We’re seeing a significant increase in the number of ‘phishing’ and malware email messages.
Most of these are being stopped by Postini’s spam/virus filters, but some are getting through, and some are getting past our own spam/virus filters that we use to supplement Postini.
These messages are well crafted and look like legitimate email from an entity that you might be doing business with (AT&T, USPS, an airline, FedEx, UPS, your bank). They tell you that a check has bounced or that you’re being billed for some outrageous amount, or something similar – the idea is to get you to click on the links in the messages. If you do that, you’ll go to the bad guys’ web sites, where you’ll either be exposed to malware or there will be a login page that’s designed to trick you into entering login information that you use with your bank, airline, etc.
These messages appear to come from legitimate email addresses (which are forged) and have subject lines like:
US Airways online check-in. Please confirm your US Airways online registration. Fwd: Wire Transfer Confirmation (FED 5405TG032) Your USPS postage labels charge. USPS postage labels receipt. USPS postage labels invoice. USPS: DELIVER CONFIRMATION - FAILED 636382 Your USPS shipment postage labels receipt. Your USPS delivery. Confirmation of email address change. Your AT&T wireless bill is ready to view
Before you click on any links in email that you receive, hover your mouse pointer over the link and check to see where the link really points – most browsers will show this at the bottom of the page. If they point to something that looks bogus, don’t click.
Forward messages like this to firstname.lastname@example.org – this will help Postini recognize the tricks that these bad guys are using to get past their filters. Once you’ve done that, delete them.