I have been waiting patiently for someone to mail one of these to me. Now I can use it as an example. I’ll show you how to uncover it as a fraud.
Golly. This one was really hard to spot.
Just kidding. This is obviously a fake email. I don’t think that American Express is likely to be sending email from “Steakhousetopia.com” regardless of how challenging Internet operations might get.
Here’s a clever two-step attack on a Macintosh. First, the victim downloads a file – it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
Here is a phishing email I received today. These almost always land in my junk mail (hooray!).
This particular one encourages me to click on a Microsoft Word file claiming to contain an invoice I should pay. I also received a couple with “.xps” attachments. These apparently make use of printer paper specification files in MS Windows.
According to an article in Threatpost, these may be part of a phishing campaign that uses an unpatched flaw in MS Windows.
In June, 1999, Senator John McCain had started his presidential bid and was visiting companies in Silicon Valley, including Secure Computing Corporation, where I worked. He was there to discuss government policies on several tech topics, including the export of cryptographic technologies and products. I had been writing policy statements about crypto exports as part of my job. I’d also published my first book, Internet Cryptography, so they flew me out from Minnesota to meet the Senator.
I received an impressive email scam recently. My response was to forward it to the email provider’s abuse contact (firstname.lastname@example.org) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I’ll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don’t pay $1900 in bitcoin.
The scammer’s email landed in my spam folder. I was given a deadline of July 11. I didn’t clean out my spam folder till today (July 15).
In fact, the scammer does have one of my passwords: a throwaway password I use with throwaway accounts. When a web site makes me “register for an account” to retrieve information I want, this is the type of password I used to use. Now that I use password manager software (Lastpass specifically) I choose passwords more randomly and let the manager remember them.
I’ve signed on to do a Coursera online course on cloud security. I’ll share more details as production progresses. This post contains a few notes on organizing video clips for a large project.
The video almost always consists of two synchronized streams: one of my bearded face narrating the video and the other of animated images, text, and diagrams. This is more complicated than my older video efforts, which consisted of animated presentations with voiceover.
I’ve now learned the value of the famous movie-studio clapperboard slate. I’ve also learned that your file naming process has to blend well with your editing style.
There is no way to verify an email’s contents except through cryptography. Until every email client includes encryption and reliable authentication, we should always doubt an email’s source.
We can increase our confidence in an email a little, though, by tracing its path through the mail system. I use this technique more-or-less daily to look at potential phishing emails. If the final Received header didn’t come from my bank, then I know it’s fake.