This morning I happened to get a Phishing message from the contact form on this website. It was carefully crafted and was devised to obtain routing and bank information to most certainly relieve us of any and all funds in the account. When I went to investigate the site, I quickly learned that it had already been removed from the dns records of the hosting provider – precisely what I had intended to inform them of. Someone had already reacted to this would be phisher and stopped them in their tracks. This is always nice to see because often times when we do something as a responsible netizen administrators of websites and hosting companies lack the resources to respond and address the threats.
A particularly despicable scam is circulating this week. It involves a Spam email that contains a “death threat” the sender claims to be a hit man hired to kill you. In typical fashion the grammar and spelling are poor. This could indicate the authors are not skilled in the English language though it could also be an attempt to protect the guilty and obscure the trail of the actual perpetrator(s). If you happen to receive this Spam don’t worry, just delete the message. They are using this method to validate targets for future scams and Spam. If you do respond you will become a validated target. You can also contact the IC3 in the United States at www.ic3.gov to file a formal complaint. The entire text of the Spam is as follows (compliments of Swa Frantzen @ ISC):
“Hello, I wish to let you know that i have been paid by a client to assasinate you at convenience,and i have signed a contract of $650,000 yesterday for this.I have never met you before,but they gave me the full description of your identity and contact,together with your photograph which my boys have used to trace you.
The reason why they want you Dead is not disclosed to me as i was not allowed to know,but you are now not better that the dead ok.
My BOYS are now contantly watching you,they are following you-home,office,everywhere…..,you go and they are waiting for my instruction to terminate you.And they will strike at convenience.
THIS IS MY MESSAGE-
LISTEN VERY WELL !!!!,the Police cannot do much to help you out in this right now because you are being watched,any such attempt is very risky cause you will push us to terminate your life without option. Your calls are not safe also.In fact you are traced. I have no business with you but at least i have cleared the way as a pro-,but you may have one chance to live again if you can contact me not latter that 24 hours after this mssage.
Simplicity and convenience have made Email the primary communication tool for many businesses. According to studies performed in recent years poorly worded emails could generate negative feelings by co-workers, customers or even your boss. Poorly organized Email communications can also cause delays or even hurt business relationships. Respondents in some of these studies acknowledged that confrontations with co-workers had taken place due to Email misunderstandings. To fully take advantage of Email in a business environment we suggest the following:
1. Organize Your Message
Not all email recipients have large desktop resolutions to view poorly organized emails. Organize your message by separating paragraphs and when applicable use bullet points or numbering to organize the main issues logically. This will help keep your readers from being discouraged by your message.
2. Get to the Point
It is a lot easier to misunderstand intentions in a written message. Face to face or phone based communications have many factors that influence how a message is perceived such as body language or tone. Written messages should be clear and direct. Be sure to proof read messages you author and re-read messages received to make sure you’re not misinterpreting the words.
3. Stick to One Subject
By lumping more than one issue in a message it makes it more difficult for the recipient to respond in an orderly fashion. By staying to one subject you make it easier for the respondent to communicate back effectively. Send multiple messages as necessary.
4. Meaningful Subjects
By utilizing subjects that summarize the focus of the message all parties in an Email correspondence will be able to more effectively identify and organize their messages. For example when responding to a faxed Request for Quote numbered RFQ1234 instead of saying “Proposal” try being specific “Proposal for new Gizmo RFQ#1234 6/20/2005” using customer identity #’s whenever provided. Don’t hesitate to modify the subject if multiple responses lead to a change of the subject matter discussed in the message. By making it easier for your recipient you are more likely to get a favorable or prompt response.
5. Response Options
When responding to a message there are several methods to keep the message flowing logically. Sometimes “threading” or responding to specific points in line such as bullet points is highly effective. If for example you are given 8 numbered or bulleted questions about products your company offers, responding to each point in your reply underneath the original bullet or numbered question will likely be easier to understand by the reader. When appropriate you can also remove some or all of the text of the original message.
6. Carbon Copy Field
Only include recipients in the CC field that need to know about the topic. When an email with multiple recipients becomes a two way conversation do not cc all the original recipients. Use the TO field for recipients that may respond and use CC for people who are not active participants in the message.
Avoid use of slang, abbreviations and smileys 🙂 or other emoticons.
Only tag truly urgent messages as high priority. Your respondents will be much more likely to treat your truly critical and appropriately tagged messages with much more urgency this way.
9. Slow Down to Speed Up
Take extra time reading, proofing and re-reading messages. The time saved from misunderstandings or confusion will be well worth the extra minutes spent on prevention.
10. Choose the Appropriate Medium
We have numerous electronic ways to communicate with one another but sometimes a phone call or a face to face meeting is more appropriate. Consider all mediums before deciding which is most effective for the issue at hand.
There has recently been a rise in the frequency and quality of many internet scams, including “phishing” scams. Phishing scams typically involve “casting out” a mass email spam that appears to be reputable companies requesting information from their clients. The idea being that a few people will fall for the scam, allowing the scammers to use the identity of the individuals who “took the bait” to obtain resources illegally using the victims credit card numbers, bank accounts, etc. There are a tremendous amount of articles on the web about these scams, and plenty of resources to help with the specific issues, the focus of this article is not to address the specific scams but instead to talk about email security issues and common misconceptions. A list of resources will be provided at the end of the article for interested parties who desire more information.
One of the most common misconceptions in the world of email, is that email is a secure means of communication. In most cases this is not true. The typical email setup affords a user very little privacy or security. A good rule of thumb is, don’t type or send anything via email that you wouldn’t want made public, because it could quite easily end up just that. To address this problem, there are alternative ways to transmit your message text and attachments securely. These technologies involve encrypting the contents of the message and any attachments and only allowing the message to be decrypted by the legitimate recipient. Businesses may also opt to utilize systems that allow for the sharing of files in a repository that includes authentication and encrypts all the data using secure protocols. These systems are ideal solutions for companies that have users and clients in multiple locations. A real world example of a system like this is one where clients upload their confidential files using a login and password provided by the vendor to the repository. Then the vendor receives an alert with a link to the file that they can then download via a secure connection from that repository. The data in turn never travels on the unsecured network without being encrypted, protecting its contents from potential snoops that may be operating in its path.
In closing, if we as businesses and individuals educate ourselves and take precautions to secure our private information. We will keep our data private, and discourage all the would be snoops from using the data against us or for their own gain.
Internet Fraud Watch – Information Center
US Secret Service – Financial Crimes Division
Social Security Online – Identity Theft And Your Social Security Number
Reducing the Risk of Identity Theft