This article is based on information from Leo Notenboom, a noted expert on end user experience with applications and especially how to protect yourself. Source is https://askleo.com
Email spoofing is rampant. Spammers often send email that looks like it came from you, and there's little that you can do about it.
People are reporting that PCS has sent them email and we know we have not. It is spam and it is not something that anyone at PCS has done and our systems are not compromised.
Spammers forget the "From:" address for the email they send. This technique is referred to as "from spoofing".
Spammers use any email address they can find. That could include other email addresses they're sending to, email addresses fed to them by a botnet, email addresses harvested online, or perhaps even the addresses in the address books of infected machines. For instance, your email address can end up in the address books of people you don't know. Some email programs automatically collect email addresses included on messages received, or possibly from forwarded email.
If they can, spammers try to make it look like the email comes from someone you know, often by discovering who your friends are on social media and other sites.
They use all this information to create and send email messages with your name and email address in the "From:" line - email you never sent.
THERE'S NOTHING YOU OR WE CAN DO TO STOP SPAM
If someone accuses you of sending spam, and you are positive you did not do so, you have very little recourse other than to try to educate them about how viruses work.
Point them at this article if you like. But be clear: your machine is not necessarily infected with malware, nor is your account necessarily compromised. It's some third party - the spammer - making all this happen. (Identifying that third party is difficult, which is why spammers use this technique.)
In other words, there's nothing you can do.
HOWEVER, THERE ARE THINGS WE CAN DO TO AVOID BECOMING A VICTIM
Is that email really from who you think it is?
Phishing is email that looks like it came from a legitimate source, like eBay, PayPal, your bank, or your Software company or email provider. It asks you to visit a site to confirm or update some information. When you get to that site, which again looks legitimate, you're asked to log in with your account name and password, after which you might also be asked to "confirm" additional private information by providing things like your credit card number.
The problem, of course, is that the site isn't legitimate, and you've just given your login or personal information to a scammer, who probably uses or sells it within minutes.
Phishing and advance-fee scams are two of the most prevalent traps we fall prey to. Some scams are very well-crafted. Some aren't, but people fall for those too. It doesn't take much success for a phishing campaign to be worth continuing.
The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, Microsoft, PayPal, or perhaps a bank. The key is that the email asks you to visit some site via a link provided in the email. The site that you land on looks very official and proper. At that site, you're then prompted to enter all your personal information, typically in the guise of "verification".
The problem is that you've just handed over all your personal information to a thief.
The trick used here is that a link can be made to look like one thing, and yet take you somewhere else entirely. For example:
That looks like a link to ebay, right? It's not. Click on it and you'll be taken somewhere else entirely. It's possible due to the way that HTML and rich-text email can be encoded.
So, if you're tempted at all, hover your mouse over the link, and look before you click:
- The actual destination should match what you expect. Exactly. If the link claims to be eBay, http://ebay.hacker.com is not where you want to go. Nor is ebay.cc (note that it's not ".com"). That's a big red flag.
- The actual destination should be a name, not a number. If the destination of the link takes you to a link that has numbers, such as http://22.214.171.124, chances are it's not valid.
- The actual destination should be secure. That means it should begin with https:. If the target destination for anything that claims to be secure, or account validation related begins with the regular, unsecured http:, chances are it's not legitimate.
Avoiding this is simple. Never click on a link in the email you receive in these scenarios. Instead, open your browser and go to the site in question yourself using your own bookmarks or by typing the URL you already know to be correct.
The misleading attachment
Another common approach phishers use is to provide you with an attachment that, supposedly, contains important information for you to read or review. One common variant uses the promise of a package shipment via one of the popular shipping services that requires you to acknowledge the attached document.
The problem here is that the attached document isn't a document at all. It's typically a mis-named file that looks like a document but is actually a program (report.doc.exe), or the "document" is in a zip file that you must first open' and inside another program to be run.
That program? Malware.
There is no package. Whatever the email is trying to convince you of, it's lying. By opening that attachment, you've just allowed your machine to become infected.
Once again, avoiding this is simple: never open attachments that you aren't 100% certain are legitimate. When in doubt, don't.
Misleading threat of closure
A surprisingly successful phishing attack boils down to this: an email that threatens your online account with closure unless you respond with your account credentials.
Including your password.
This is the easiest of all to avoid. Legitimate businesses will never, ever ask you for your password via email.
Don't even think about it. Delete that email - better yet, mark it as spam - and move on.
For any of these scenarios, if the messages you get concern you, and you want to ensure you're not missing something important, that's also very easily dealt with.
Step one: ignore the email. Completely. Personally, I'd delete it right now.
Step two: go to the site in question manually. Use your own bookmark, or type what you know to be the correct URL into your browser by hand and log in to your account as you normally would. If there's something you need to do or verify, then you'll probably see it then.
If you're still not sure, then give the institution a call or contact their support line or search their support site. Trust me, they'd much rather have you ask than deal with the possibility of identity or account theft.
Any questions, please feel fee to contact the ITS team at PCS, email@example.com.