Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« How Low Will They Go? This Low! | Main | Buzzword Phishing for Email Credentials »

November 06, 2014

Jeez It's Dangerous in Your Inbox

I have long advocated being suspicious of every email message arriving in your inbox until you can absolutely confirm a legitimate-looking message is, in fact, legit. Almost everything in an email message, including all but one component of the usually hidden header information, can be forged. With a well-crafted message, it can be hard to tell a real message from one that can lead to serious trouble.

Imagine you have a friend named Joe Blow. You and Joe have been business friends for well over 25 years, and you have exchanged sporadic emails through the years. You trust Joe as a truly honest person. Then one day, the following message shows up on your smartphone while you are out and about:

From: Joe Blow
Subject: Joe Blow


News: http://bbhealth.[removed]365online.com/marriage/told.php

Joe Blow
Sent from my iPhone

Ever since you've known him, Joe has been a smart guy who would only send you an email about something important. From the URL in the message, is he making some kind of wedding announcement for himself or one of his kids? Is the linked article something important enough for Joe to alert you about from his own iPhone?

Unfortunately, it requires a bit of digging to get to the bottom of this message, made all the more difficult if you receive this on a smartphone. By tapping on the sender's name, you might be able to drill down into the sender's email address to see that it's a name different than Joe's and from a domain you don't recognize. The other details are buried in the message's header, which is rarely accessible in smartphone email clients. There you'd discover the message originated in a country where Joe doesn't live or work.

Unfortunately, when you are tapping your way through reams of email on your smartphone, you don't take the time to scrutinize messages for their legitimacy. And that can get you into all kinds of trouble. The full link in the message "from Joe" leads to a page in China that redirects to yet another domain. At that point, any kind of malware—including a zero-day infection for which there is no protection—could be on its way to your computer or device.

And how did the Bad Guy get Joe's name to paste into the From: field in the first place? Joe's computers can be as clean as a fresh snowfall, but all it takes is an email message he sent (even years ago) to someone whose computer is now infected with malware. Such malware will search the hard disk for email addresses and names associated therewith. If you are on the Internet and communicate with other people in any way, your name and email address are exposed and will likely show up in the From: field of spam or malware delivery messages at one time or another (and it's certainly how your address found its way into the To: field of the ones you receive). By mere chance, such messages will end up in the inboxes of people you know, and they'll think you're sending them an important email alert, so they'll click on the link.

It's the Circle of Death.

Did I get tricked by this message, which initially came into my iPhone's inbox from a long-time colleague? Fortunately not. I must say that the overall look of the message body, especially the "Sent from my iPhone" tagline, was tempting. Yet some things just didn't feel right about the message, such as the lack of context and strange URL domain. As a rule, I avoid clicking on links to domains I don't recognize (and I tap-and-hold on my smartphone to inspect the actual link URL). Any message that asks for you to act by clicking/tapping should be suspect. In this case, I didn't click right away, and waited until I could check out the message on a computer where I could more easily inspect the header and check out the various domains. That's when the message's legitimacy fell apart.

If you're not completely paranoid about your inbox, you are potentially doomed.

Posted on November 06, 2014 at 11:25 AM