A short time after the invention of the Internet, spam emails emerged as a way for hackers to do damage to individuals and businesses, and it is not likely for spammers to stop sending them. However, email service providers and experts work hard on finding new and more efficient ways to fight off unsolicited or harmful electronic mail. In this article, we will show you how to easily spot fake messages, so your system can remain protected and free of viruses, Trojan horses, spyware, and other detrimental software, which you may accidentally download, without even knowing, by visiting a link in a spam email. It is also important to protect your personal information and keep it secure and private by not entering sensitive data on phishing websites.
- What is spam, and what is phishing?
- How to identify phishing and spam emails?
- Suspicious emails and their links and headers
- Popular spam emails in 2023
- Bad emails from trusted senders
- Online tools for analyzing email headers
- Online tools for checking the reputation and legitimacy of domains
- The conclusion
What is spam, and what is phishing?
Spam is unwanted, unsolicited communication in digital form which gets sent out in bulk and is distributed to many recipients at once. There are many types of spam, the most common of which are:
- Malware messages. Some emails may include attachments containing viruses, which could infect an otherwise healthy system. This way, hackers can gain control over your device and abuse it, e.g. by stealing your credentials, sending spam on your behalf, etc. Generally, you should only open attachments from verified and trusted senders.
- Marketing emails. Companies you have never heard of may contact you via email without asking for your permission. If a message is very personalized and has the potential to be more beneficial to the recipient than the sender, then it may not be classified as spam but as the so-called "cold email". These, however, should generally not be sent in bulk and must offer an easy way to opt out of the mailing list. The requirements of some countries may differ, so you should always check your local laws before sending marketing emails.
- Fraudulent messages. Some messages are sent to you in an attempt to trick you into believing that your reply or another action on your part (paying a small fee) would lead to receiving a big reward. A scam becomes fraud when a scammer manages to steal your personal or financial information and use it for their own gain.
- Fake notifications. Spammers could mimic the appearance of legitimate emails sent by popular services, e.g. telecoms, email providers, large retailers, streaming platforms, etc. In such emails, the target may be tricked into clicking on buttons or entering their credentials on fake login windows embedded in the email.
- Prize scams. Are you the lucky winner? The odds are against you, so most such emails are clearly spam and usually target people who have little experience with emails and the Internet in general.
Phishing is a cybercrime in which an individual is targeted and lured into sharing sensitive information, such as credit card details or passwords. The scenario is usually the same and follows these steps:
- You receive an email from what appears as a legitimate source. The fake email could be warning you about an expired or stopped service, billing information update, login confirmation, etc.
- You click on a button/link included in the email.
- You are redirected to what appears to be a legitimate login page. The appearance of the page may closely resemble the original login page, or it may very well be an exact copy of it. However, the web address on which this fake page operates is usually very different. To avoid being scammed, always check the URL of the page on which you enter credentials or any other type of sensitive information. Also, make sure that the page is secure, i.e. you are browsing over HTTPS.
- If you fail to detect the phishing signs and enter any sensitive information on the fake/phishing page, this information will be sent to the hackers, who may use it to access important accounts. This can result in identity theft and financial loss.
More details on the topic can be found here:
An Overview of Online Phishing Attacks in 2021
How to identify phishing and spam emails?
- The name and address of the sender. Take a closer look at the emails you receive. Pay attention to the name of the sender:
John Smith <[email protected]>
John Smith <[email protected]>
John Smith <[email protected]>
In the above example, the name of the sender is the same, but the email addresses differ. It is important to remember that the name and email address of the sender can be forged without a hassle. Email spoofing is a popular type of cyberattack, because the recipient trusts the alleged sender, and they are more likely to open the email and interact with its contents, such as a malicious link or attachment. It is very easy for spammers to forge the "From" and "Return-Path" addresses, so you should never trust a message only because it seems like it was sent from a legitimate source. Check the email headers (i.e. message source, raw message) for additional information regarding the origin of the message. - Grammar and spelling errors. Often times spammers do not have enough time to check the content of their emails for errors. Emails could also be automatically generated or translated. In some cases, spammers simply lack good grammar.
- Inconsistencies in names, email addresses, domains, and links. Let's pretend that you received an email from Outlook in which you are asked to click on a link to resolve a problem with your full mailbox. First, your mailbox is not really full. You may not even have an Outlook mailbox. Second, the usual notifications sent by Outlook regarding a reached mailbox quota look different; you may not be familiar with the format of such messages, though. Third, if you hover over the link included in the email, and you take a look at the web address to which clicking this hyperlink would lead you, you would quickly realize that the destination address of the link has nothing to do with Outlook or any other service maintained by Microsoft. Usually, the links point to compromised websites which have already been infected with malicious content.
- Disrupted appearance of the email content. Are all elements of the email in place? Does it really seem like an official email, or does it seem like it was poorly copied and looks somewhat broken? Strange spacing or email layouts are also obvious giveaways.
