AND PROVES TO ENABLE YOU GET THIS FUND WILL BE CAREFULLY WORKED OUT. WE HAVE SECURE FROM THE PROBATE AN ORDER OF MADAMUS TO LOCATE ANY OF DECEASED BENEFICIARIES,AND MORE SO WE ARE ASSURING YOU THAT THIS BUSINESS IS 100% RISK FREE INVOLVEMENT.YOUR SHARE STAYS WHILE THE REST BE FOR MYSELF AND MY COLLEAGUES FOR INVESTMENT PURPOSE. ACCORDING TO AGGREMENT WITHIN BOTH PARTIES AS SOON AS WE RECIEVE AN ACKNOWLEDGEMENT OF RECEIPT OF THIS MESSAGE IN ACCEPTANCE OF OUR MUTUAL BUSINESS PROPOSAL,WE WOULD FURNISH YOU WITH THE NECCESSARY MODALITIES AND DISBURSEMENT RATIO TO SUITE BOTH PARTIES WITHOUT ANY CONFLICT. IF THIS PROPOSAL IS ACCEPTABLE BY YOU DO NOT MAKE UNDUE ADVANTAGE OF THE TRUST WE HAVE BESTOWED IN YOU AND YOUR COMPANY,THEN KINDLY GET TO ME IMMEDIATELY VIA MY EMAIL: konal@ecplaza.net PLEASE FURNISH ME WITH YOUR MOST CONFIDENTIAL TELEPHONE, FAX NUMBERS SO THAT I CAN USE THIS INFORMATION TO APPLY FOR THE RELEASE AND SUBSEQUENT TRANSFER OF THE FUND IN YOUR FAVOUR. THANK YOU IN ADVANCE FOR YOUR ANTICIPATED CO-ORPORATION. I know this letter will come as a surprise to you, but i would like you to give it a top consideration so as to help me and my family from our present predicament. I am Michael James, the first son of Mr Leonard James, a British Farmer based in Zimbabwe. My father is now dead as a result of his incarceration by the Zimbabwean Government under President Robert Mugabe who ordered the white farmers in Zimbabwe to vacate their Farm Land and go back to their country. But my father, due to his large investment in the Farm Land refused to quit Zimbabwe for his country. Based on this reason he was arrested and imprisoned and as a result of his protracted sickness [Diabetics] he died in Manfe prison on 19 sept 2002. May his gentle soul rest in perfect peace. After his death, all efforts by my mother who is a Zimbabwean to secure most of my father's investment was frustrated by the President Mugabes Government. Towards this end my mother discovered an original certificate of deposit for a trunk box containing the sum of USD9,000,000.00 ( Nine million U.S.Dollars) deposited by my late father in custody of a security trust company in Dubai, UAE. The money belonged to the White Farmers Association [W. F. A] which my late father was the Founder/President with the help of my maternal uncle who was a Comissioner in Zimbabwe. We are able to trace the security trust company to Dubai [U.A.E] where the box containing the money is presently deposited, declared as Family Jewellries and Antiquities as to avoid raising any eye brow from the authority here. All documented proofs in respect of this deposited consignment are in my pocession.
From: "MR. KONAL OXFORD" <konal@katamail.com>
FROM: THE DESK OF MR.KONAL OXFORD.
CREDIT OFFICER, FOREIGN REMITTANCE DEPARTMENT, UNION BANK OF NIGERIA(U.B.N).
YOURS FAITHFULLY,
MR.KONAL OXFORD.
Subject: urgent assistant
From: "Michael James"
Dear Sir/Madam
As it is, I am looking for a reliable partner who can help me safe-guide and invest this money very prudently in his company as advised by my mother. 20% of this money will be given to you while 5% will be set aside for miscellanous expenses that we may incure during the process.
Also note that this transaction is 100% risk free, you may also be required to come to Dubai if need be on indication of your interest. Please confirm your interest on this transaction and contact me on my email address; michaeljames@Z6.com
I am presently in Dubai [U A E]. Hoping to hear from you soonest.
Thanks and Remain blessed
Michael James
For more see www.secretservice.gov/alert419.shtmland The Nigerian Nightmare Who's sending you all those scam e-mails?by Brendan I. Koerner in Slate October 22, 2002.In addition 419eater.comhas stories from people who have engaged the scammers in conversations. Theycall it scambaiting - entering into a dialogue with scammers to waste their time and resources.
