Most of us are pretty aware of spam and spam filters, letters from Nigerian solicitors, Banks we don’t have accounts to, IRS rebates and the like. Here at Ava (temp agency and staff bank software) we use Google mail and Google spam filters are pretty good in our view. They do however occasionally make mistakes, so we trawl through the spam just to check there is not an email enquiry from a potential customer.
I was struck by one (of several) emails advising me that “setting for your mailbox ****@*.co.uk are changed” (sic)
For the a postmaster with access to the company domain, all the bogus addresses come to one post box. The postmaster knows there is no ava7 email user. Also this was one instance of about a dozen nonexistent email addresses. However if you are a single user you may not get that hint.
This email was slightly different from the norm: Almost passable English, no over flowery phrasing. “Delightful over waited salutations to your esteemed unctuousness etc. “
I'm curious about these things, in the same way I'm curious about seeing Lions in the zoo: fine if there are iron bars between me and the Lions (or something equally effective) to stop any significant chance of actual contact! If I have a suspicious email, one of the signs is: there is a link which you are urged to click on. Never do. You may not know that: if you hover the mouse over any link, you will find the actual address that you are over on the boarder panel at the bottom left of your browser. I occasionally do this and depending on the inventiveness of the spammer, they can be astoundingly similar to a proper bank address (but actually a completely different location) or just daft.
Surprise! This email the link not only was the same, it was from Google as well who provide our email – ah! But the site /domain is Google groups and this can be anybody. More over the package to be downloaded was a zip file and not an html link or txt file. Never download a zip in an email. Attached zip files are usually stripped from emails by anti-virus software for good reason.
On other thing you may not know about Google mail is that if you click on the drop down button top right of the email, you can see the actual contents of the email.
Clues here include the mismatch of the “Delivered- To” and “To” addresses and also the mismatch of the “Return-path” and “From”.
Added value applications ltd (aka Ava) will never send you an email with a zip. Unfortunately if we send you multiple documents, they may be converted to a zip file by Google mail. However they will all be listed separately.
Be alert – don’t click.
This sort of attack is sometimes called phishing. What is phishing?
PS Our Temp agency and staff bank software is really good.
