SPAM, Phishing, and Spoofing: Identification
Congratulations Savvy Internet User and astute reader. If you are ready, skip directly to the sMoreMail Quiz
You have found the only questionably useful content on this topic. Proceed for your continuing education credits, and certification of completion.
SmoreMail has been in the unique position to verify spam tools and techniques against the many email available. It is out of this cesspool of opportunity that our observations have been honed to save you the headache of processing unwanted email to offer efficient and effective techniques, processes, methods and cats.
An early failure to identify spam often results in lost productivity and minor increased system load - but a failure to identify phishing and spoofing can land your accounts payable with a deficit they'd rather avoid. Save face, cash, time , tears, and resources with the following process!
- Train your systems, train your users - and protect your users from unwanted email! That is what sMoreMail is all about. Of course if you have no system to train because you don't have
access to the underlying engine - then you need to take personal action. Proceed to step 2.
- * Log out. I know you're logged in as root or local admin. Just stop that. Be a normal user with limited privileges and rights. Only elevate when need be; and email is not a 'need be.'. Once logged in as a limited user, launch your email client of choice and take a look at that email, does it look like super spammy junk? Don't just delete it, right click if on a client, or mark as spam with your client. This action helps
train the underlying engine your network professionals have configured. you may not have direct access to the engine, but this is how you as a user can help your poor pasty skinned IT folks
who have yet to see the light of day, hate sunlight, and have a lid for their cubicle on order from amazon. look closely, they have ear plugs UNDER their chainsaw sound proofing ear muffs, and those
new glasses aren't because they are going blind, it's because they look at LCD's so much they purchased yellow tint glasses to knock down the glare. even though they work in IT, they are still
subject to the pitiful IT budget that corporate has allowed and the monitor they are using is actually the one you threw away before upgrading to the new 30" as IT doesn't have a fraction
of the budget your pitiful department has. next time leave the monitor without coffee splashes and finger prints. we appreciate that.
- * If the email does not look like obvious spam or phishing, don't do anything with it just yet. put on your Sherlock holmes hat and ask yourself, does this email even make sense? why
are you now getting an email about accounts payable when you don't work in accounts payable? don't just start clicking things... stop and think.. hmm......
- * at this point you probably already screwed up. you opened the email didn't you! bugger.... if your email client is not configured right you might already be executing malicious content.
don't even open the email unless you think it is good! the reason is some lame computer systems will start executing things and that can be really bad for both your files, your computer,
the companies network, and eventually accounts payable that should be paying YOUR expense report and not the foreign script kiddies that just social engineered your network by looking
for the lowest common idiot (HOPEFULLY NOT YOU) to click random things.
- * now, if safe, open that email. if not safe, shift+delete that thing. bypass the trash box and send it straight to haitees. don't make the mistake of looking through your archive that you
decided to save for 'just in case blackmail' and clicking that bugger again.
- * You've opened that email, scrutinized it with a your high level intellect your employer paid you to use and it looks fishy. how do you know it's fishy or as we call it here, 'Toasty'
Toasty: spelling - if the spelling is slightly better than sMoreMail then you have a problem. most professionals use proper capitalization, spelling and only make minor mistakes.
if this email is not professional, then you have a problem. proceed with extreme caution, if in doubt, fall back to old faithful shift+delete.
Toasty: 'Hey I know that company'- no you don't - someone just used a template from a well known company and prayed on some stupid marketing scheme. no better way to get you to
lower your defences than to look common. if this is 'form Microsoft' or your 'credit card company' or worse a bank, or maybe a client YOU WISH YOU HAD then that is highly unlikely and you
are about to get punked and be that stupid person that takes down the network or loses funds or your coworkers identity to an internet shmo.
Toasty: 'Click to Download' - marketers want picture perfect and don't want plain text, so it trains dumb users to just start clicking everything and downloading, clicking 'ok' and 'yes'
to every box that pops up as it is the only way to proceed and get your job done - well in this case, you aren't getting anything done, your being punked. if a marketer is not smart enough
to make basic content viewable without download then they don't need your patronage - go straight to shift+delete. as you start clicking yes to everything just so you can even view the Email-
there is a good chance you are clicking 'yes' to give permission to execution, as in YOUR EXECUTION, not just the running of a random file on your computer and network. when you see 'execute'
think you.. you are about to get executed, by your coworkers, boss and team mates that will look for the rope and pitch forks when you take down the network.