SPAMTOP
Needless to say, no one needs examples of SPAM. However, there is aninteresting point about the message below.
It was sent to the webmaster addressof a web site of mine (the name is changed to mikesdomain.org for the purposesof this example). The message came to an email addressthat never subscribes to anything, so it was obviously "harvested"(the polite word for stolen) from the web site. The "partner website"claim is not true. The main point though, is about the email removal. No matter what emailaddress you try to remove, the web site says it was successfully removed. Makeup an email address, and it says its removed. I can't prove it, but I would betmoney that trying to remove your email address, just results in more SPAM as theaddress is now confirmed to be good.The Remove Me button referred to inthe message takes you to www.seekercenter.net/remove.php?email=webmaster@mikesdomain.org
The lesson: don't bother un-subscribing to SPAM. It will either be a wasteof time or an invitation to get more SPAM.
Subject: http://mikesdomain.org
From: "Vanessa Lintner" <reply@seekercenter.net>
Reply-To: "Vanessa Lintner" <vanessa@seekercenter.net>
To: webmaster@mikesdomain.org
I have visited mikesdomain.org and noticed that your website is not listed on some searchengines. I am sure that through our service the number of people who visit your website will definitelyincrease. SeekerCenter is a unique technology that instantly submits your website to over 500,000 search enginesand directories-a really low-cost and effective way to advertise your site. For more details please go towww.SeekerCenter.net. Give your website maximum exposure today. Looking forward to hearing from you. You are receiving this email because you opted-in to receive special offers through a partnerwebsite. If you feel that you received this email in error or do not wish to receive additional specialoffers, please enter your email address here and click the button of"Remove Me"
Best Regards,Vanessa Lintner Sales & Marketing
Also, please, never ever buy anything advertised via SPAM, even if it'ssomething you want. This just encourages more SPAM on all of us.Also,never click on a link in a SPAM email message as this is likely to result inyour receiving even more SPAM.
One tactic spammers often use to avoid anti-spam software is to change thespelling of words that the software might think indicates a message is SPAM. Themost famous such word is Viagra. A humorous take on the many ways Viagra ispurposely mis-spelled can be read in There are 600,426,974,379,824,381,952 ways to spell Viagra.On a serious note, mis-spellings also used, as mentioned above, to disguise thereal address of a web site for fraudulent purposes.
Garbage words: Another tactic you may see in SPAM messages is the inclusionof many garbage words or garbage sentences. This is done to get around assorted SPAM filters.Belowis an example of this where the garbage words are at the bottom. SPAMfilters based on Bayesian interference decide whether a message is SPAM or not based on words that oftenappear in SPAM messages. The tactic here is to include words that normally donot appear in SPAM messages in order to get a message classified as not beingSPAM. I have seen this described as "word salad" or "dictionary salad".In HTML based messages, the garbage words may be hidden by either making themthe same color as the background or by making the text extremely small. If youview your messages in plain text, the garbage words will always bevisible.
Subject: jerome smile Hey, come on - Purchase G.e.n.e.r.i.c V I A G R A - Get the magic Blue Pills NOW!! semaphore nuclei bazaar paraphernalia glow beg ambition embassy optometry thump feedback fill scrotum mutter alcove inadequacy vise chalkboard bestsellerangle concertina what'd stablemen drier erosion garner monkish sandblast tenneco vignette embryo detente filler grover cute e'er ligget polkadot toad buzz pallidconfectionery scowl doorbell blumenthal somerville harrisburg it glisten methylene upsetting botanist sedimentation depict garrison filledbema
From: Gabriela Zavala <estyugoslav@attbi.com>
Reply-To: Gabriela Zavala <slimylens@attbi.com>
STOP WASTING YOUR MONEY!
http://www.WQ9.wesiwhchned.com/gp/default.asp?ID=bw
We also have these medications in highly discounted generic form:
Ambien, Xanax, Phentermine, Lipitor, Nexium, Paxil, Valium and Vioxx.
Physician Consultation: FREE!
Fast, private, and FREE delivery
Convenience: 10 minute online consultation
I want to say adios
Bayesian SPAM filters have gotten so good that the bad guys have yet anothernew tactic, no words. An HTML based email message contains nothing but a link toa picture. The advertising message is wholly contained in the picture.
