One of the things we get asked about the most is spam (not SPAM!) where somebody has been sent some sort of junk email. Spammers are learning a trick from phishing attacks – not surprisingly as spammers send out email-based phishing attacks – which is to forge a sender from the same domain as the – if you were firstname.lastname@example.org, the spam would come from email@example.com.
The use of the same domain like this, is technically no more than what spammers have been doing for years which is to forge the mail address headers so that the sender appears to be an innocent victim. But the key change is to use the address of someone at your organisation to add extra credibility.
When getting a strange email, there are several things to do :-
- Don’t click on any links until you are sure that the email is genuine and isn’t likely to cause any damage.
- If it came from an email address you recognise, you can always check with that person to see if they really sent it.
- If the spam contains a link, use the right-click menu to Copy the link into the clipboard and check it with http://www.mywot.com/ (there’s a search form at the top right). If the links go to somewhere that isn’t trusted by the “Web of Trust”, it is likely there is something wrong with the spammed site.
- There’s also the standard advice: If it looks too good to be true, it probably is. Although sophisticated spam may try to avoid this, a great deal of spam makes exaggerated claims, promises the world, etc.
- Put it aside and think about it later.