Staying On The Correct Path

In a current task where I had to consolidate the structure of a website and organize the files better, I ran across this interesting quirk.  When developing, we work in a virtual directory on our local machine, while on a real server, it runs in the root directory.  This poses problems whenever we want to use relative paths to images, style sheets, etc.

The key to fixing this is the VirtualPathUtility, which has the logic in it to determine the root of the web application and return a proper path.  I thought it would be easy to just use this object right in the markup like:

<head runat="server">
    <title></title>
    <link id="cssLinkOutside" href='<%=System.Web.VirtualPathUtility.ToAbsolute("~/StyleSheet.css")%>' rel="stylesheet" type="text/css" />
</head>

That didn’t work.  The rendered HTML turned out to be:

<link id="cssLinkOutside" href="&lt;%=System.Web.VirtualPathUtility.ToAbsolute(&quot;~/StyleSheet.css&quot;)%>" rel="stylesheet" type="text/css" />

Pretty literal.  The cause of this odd behavior is that the HEAD tag is set to runat=”server”.  If that piece is taken out, the embedded code works well.  So if you need the HEAD to be a server control – like when using themes – then what?  You can add code in the code-behind to do an attributes.add() on the LINK tag.  But having to add code in two places for such a simple need is just too much, especially when I was looking at updating a couple dozen pages.

The workaround is kind of surprising: Wrap the tag that contains dynamic code in a placeholder.

<head runat="server">
    <title></title>
    <asp:PlaceHolder runat="server" id="holder">
        <link id="cssLinkInside" href='<%=System.Web.VirtualPathUtility.ToAbsolute("~/StyleSheet.css")%>' rel="stylesheet" type="text/css" />
    </asp:PlaceHolder>
</head>

This renders the tag properly:

<link id="cssLinkInside" href='/WebTestbed/StyleSheet.css' rel="stylesheet" type="text/css" />

Spam Gallery–Your Credit Card Is Blocked

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

Another simple piece of spam.  This email has a single link to do its work, and like all others, takes you to a site that is not VISA.  Understand that VISA itself doesn’t not manage credit cards, banks do.  You would get a notice from the bank that handles your VISA card, and that would be a phone call, not an email.  So, what wrong with this email?

  • No personal details like name, “account ending in xxxx”, etc.
  • No one says a credit card is “blocked”.
  • Poor grammar throughout
  • The spammer lives in an area where periods and commas are reversed, like Eastern Europe ($1.345,50=$1,345.50)
  • No logos or other disclaimers like you would find in a company email.  Light purple is not a typical highlight color.
  • VISA doesn’t manage credit card transactions, banks do.

I can’t even give a closing recommendation for this.  There’s no reason to click the link out of curiosity or misplaced urgency.  The poor grammar in the message should be enough to convince you the email is fake.

Spam Gallery–Scan from a Xerox

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is humorous to me because I used to work with someone named Magaly and I thought it was a pretty unique name. But some of the standout features of this email are:

  • The FROM address is from my domain, which is a personal domain.  In a corporate environment, this could be convincing, since “officejet” is the name of a print server.
  • The subject says the email has been forwarded twice, but the body of the email shows no headers from previous recipients
  • The email was sent at midnight.
  • The “document” is not attached, but is linked.  This is backwards of the spam that had the ZIP file attachment, where you would expect it to be a link.  in this case, you would expect it to be attached, since the print server is usually a small network device, not a file server.

In a corporate environment, this email could be convincing.  You may not know what printers/scanners are available, nor who would be sending files like this.  The best clues to spot this as spam are the “fwd” tags in the subject.

Spam Gallery–United Postal Service Tracking

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

After all my posts about emails simply looking suspicious, then comes one that is all wrapped up in someone else’s template.  Let’s look at what they did right:

  • They used a complete template from a UPS email, which makes it look authentic.
  • They left most of the links in the email untouched, so if you clicked the UPS logo, you would go to the UPS home page.  The only malicious link is the “Track your Shipment now!” link
  • They included the first part of my email address in their greeting for personalization.

But they still got plenty wrong, including:

  • The FROM address is from my email, except using @gmail.com,  not from ups.com.
  • The subject line uses the name “United Postal Service”, not “United Parcel Service”.  Things get weirder in the email footer, where “United Parcel Service” is used, but references are also made to “USPS.com” and “USPS Team”.
  • They use the phrase “With Respect To You”.  Foreign spammers must think American companies are very personal and proper.  They are not.