Toasty: links - if you have made it this far, still consider shift+delete to nuke this turd. you probably are still dealing with a live one, a super bad email. look at all those hyperlinks
that email - notice when you hover over, even that 'unsubscribe' the computer shows you where the link WILL GO. see all that random gibberish or root name that is NOT who you thought it was? well
that is because this link will send you to a tracking website, or worse, one that serves malicious content. when you hover over and look at that link with that trained professional sMoreMail trained
eye you now have the power of grayskull to know shift+delete is the answer. this spam is a turd, flush it.
Toasty: attachments look close at those stupid attachments. Flufy_kitty_not_from_smoremail.JPG.exe is not a real file. that ending is not a real image. learn about computers,
learn about the types of attachments you are expecting and don't run stupid stuff. anything that needs to be run is a super red flag, like flush the turd red flag. this includes pretty much
any Microsoft attachment that has VBA inside (used to run scripts), computer executable, self extracting anything, even zip files are containers for executable. now it gets interesting,
someone can serve you a PDF that you say 'hey, no bad junk in there, no executables!'. WOW, just got punked again. you open that pDF and start clicking random hyperlinks. yup. your a smo,
or a shmore, your coworkers will let you know when the damage is done.
Toasty: Spoofed headers - you are approaching a point where you need to dig deep, and use that college education. you know, the one you got so you could call yourself a working professional, and now have
the right to abuse your employers network with the unlimited power they bestowed upon you to connected to the local LAN and destroy everything with a click of a stupid button. when things
look weird, and even when they don't, view header in your email. take a look at the source, how the email got routed and realize that what you are looking at is a spoofed email sent by bots
to prey upon the lowest common denominator of those that SAY that are critical thinkers but after years of abuse in the work force just blindly click every RANDOM STUPID EMAIL to get through
the 7.2 hours (2.1 hours of actual work) each day so they can go home. if you made it this far, and you are reading the header of this turd, it's for good reason, you are now sMoreMail smart,
ready to toast any email and save that pasty IT professional from broadcasting it is Jane in accounts payable that just nuked the network looking at cat photos in email. shift+delete that turd.
Toasty: Fishing Email - When you click a link and it prompts you to log into your email, THAT IS NOT YOUR EMAIL - you were just in your email! this super bass trophy phisher just got your logon credentials. clicking a random link and then logging on to a site that is not really the site you think it is makes you a tard, retard. Someone took a virtual fishing pole, added the worlds worst hook, and found a bottom dweller fish that has been there since prehistoric times and got a super big bite. with not even a pull on the line, you found yourself snagged, caught and landed, like a bad fish, a smelly disgusting fish that is now breaded, battered, fried on a stick AND SERVED FOR DINNER.
Toasty: Spoof Proof - Hey, i know that sender and origin! I even recognize their reply-to email address, and the other recipients in the chain. Oh, look at that- They copied the director, president and CFO on this. It must be valid. No it's Not. No you don't. They just got your corporate directory from a poorly hidden fully indexed link on Google, and made a few calls to reception to verify your corporate structure. Look at the email header (yes, the raw base-64 encoded payload of your email) - do you see that sending server? This did not originate from on campus. CaptainWinki.ru @ 127.169.167.10 is not Ken@sMoreMail.com's origin email server. Anyone can change the reply-to email address and spoof email from a rouge email server. Most of our small suppliers and local businesses don't have the time, patience, or resources to fully identify their self-hosted email servers; so if we lock down email to fully verify senders you'll never see most of what your legitimate business contacts send you, and business will quickly come to an even slower pace then what it already is. Does Rachael in marketing often forward invoices for payment? Did she fill out a receiver? Do you have the original PO verifying the recipient's payment details? yeah, I though not. Stop shipping gift cards to the Nigerian prince of Whales and if the invoice looks phishy, skip it. Or call them on the 800# in YOUR records. Trust (or don't), but verify. A phone call, site visit, letter, fax, smoke pigeon, text, or IM never hurt anyone. Don't be in such a hurry to part with your cash.
