Top tips to
protect yourself from malicious spam
- Atilla Tiriyaki
- Average Reading Time: 10 minutes
- Business & Events, General
- articles, atillat, guides, top tips
Unsolicited Spam or Scam messages, as they are known, are any email messages you receive that will have two or more of the following characteristics:
- Unsolicited – this means that you never asked for or gave your permission for your email address to be used. You did not sign-up for a newsletter or provide your consent for a company or individual to store and use your data
- Used to deceive – unlike unsolicited mail, which might be legitimate in some countries, Spam messages are different. These types of messages are usually used to deceive or trick you somehow. One of the most important tells or characteristics is that the email might look like a genuine offer. They can take the form of an email from a trusted brand. These Messages are often designed to look similar to your bank or from a company you have used before. However, whenever you click on any of the links found within the message enables these fraudsters to obtain your login details or related financial information. The straightforward principle to follow is that if it is too good to be true, it is often is fake
- No personalisation or generic – when you receive emails from companies you know, the email usually contains information about you. Information such as your name, email address and even sometimes account information. Genuine emails will contain content customised to your preferences and some form of personalisation. Whereas spam messages are the complete opposite, often generic and non-personalised, with phrases such as dear client or your title and name presented in the wrong format
- It looks like but is not compliant – emails that comply with the law will include a method for you to unsubscribe from receiving future emails. Unlawful or unsolicited messages often do not have an unsubscribe option. Some may have an unsubscribe link that does not work, or when you submit a request to unsubscribe, it goes ignored. Genuine and law-abiding companies have and are required to provide both an unsubscribe link and respect your request of removal, often within ten working days from receiving the request
- No contact or company information – spam is usually used to deceive, so emails will likely have no or false contact information. If you search the email or physical address, you will often find that they do not exist or they are not registered to the company mentioned in the email
- Misleading email subjects – Spam is all about getting your attention and getting you to open and act on the content. The email subject often will not relate to the body or the central theme of the email. Titles such as you have won, or your account is locked are all designed to grab your attention
Historically, spam messages were easy to spot. Email and subject titles like you are a beneficiary, meet local men and women, and a trusted friend from overseas were common themes. The messages always involved clicking on a link or emailing back with your bank details. Though some may have been fooled, the majority were not. Spam emails have been evolving and are getting much more sophisticated. Now many look like they are genuine and from well-known banks or order confirmations from trusted companies.
At first glance, many of these emails look real; however, you quickly remember that you have not placed an order or your bank has never sent an email like that before. Though a lot more deceptive, there are little clues in the message. Usually, the body of the text will be poorly written, given many of these messages seem to be written by non-native English speakers. The message will likely include low-quality images and typically exclude any footer information within the email. Though the emails contain personal information about you, it is never quite right. Maybe an old password, which no company would generally send, or just your first name. These more sophisticated messages fooled many of us, not because of the quality of the email, simply because it played on the fears of the person receiving the email.
When you thought it could not get any worse, people have begun receiving emails more of a more severe nature. Emails that look genuine and which are extremely scary to the recipient. The message would start with the fact that your pc, laptop or device had been hacked months ago. That the person who has sent the message, the so-called hacker, has been watching your every move for months. Fear immediately sets in, as there have been many stories of large companies being held to ransom by hackers. The story and scenario are so believable that many people initially accept that this is genuine and happening to them right now. The email may even look like it was sent from your email address and contain a password that you use or have used before. The email also states that they have recordings of you in a compromised situation, calling you a pervert, even providing the title of the file they have on you.
You are then given a cryptocurrency address and told to pay thousands of US dollars to that account, often with a deadline of 24 hours. Failure to pay means that the compromising video would be sent to the contacts found on your computer or device. You are immediately reminded that your computer has all of your contacts, friends, clients and colleagues, making the threat even more real to you. Receiving these messages are scary, mainly because the scenario is plausible, making the whole situation even more believable. The fear can make you less rational, especially when they share a password you use or have used in the past.
The extortion spam messages have been highly lucrative to these criminals, and they have made millions worldwide by tricking people; however, before parting with your money – THINK
Frequently featured in the news are stories of well-known companies that have been hacked. Reports highlight how these major companies have been comprised, and thousands of their customer’s information made available to criminals. The compromised companies email their customers warning them to change passwords; however, your information is now out there for all to see. Typically, information such as your name, home address, email address, even passwords are available and sold on the dark web and used in these types of deceptive campaigns. Your compromised details explain the information used within the spam email and how they obtained your email address in the first place.