Why is there so much SPAM and Phishing? It's profitable and easy. Here is oneexample of the easy part. This is an actual email message that I received inApril 2004.
Subject: Re: Emails of eBay members
From: Tom Theroux <teodor@crewstart.com>
Hello:
We are offering an email database which allows to contact eBay members (both sellers and shoppers). These are individuals that buy and sell items on the eBay auction. Please notice that 90% of eBaycustomers are also customers of PayPal.This database will be perfect for selling your products/services, because we are providing you unique prospects who purchaseand sell more than anybody else! The data contains 408,000 records, which include personal email addresses only. The recordscover ALL categories listed on eBay.
The database will be delivered to you in any format of your choice (Excel, ASCII, CSV, etc.).By default it is provided in a 4.4MB TXT file.The data was collected in the period of last 2 months and will be updated quarterly.
The price we are asking is $360.
To place the order please fill out the form: http://www.gmthost.com/ebay.phpTo contact me please email to info@gmthost.com (THIS EMAIL ONLY! DO NOT 'REPLY').Please notice that we also maintain a list of eGold sellers.
Best, Tom Theroux
Bounced EmailsTOP
Should you send an email message to an address that does not exist, it is likelythat the email server at the recipients domain will respond to you with an emailmessage informing you of the problem. Your message is said to have"bounced". Below are excerpts from legitimate bounce messages. The reason this is here isbecause there are two types of bad bounce messages.- Ones actually generated by an email server, but for an email message that you did not send. Delete the message and forget about it. Many viruses proliferate by emailing themselves with fraudulent FROM addresses. If you are the victim of this, there is nothing you can do. You may also get a real message from a real email server complaining that you sent an email message with a virus in it. Most likely you did not. Instead the virus sent out many copies of itself from someone else's computer using a forged FROM address and you are as much a victim as the recipient. For more see Could You Be Sending Spam? Spammers are using new tools to hide the origin of their messages. by Lincoln Spector in PC World magazine. May 30, 2003
- More serious is when a virus or worm sends a message that appears to be a normal bounce message but is fraudulent. In this case, there will be an attached file and a phony story in the body of the message that tries to trick you into opening the attached file. Don't! Delete the message.
This message was sent to an unknown user at EarthLink:
Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software (Exim). SMTP error from remote mailer after RCPT TO:<testingabadaddress@earthlink.net>:
From: Mail Delivery System <Mailer-Daemon@smtp4.mindspring.com>
To: you
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
testingabadaddress@earthlink.net
host mx2.earthlink.net [207.217.125.17]: 550 testingabadaddress@earthlink.net... User unknown
This message was sent to a non-existing user at AOL:
Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software (Exim). thisaddressdontexist@aol.com
From: Mail Delivery System <Mailer-Daemon@smtp5.atl.mindspring.net>
To: you
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mailer after RCPT TO:<thisaddressdontexist@aol.com>:
host mailin-03.mx.aol.com [64.12.138.120]: 550 MAILBOX NOT FOUND
This message was sent to a non-existing user at a domain of mine. The finalline is an error message that I configured using the Control Panel of the website hosting company for the domain.
Subject: failure notice Hi. This is the qmail-send program at <thisuserdontexist@thedomainIown.com>:
From: MAILER-DAEMON@lownok.pair.com
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
===> Message sent to non-existing user. Ignored. <===
This message was sent to someone at EarthLink whose email inbox is full:
Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software (Exim). person22@earthlink.net
From: Mail Delivery System <Mailer-Daemon@smtp6.mindspring.com>
To: you
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mailer after RCPT TO:<person22@earthlink.net>:
host mx7.earthlink.net [207.217.125.22]: 554 This mailbox is full.
Please try again later. for person22@earthlink.net
FAQs
How do you write a bad email? ›
- Gather facts. Before sending a difficult email, gather all the relevant facts. ...
- Review company policies. ...
- Decide if an email is the best channel. ...
- Choose the correct tone. ...
- Share the news at the beginning. ...
- Give an explanation. ...
- Apologize if you are at fault. ...
- Offer a resolution.
Being too casual. While the tone of your message should reflect your relationship with the recipient, Haefner says, too much informality will make you come across as unprofessional. She advises being judicious in your use of exclamation points, emoticons, colored text, fancy fonts, and SMS shorthand.