When you receive an email like this, ask yourself: how did they get my email address?

Spam Gallery–You Have Been Sent a File

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is one of those “almost had it” types.  I have done work for a company called SupportSpace, who had a contact named Monika.  The filename referenced used my online handle to provide legitimacy.  However, I still didn’t bite.  I considered the following:

  • I’ve never heard of “SendSpace”.  There are no links to their website in the email and the email is not sent from a sendspace.com domain.  For being the best file sharing service, they don’t know how to promote themselves.
  • The capitalization of the company name differs in the email.  This would not happen in a professional communication.
  • The capitalization of the sender’s name is odd.
  • Checking the link address of the download link points to some random site, not anything related to sendspace.com.

Be even more careful when you see something that may be relevant to you.  When there is only once choice in an email, like “Download” in this example, be suspicious.  Businesses love to promote themselves whenever they contact someone.  The lack of logos, slogans, and promotional links is a red flag.

Spam Gallery–Need Your Help

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is working on the premise that you must act before thinking.  Like most spam, the link will redirect you to a page where you are at risk of virus/trojan/worm infections.  This email has the following traits:

  • The FROM address is unfamiliar.  It uses the same domain as my email address, which could be effective in a large corporation, where you may not recognize the person, but the you familiarize with the email address.  This is known as “affinity fraud”.
  • There is no personal information in the email to indicate that the email was sent directly to me.
  • Most people would paste the URL to the bill in the email.  This email has the URL hidden behind a label (“Here is the bill”).  Although it isn’t difficult for the average person to do this, it isn’t likely that if the email was sent in a hurry, the sender would take the time to format the link in that way.
  • I’m unsure of what the purpose of the “Secure Checksum” closing line on a lot of these spam messages means, but it’s beginning to be a sign of spam.

Always check the address of links in emails.  If the sender is someone you don’t recognize, slow down.  If you receive a message like this at work, check the company directory to see if it really is someone that works there.

Spam Gallery–Delivery Confirmation

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is so full of mistakes, the spammer must be hoping that the recipient doesn’t even read the message and just clicks the link.  How many mistakes are there?

  • The FROM email is from UPS, but the email message is from FedEx
  • UPS and FedEx are always capitalized in that format.  Anything else is not their trademarked name.
  • The link in the email does not go to fedex.com (or ups.com, either).
  • Grammar and spelling mistakes.
  • A non-professional closing, “With best wishes”.

Overall, the email looks sloppy.  A company would never sent out something that brief and simple.  If the email doesn’t catch your eye, or catches your eye in a “huh?” manner, it needs a second look over before clicking anything in it.

Spam Gallery–Security System Updates

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email tries to use terms that sound current.  News reports may be mentioning FDIC more often with the recent banking problems,  but a lot of people may not realize what an ACH transaction is.  The general fear the spam is trying to evoke is that you will not be able to do any bank transfers until you apply a security patch to your computer.

To think this through, why would an update to your computer help anything?  Your computer is not involved in financial transfers.  Those transactions happen between banks.  Even if this were legit – and it isn’t because the FDIC has no part in managing transfers – it would be a patch your bank would need to make to its computers.

Look closely at the language.  When would a company ever use the closing “Faithfully yours”?  That is very inappropriate language for business.  Moreover, the general grammar and terminology is poor.  There is no proper use of the phrase “update your security version”.  Also, the email address is not from the fdic.gov email domain.

Pay close attention to who the email is from.  If it’s a person, it’s probably not an email representing an organization.  Businesses have specific email address that they use to send bulk communication from.

A variant:

image

Spam Gallery–Your New Contact

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This one should be easy.  It’s pretty unlikely that the recipient really did meet at a café, but the curiosity is there to see exactly what this is all about.  Don’t be fooled.  The link doesn’t download a DOC file.  It directs to a malicious web page.  Notice:

  • The FROM name is different than the signature
  • The spelling and grammar is terrible for a supposed business communication
  • There is no personal greeting

Be careful of emails that sound intriguing or juicy.  The spammers want you to click that link.

A slight variant:

image

Spam Gallery–ACH Transaction Rejected

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This spam is actually listed as a news item on www.nacha.org.  There’s not much to go on, but if you mouse over the link, you will see that it doesn’t direct you to any site affiliated with nacha.org.  The only other suspicious thing about this email is the odd wording about “you or any other person”.  That’s not usual business language.