Spam Gallery–Traffic Ticket

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is one of those that gives you a single option and that is the option that will wreak havoc.  Here’s the signs of spam:

  • A subject that makes you feel you need to take immediate action.  A traffic ticket that is wrongly issued would scare most people into taking action.
  • The FROM address is from AOL.  It is not likely the LA police department is using AOL for email.
  • A strange formatting of an official document.  “POLICE AGENCY” is very out of place.
  • The time is misformatted (“0:14 AM”).
  • Although the date format is DD/MM/YYYY, and that format is used by the military and federal government, it typically is not used in normal communication.  It may make the notice seem more official, though.
  • Lack of details such as license plate, your name, anything more than “SPEED OVER 90 ZONE”, which in itself doesn’t make any sense.
  • The email is marked as being replied to and forwarded, but the email body has no headers from previous recipients.
  • The link address does not go to any website that would even make sense for entering a plea.

Don’t rush to click the first link you see if the message freaks you out. There is plenty of time to evaluate a notice.  Always check link addresses.

Spam Gallery–USPS Delivery Failure

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This email is somewhat obvious, but maybe curiosity would cause some to get tricked.  Check the following:

  • The email is from the USPS, but the email address is not from usps.gov.
  • The email does not give any personal information such as name, location, or recipient.
  • The grammar in the message is very poor and there is a misuse of words to make the message sound intelligent (“erroneous” in particular).
  • No one sends attachments anymore.  All businesses will link you to their web site to download a file or a report.
  • The attachment is not a PDF, it is a zip file.  If you look in the zip file, there is an EXE file, which is clearly not a report.

Even if you did send a package on or near the date mentioned in this email, how did the USPS know your email address?  Don’t let curiosity get the better of you – wondering what the shipping label says, wondering if you can claim a package that isn’t yours.

Spam Gallery–Facebook Notification

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

This message is spoofed as a Facebook notification.  Here’s the signs of spam I see in this message:

  • I don’t know the sender.  If you are excited about getting a message from someone you don’t know, you need to learn restraint.  The name is also in all caps, which is suspicious to a small degree.
  • The message excerpt is very short and generic, hoping you will click the link for the full message.
  • Hovering over any link shows that the address will take you somewhere other than Facebook.  Even the profile image is suspect.  Luckily, Outlook blocked all the images. 
  • Notice the notification date.  Now look at the email send date.  The spammer tried to make it seem like the notification had been sent right away, but the spammer is in another time zone, which made for a large gap in the time sent vs. the notification time.

Always check the links in an email before even downloading the images.  If you don’t recognize the name, don’t assume it’s someone trying to be friendly.

Spam Gallery–LinkedIn Notification

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

Being a member of Linkedin, this one made me pause.  I don’t recognize the name, so my assumption is that it is a tech recruiter, which I wouldn’t really want to deal with anyway.  Everything looks pretty legit about this message except for the links.  If you mouse over them, they show that they will redirect you to a site that is not LinkedIn.  All three of the links in the message go to the same address.  The address in this particular case had the word “terrorize” in it.  Probably a good indication of the anticipated result. 

Always check the address of the links in a message before clicking them.  They should have the company name in them.

Spam Gallery–Your Flight Order

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

image

My first thought on getting this message was “What flight?”  Then you have the usual signs of spam including:

  • Being addressed generically (“Dear Customer”)
  • Not having a departing airport, because it would be too obvious if it didn’t match my home location
  • Having the FROM address be from my own domain as if I’m sending it to myself, but can be really convincing if it is a corporate email domain.
  • Having a ridiculous airline name (“Airlines America” instead of “American Airlines”)
  • The body of the email is not consistent with an email that has been forwarded and replied to.  There are no other parts in the body with other recipient’s header information.

Even if you are curious, do not click the link.  There is nothing interesting to be seen.

Reboot 2012

It seems every year around the holidays, the 700cb family of websites gets some attention.  Most likely because that is when the hosting account renews.  This year, the sites have moved to their own server, which allows much more flexibility in what can be installed, configured, managed, and broken.

Since the loss of my blog hosted on the former SOAPitStop.com, I haven’t had an outlet for technical postings.  Now that I have this blog available on the 700cb server, I will repost many of my former SOAPitstop posts (from 2007-2009) as well as some more recent posts I’ve created on a corporate Intranet.  You’ll find a distinct difference in tone and delivery since the SOAPitStop posts were written for the public while the Intranet posts are for close coworkers.

So, like rebooting a computer, this is an opportunity for a fresh start, with renewed performance.  Welcome to the new 700cb blog.