What are 3 things you should not do in an email? ›- Don't hit 'send' when you're emotional. You may feel sorely tempted, at times of peak frustration, to fire off something quick and furious. ...
- Don't ramble. ...
- Don't conduct personal business. ...
- Don't gossip. ...
- Don't joke. ...
- Don't criticize.
- Do: Use proper salutation. ...
- Do: Proofread. ...
- Do: Stay concise. ...
- Do: Keep Calm. ...
- Don't: Use buzzwords. ...
- Don't: Put anyone down. ...
- Don't: Punctuate poorly. ...
- Don't: Forget the conversation closer.
Features of rude emails
Abusive language or derogatory content used to disrespect the reader, which is clearly deductable, is a sign of a rude email. The foul language used in a rude way to show disrespect, harassment or threat is subjected to legal action.
For example, if you were turned down for a potential job, you could say something like, "I'm sorry to hear that you decided to go in a different direction. I was looking forward to the opportunity, so I'm disappointed in the decision to hire somebody else."
What should you not include in an email? ›- Social Security numbers.
- Driver's License numbers.
- Passport numbers.
- State-issue ID numbers.
- Any bank/financial account numbers.
- Credit/debit card numbers.
- Protected health information.
- Documents protected by attorney-client privilege.
- Don't write like the reader is your best friend. ...
- Don't assume the reader knows who you are and why you are emailing. ...
- Don't use informal language and emoticons. ...
- Don't ramble on and on and on. ...
- Don't forget to proof read for spelling and grammar mistakes.
- Use a clear, professional subject line. ...
- Proofread every email you send. ...
- Write your email before entering the recipient email address. ...
- Double check you have the correct recipient. ...
- Ensure you CC all relevant recipients. ...
- You don't always have to "reply all" ...
- Reply to your emails.
- You shouldn't leave someone hanging. ...
- You shouldn't ask something urgent in email. ...
- You shouldn't write a novella in an email. ...
- You shouldn't use your inbox as a to-do list. ...
- You shouldn't let your inbox pile up. ...
- You shouldn't over-think an email. ...
- You shouldn't under-think an email.
What is inappropriate use of email in the workplace? ›
Keep it professional. Never convey anger, use profanity, or make racist or sexist remarks. Remember, inappropriate words or images sent via email can come back to haunt you. Don't send or forward emails containing libelous, defamatory, offensive, racist, or obscene remarks—even if they are meant to be a joke.
What is a commonly made mistake when sending an e mail? ›Misdirected emails – aka the wrong recipient
Most commonly with this email mistake, recipients have the same first name or initials as the intended recipient, and accidentally get added to the address list without being noticed.
Include a salutation
Address the recipient of your email with an appropriate salutation. Use a formal greeting with their first name if they're a colleague or co-worker or their last name if they're a supervisor or client, such as the following examples: Dear Mary, Good morning, Ms.
Email etiquette means the principles that guide our behavior when sending and receiving emails. This code of conduct includes guidelines regarding appropriate language, spelling, grammar, and manners. The proper etiquette depends on whom you are emailing.
Is kindly rude in an email? ›“Kindly”
If you are still using this word, it is best you stop. It is old-fashioned and seemingly antiquated. It is better you use “please” rather than “kindly.”
However, to start, write an initial email that says everything you want to express. Let out all of your feelings, emotions, and insights, but do so in a Word Document. Then, when done, read it and delete it. While not a long-term solution, doing so can be therapeutic.
How do you start an angry email? ›Express your emotions
However, to start, write an initial email that says everything you want to express. Let out all of your feelings, emotions, and insights, but do so in a Word Document. Then, when done, read it and delete it. While not a long-term solution, doing so can be therapeutic.
- 1 I hope you and your family are holding up. ...
- 2 I appreciate you(r) + [gerund phrase] ...
- 3 I wanted to let you know I've been thinking about you. ...
- 4 Sending positive vibes! ...
- 5 First and foremost, how are you?
Start the email on the lines of “Your email came across as a bit rude/harsh in tone. I'm not sure if that was intentional or not.” This immediately lets the sender know that you have taken note of breach of professional lines. Next, if you were in the wrong in any way, be sure to own up to it and apologize.