So that will often explain the most likely method of how they got hold of your information. If you are unsure how your data may have been compromised, you can check your address on free services such as Have I Been Pwned (https://haveibeenpwned.com/). The service searches the internet and all data sources made available on the dark web and other sources where your data might have been compromised. If your email address is found, you will establish how your data was compromised and made available to the scammers.
Remember, it is not your fault. In the future, to protect yourself, make sure you do not use the same password for all of your accounts. If you suspect an account has been hacked, change the password immediately. If the email service you use offers two-factor authentication, switch it on. Two-factor adds additional protection, all of which helps to stop it from being compromised in the future.
Suppose your pc, laptop or device has one of the newer or latest operating systems. If you have antivirus software installed and some form of firewall enabled, remember Windows Defender comes free with Windows 10. Finally, if you connect through a private network, it is unlikely you were hacked. In addition, if your camera had been activated, you would have typically seen the light come on. If you cannot recall seeing the small light, which is usually found next to the camera lens, it is likely it was never accessed. To protect yourself in the future, you should place some tape or a lens cap over the camera when it is not in use.
So, in all probability, you were not physically hacked, and they are hoping you will be tricked into believing you were. Ultimately, the scammers hope you think you have been compromised and part with your money.
Was it, though? The short answer is probably no. Just because the name in the address field and email address shown is your email address, it does not mean it was sent from your account. Most email clients allow you to configure the sender’s name and email address. However, a quick investigation will show that it was probably sent by a completely different email address or server altogether. The easiest way to know for sure is to look at the message header. The process for viewing the message header differs depending on the email clients and systems you might use. Media Temple (https://mediatemple.net/community/products/dv/204644060/how-do-i-view-email-headers-for-a-message) have created a simple to follow guide for each of the popular email clients used.
When looking at the message header, try to locate the ‘received from’ field and check the email address within that field. Is it the same address as per the email? If not, then your account was likely not hacked. You can easily trick the email client into displaying a defined name and email address when sending an email. If they had entered your email address without going through your service, then the message would have been rejected. It is easier for them to use a throw-away email address and pretend to have sent it from you.
That does not mean that your email can never be hacked, especially if you use the same password for all your accounts. If you believe you have been hacked, the best thing to do is to immediately change all of your passwords and get in touch with your service provider, if possible, as they might be able to assist.
The bottom line is that spammers rely on bulk messaging, sending out thousands, even millions of messages each day, in the hope that just 1% of people fall for the scam. They want to put in the minimal effort with bulk messaging, so hacking your account would have taken too much time and effort.
If this is genuine, ask yourself a few simple questions:
- Have I seen even a sample of the recording? If it is genuine, they would likely send you a screenshot to prove that it is real
- If I pay, would they probably come back to me again and again? The answer is yes, and they will keep coming back until you cannot pay any more or refuse
- What would happen if a message was sent? Likely nothing, you could explain it away, tell friends and family it is fake, doctored, even sent to someone you met who is now trying to extort you etc. Even if recorded, your face might not be visible within the recording
So, breathe calmly and think carefully. Let the deadline pass and see what happens, likely nothing. When it comes to extortion, the best example was the Amazon founder, Jeff Bezos. Naked pictures of him ended up in the hands of people trying to blackmail and extort him. In response, he went to the media and told the world that the photos were his. As a result, he did not pay the criminals a single cent and gained a lot of international respect for his approach.
Yes – the email will likely tell you not to, that they will not be caught, but this is not true. Every email is traceable; it takes some work to find the source from where the email was sent, but it certainly is not impossible. In terms of nothing happening to them, citing they live far away from you etc., however, that is also likely not true. Criminal activities, even spam, are a global issue, and many countries work together to fight these malicious activities. Suppose the individual or company is part of a major criminal network and is in a country with an extradition arrangement with the country you live within. An extradition agreement could mean that any of the individuals involved could be handed over to the police in your country. Harmful, deceitful and extortion related emails and activities are all illegal in many countries, so they are banking on your silence. The only time it is not advisable to contact the police, is if your country is known to have a corrupt police force or where exposing your sexuality or gender identity could put your safety at risk
I know you might be scared, but you are not alone. The adult entertainment industry makes millions each year because you are not the only person to have watched a video online. Before you are fooled, take a moment to think, follow and refollow the steps outlined in this article. You are not alone; others have been fooled. Ensure that you mark this down as a convincing spam email and not an ongoing extortion issue. I hope it all goes well for you.