- Urgency or threats. Is the email related to something that you need to do quickly, or is someone threatening you and telling you that your devices have been hacked? Such emails usually ask you to immediately act to avoid losing your domain or content. "Your email account will be deleted if you do not log in now" is one simple example of such an email.
- Generic greetings. Does the greeting start with a capital letter? Is your name mentioned? Starting with "Dear Sir", "Dear Beneficiary", or "Dear [email protected]" is definitely a red flag.
- Suspicious links and attachments. Is someone sending you a PDF invoice or an archive (e.g. ZIP or RAR file) with "important documents"? Are you familiar with this sender? Do you expect invoices sent via email? You may wish to contact the person/business via other means (call them) to quickly check if the email was indeed sent by them. Open attachments or click on links only after you have confirmed that the message is legitimate.
- Requests for login details, financial information, etc. Banks, financial institutions, or any professional organization for that matter, would never ask you for your credentials or credit card information directly. Any such requests should be a clear indication that the message is spam, and someone is trying to scam you.
Suspicious emails and their links and headers
Let's look at one very suspicious message and its headers, as well as the links inside. The next email was sent to [email protected] from (allegedly) Blockchain.com:
The domain of the sender is different, though (blockchain.cryptorefund.eu.com). The .eu.com domains are cheaper than .com but look similar. Here is the content of the message:
Check the greeting - "Hi, there". Very informal and does not look professional for a serious organization. "Get your BTC back" button links to a page hosted on blockchain.cryptorefund.eu.com, not Blockchain.com, and this definitely only looks like something related to the blockchain technology and is not a website officially associated with Blockchain.com. Here are the full headers of the message:
Return-Path: <bounces+33105604-ab18-mailbox=domain.com@em8897.blockchain.cryptorefund.eu.com>
Delivered-To: [email protected]
Received: (qmail 45859 invoked by uid 1002); 11 Apr 2023 08:17:57 -0000
Received: from wfbtqnbn.outbound-mail.sendgrid.net (159.183.66.178)
by 195.8.222.234 with SMTP; 11 Apr 2023 08:17:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blockchain.cryptorefund.eu.com;
h=subject:from:mime-version:content-type:list-unsubscribe:list-id:
reply-to:to:cc:content-type:from:subject:to;
s=s1; bh=JXLPISuNZUcGGfsleGyng01JYRb6heFD2EzewHPv+YU=;
b=Hp+0Q2ymH4FfEDT5rD4u6U5wtX9Ftb1yiy7wJoz8pzS2TSPFZwkot3OVvNzTFnjZOd4H
tb66LzOoWx0M7K58jOU1/BBxlRjauAb6bOIJ2vlMU3ukII17MbhyaWgQPk+mifRdxj9weZ
+Z96RPlQiWP1bgi/y5OAHXyQmZGqZy1d+St7z2jD5XVRqVdjzVX8Z4HOBmU9kseBjXWaGH
11yxx/3Cyc8yAm47T2J6IGraowa3KnJom4NMxxuC5CIFTTKUjXs5VVQJ2wlzvFuqbZy+Yq
z5pTbcoRzIZ1ZWBw85gVWaDHDtE40nNiRsYgW34GN+G5PgtysJASd7rqQSQbZEtQ==
Received: by filterdrecv-579ccb9d66-2p6dv with SMTP id filterdrecv-579ccb9d66-2p6dv-1-643517B3-1D
2023-04-11 08:17:55.452753859 +0000 UTC m=+4178691.023213251
Received: from blockchain.cryptorefund.eu.com (unknown)
by geopod-ismtpd-10 (SG) with ESMTP id bJUVInMjR66SyJTMv-5IAw
for <[email protected]>; Tue, 11 Apr 2023 08:17:55.307 +0000 (UTC)
Return-Path: <support@blockchain.cryptorefund.eu.com>
Message-ID: <86e97beeb48f63c777146fd3901141fcd125962c@blockchain.cryptorefund.eu.com>
Date: Tue, 11 Apr 2023 08:17:55 +0000 (UTC)
Subject: Withdrawal of 2,852867 BTC
From: "Blockchain.com" <support@blockchain.cryptorefund.eu.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_1681201075_67b733958bfb1b8f1091df00d0038449_=_"
X-Report-Abuse: http://blockchain.cryptorefund.eu.com/campaigns/ms125l5bk329d/report-abuse/gb0999lq848ec/gh5743y8zs51e
X-EBS: http://blockchain.cryptorefund.eu.com/lists/block-address
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <http://blockchain.cryptorefund.eu.com/lists/gb0999lq848ec/unsubscribe/gh5743y8zs51e/ms125l5bk329d?source=email-client-unsubscribe-button>,
<mailto:support@some-unknown-domain.eu.com?subject=Campaign-Uid%3Ams125l5bk329d%20%2F%20Subscriber-Uid%3Agh5743y8zs51e%20-%20Unsubscribe%20request&body=Please%20unsubscribe%20me%21>
List-Id: gb0999lq848ec <m333>
Feedback-ID: ms125l5bk329d:regular:gb0999lq848ec:rn3283da0z220
Reply-To: "Blockchain.com" <support@some-unknown-domain.eu.com>
X-SG-EID:
=?us-ascii?Q?l2lUnE35BbCanAV43ffSgLQHF63If8ul4VEqunGo3b8nj1=2FdDuQ6qZTAo1QNiK?=
=?us-ascii?Q?4JJxJWP8WGQzwdcNCXwlBuEENtTzuZZtRdfVlTw?=
