spam NOT from me
Fri Aug 15 13:38:10 EDT 2014
anniemal got some email that claimed to be from me. A spelling error in the subject line made her suspicious, but she thought that might be a consequence of the horrendous cold I've had this week. But like many email readers, Comcast's webmail shows just the sender's name and not the address. The name was mine, but sender's address was not, and the spammer didn't even attempt to forge the address. There's no need to make that effort, given that most recipients won't see the address.From: "[My Name]"
To: [anniemal]@comcast.net
Sent: Wednesday, August 13, 2014 1:40:39 PM
Subject: excellent artcile [sic]
hi, good artcile [sic] http://asienreise.netzfunker.de/oi/
As for the link, I don't encourage following it - it loads a blank page, with NoScript on Firefox blocking whatever the site might be trying to do. Given that the email is suspicious, I'm not about to let the equally-suspicious site run Javascript.
I saw this email because Annie had brought me her computer to investigate another problem. I knew I hadn't sent the email, and it took some hunting to find out how to view the message source file. (Annie's preferences differ from mine, and it's like we have different webmail on the same ISP.) I wanted to see the string of Received-From: headers, and they revealed the deceit - but so did the simple From: line, once it was visible in its entirety. There was nothing clever or sophisticated about this spam/phish. It points out how easy it is to deceive the average person using the average email client. This is unacceptable. This is one reason spam and phishing are so rampant. It is too easy to phool people. You don't need special skills to hide the tip-offs when the recipients' email clients are doing that for you. How can we teach people what to look for when their clients don't let them see it?
If you hover the mouse over the sender's name, Comcast's webmail will show you the address, and even indicate that the sender is not in your addressbook (i.e. is not someone you know). But that takes extra time. What's the downside to displaying the address with the message? This is very basic info. Even on the summary view, where space is limited, the senders' names could be in different colors based on whether the addresses are known to you. (Even better would be showing the senders' origin domains in the Received-From: headers. Even if the spammer forged the sender's address, (s)he can't completely forge the email's delivery route.)
I will continue to read my email with Alpine ("http://www.washington.edu/alpine/"), which shows me the sender's name AND address, doesn't have the flashy graphics that make phishing look convincing, and toggles the source view with a keypress.
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/688060.html on Dreamwidth (where there are
comments).]
anniemal got some email that claimed to be from me. A spelling error in the subject line made her suspicious, but she thought that might be a consequence of the horrendous cold I've had this week. But like many email readers, Comcast's webmail shows just the sender's name and not the address. The name was mine, but sender's address was not, and the spammer didn't even attempt to forge the address. There's no need to make that effort, given that most recipients won't see the address.From: "[My Name]"
To: [anniemal]@comcast.net
Sent: Wednesday, August 13, 2014 1:40:39 PM
Subject: excellent artcile [sic]
hi, good artcile [sic] http://asienreise.netzfunker.de/oi/
As for the link, I don't encourage following it - it loads a blank page, with NoScript on Firefox blocking whatever the site might be trying to do. Given that the email is suspicious, I'm not about to let the equally-suspicious site run Javascript.
I saw this email because Annie had brought me her computer to investigate another problem. I knew I hadn't sent the email, and it took some hunting to find out how to view the message source file. (Annie's preferences differ from mine, and it's like we have different webmail on the same ISP.) I wanted to see the string of Received-From: headers, and they revealed the deceit - but so did the simple From: line, once it was visible in its entirety. There was nothing clever or sophisticated about this spam/phish. It points out how easy it is to deceive the average person using the average email client. This is unacceptable. This is one reason spam and phishing are so rampant. It is too easy to phool people. You don't need special skills to hide the tip-offs when the recipients' email clients are doing that for you. How can we teach people what to look for when their clients don't let them see it?
If you hover the mouse over the sender's name, Comcast's webmail will show you the address, and even indicate that the sender is not in your addressbook (i.e. is not someone you know). But that takes extra time. What's the downside to displaying the address with the message? This is very basic info. Even on the summary view, where space is limited, the senders' names could be in different colors based on whether the addresses are known to you. (Even better would be showing the senders' origin domains in the Received-From: headers. Even if the spammer forged the sender's address, (s)he can't completely forge the email's delivery route.)
I will continue to read my email with Alpine ("http://www.washington.edu/alpine/"), which shows me the sender's name AND address, doesn't have the flashy graphics that make phishing look convincing, and toggles the source view with a keypress.
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/688060.html on Dreamwidth (where there are
comments).]