Toasty: When in Doubt - A few sneaky suspicious mails can pass all the checks except the sniff test. If this smells even a bit boxy, litter boxy - kick this beast up the line to IT. Remind them them to use a superior OS like linux PepperSnow, and with the network disabled, airgapped and centrifuge free - open that email and attachment in open office and send a screenshot using greenshot if it looks remotely useful. They can do the mining, you can do the assessment against your Rolodex. If it's still a bit smelly, ask the sender to resend said attachments in a normal format like PDF-A , JPG or PNG. We don't need document3-draft2.pdf.docx.docm.
Toasty: Long tail - An often over-looked good habit of computing is backup. No, don't copy each subsequent year into next year and logarithmical decrease your capacity to retain backups - use a proper versioning system and keep a full backup off site. Spinning rust (aka an external HDD) is not the medium of choice, nor is the mug coaster optical disk. Spring for proper archival quality tape, and keep those sets synced yearly, monthly, weekly and daily with current changes. Nothing excites the multi-billion $ industry of encrypting your files and selling you a fake decryption key then you not having current backups. Therefore - if it's valuable, business related, or was once useful, keep a backup copy of it safe and offline on another system and physical medium. This includes your email archives.
Toasty: Shining Star - Remember, sometimes the senders of soggy mail ARE legitimate, and they have been punked. Some bots hijack a corporate email contact list, and then play Russian-mix-em-up with sender and receiver and roll the dice they might randomly pair you with someone you know from someone elses email contacts. That smo has been punked, BUT their system is infected. Give them a call, and without accusation, just notify them they've sent you something iffy and might want to change their password and do a triple-stack RPN virus scan.
Congratulations!: sMoreMail Graduate Proceed to the sMoreMail Quiz. You fine human being are now sMoreMail trained - a witty valuable employee in the workplace that is a partner with your poor IT buddy and are
NO LONGER THE WEAKEST LINK! (congratulations, non flat smore: you are toasted, thick and full of chocolate) your boss thanks you even if they don't, that VP in the department thanks you, even though they will be the one to click that turd next,
so sit back, enjoy the cats on sMoreMail home page and know the next one to nuke the network WILL NOT BE YOU. you have the power.complete your cat and submit your trophy and get
the online continuing education certificate you have just earned
Hold up your rite paw, and solemnly Take the Oath at a notarized sulivan testing center. " I will:
- Not be dumb
- Sniff out every turd of an email and shift-delete
- Always consider Block-sender
- Never set the naughty-bit to execute on anything received via email
- Never Click on a gibberish link in an email, or email attachment
- Never Reply-all to anything
- Never CC Myself on iffy correspondence with my superiors. That's just tacky.
- Never Enable Macro's - that is IT speak for 'smooshed smore'
- Amazon Gift Card my IT professional (with consideration to tanning oil)
- Always Backup. Not just my car- carefully and intentionally.
- Learn the 2019 5S (see below)
bonus: that '5S' initiative your department just started does not stand for "Sharpy, Sharpy, more Sharpy, Colored Sharpy, Metallic Sharpy" - stop writing your name on things, cutting shadow boards, and putting outlines around your business card holders. It use to stand
for a clean your crap up like your mom taught you. the US came up with some method, shared it with Japan after the second war, then Japan added awesome cool Japanese names and shipped 5S
back to the US in the '80's as 'clean your crap up' in Japanese, but the corp execs went crazy thinking it was something cool. We got Ruby in the 90's, but Now, in 2019, 5S really means:
Shiny - in the modern age, if it aint shiny we aint doing it. a bunch of distracted ravens and otters that suck up coins, super efficient humans
Shenzhen - Lets be honest, this is where the work you are doing will go to be produced. don't fight it, 2S it.
Salamanders - Your new Spirit Animal when you go through the 5S process - third S means you have arrived, welcome fellow salamander.
SuckIT - When you get to the 4'th stage of enlightenment, you have made it farther then any VP - you know 4S gives you the power to tell your coworkers to just suck it.
Chamisha - the 5'th S is a myth. Hebrew for 5 gives us our 5'th S. only after you hit level 4 do you know the real number 5'th S!
**Shock - the 6'th S, yes, you read that right, in 5S, the American corporations have bolted a 6'th 'S' on to it, now known as Shock. The 2 of you that have made it to this enlightenment level will have known it as safety previously, but 'safety' has been replaced with 'Shock' starting in 2019.
The sMoreMail Quiz
awaits your clickening. There can be only one. (or in the case of 12-pack-spam, MANY.)