=?us-ascii?Q?RYF36UICNlgto36X8Cd0w7DLHyZsF2feWGmS9BZ?=
=?us-ascii?Q?j5BfslTFzL0trYYieIMnp5q7XaaJMdePuV620uC?=
=?us-ascii?Q?Y6LZeFBEs2Okf=2F3q9YJXDBd5plu6FJNxjoFsPCy?=
=?us-ascii?Q?gffZiXxWCwpqJ1EXjgE3LpefaLeG1hxyXivvRlT?=
=?us-ascii?Q?OQ=2FLBYcOXGkgxDZtlcNQA=3D=3D?=
To: "[email protected]" <[email protected]>
X-Entity-ID: 68CzgL0+Uek4OgnQoVhXFg==
X-Spam-Score: 18.5/5
Look-alike (or cousin) domains are usually a very strong indicator that someone is trying to scam you. Asking for bank account details is also a big red flag. Furthermore, the message was sent through a third-party server which is not related to Blockchain.com at all: blockchain.cryptorefund.eu.com. The IP address to which this host resolves is 154.91.167.109. The email address "support@some-unknown-domain.eu.com" is specified as Reply-To address; some-unknown-domain.eu.com is another domain that has nothing to do with Blockchain.com. Also, the promises made in the message are too good to be true, which in 99.99% of the time means that they aren't. All this should be enough for a person to realize that they should not believe a single word written in this email and should stay clear of replies or any other interactions. Just flag the email as spam (move it to your "Junk Mail" folder) to train the anti-spam filter to better recognize similar emails and identify them as spam in the future.
Popular spam emails in 2023
We have mentioned some popular spam emails in the past, too, and spammers continue to use them to this day. You can find them in previously published articles:
Scam Alert – I’ve Got Your Password
Five Popular Domain and Hosting Scams to Avoid
Spammers are using Netflix, as one of the largest subscription video on-demand platforms, to trick users into entering credit card details as well as clicking links included in various malicious emails, which are getting more and more deceptive. Other top companies which spammers try to impersonate are Apple, Microsoft, Google, Amazon, PayPal, Intuit to mention a few. The list is endless, and the spammers are ruthless.
Some of the most mentioned subjects of spam emails in 2023 include "New Sign-in With Your Mail Account", "Storage Capacity", "Missed Call", "DHL Shipping Document/Invoice Receipt", "Your account has been suspended. Please update your information!" (wording may vary). Here is one example:
Bad emails from trusted senders
Although it may be difficult to believe, tens of thousands of email accounts get compromised daily, so spam may even come from the real email address of a friend, colleague, or family member. Spammers quickly take advantage of the situation and send very convincing malicious emails to the entire address book of an email user. The efficiency of such spam emails is very high, and even very vigilant and experienced email users may get caught in such a trap. This is why, you should always consider the possibility that an email, even from your best friend, could contain malware. This may seem stressful at times but could potentially help you to avoid greater problems in the long run.
Online tools for analyzing email headers
There are tools which you can use to analyze the email headers
https://dnschecker.org/email-header-analyzer.php
https://mxtoolbox.com/EmailHeaders.aspx
https://mailheader.org/
https://wintelguy.com/mtrace.pl
Each tool provides useful information about the pasted full message. You could also refer to the following article for more details on email headers:
Email Headers Made Easy – How To Read and Understand Them
Online tools for checking the reputation and legitimacy of domains
https://www.scamadviser.com/
https://talosintelligence.com/reputation_center/
https://check.spamhaus.org/
https://mxtoolbox.com/
The conclusion
The online presence of everyone has become almost mandatory, and this gives
spammers access to millions (if not billions) of potential targets. It is important to keep your online devices free of infections to avoid losing money or sensitive data. Once you start looking at your incoming emails more closely, you will quickly become your own personal spam filter, which will improve your overall security and will protect you from cyberattacks. Research by Deloitte found that 91% of all cyberattacks begin with a phishing email, so learning to identify spam is definitely worth it. Share this information with those close to you to protect them as well. Educate your friends and family members, so they can learn how to spot spam emails from afar. If you are a customer of ICDSoft, and you require assistance in determining whether an email is spam, you can always contact our support team and ask for help.