But did you know that spam emails constitute 65-76% of all emails sent within a year? Furthermore, some of these emails find their way into the Inbox folder of email accounts, victimising users.
There are many types of email spam, but two are seen as highly dangerous: Phishing and Backscatter.
What is a Phishing E-mail?
The purpose of a phishing email is to impersonate a highly recognised organisation that you are likely to be associated with. By using these forged emails accompanied by fake websites and documents, they aim to persuade you to submit your details with the incentive of security and verification. However, some take another form; where you are lured into sending your personal details to obtain something of value without the corporate forgery element. Instead, it may take the form of a person or a make-believe company.
These emails can alternatively morph into backscatter emails…
What is a Backscatter E-mail?
This is a much more thorough effort of forgery, where a user forges an email to be ‘bounced’ back (bounce message) to the impersonated user’s email account. To give you more of an understanding, I’ll briefly explain what a bounce message is.
Whenever you send a message to an email address only to find out the email account no longer exists or does not accept messages from your email domain (for some reason or other), you are sent back an “Unable to be delivered” message along with the message that was sent itself. This message is called a bounce message. So how do spammers use this to their advantage? The impersonator sets the ‘return to’ email for the bounce messages to another email address – this can be done through a virus itself to confuse the mail server. They then send their ‘email’ to a reel of email addresses and then lets the ‘magic’ happen. Interestingly, this can be done in bulk and is a simple way to send viruses, malware and worms via email and can also be used to ‘phish’ information. But, mail servers are getting better at identifying if an email address has been forged.
Weak Phishing E-mails
But enough with all the boring yet relatively interesting information. Although there is an astonishing amount of these types of emails sent a day, a lot of these spam messages fail to be strong enough to fulfil their purpose. So let’s take a look at a few examples of these received via a yahoo email account:
PayPal
Translation:
Dear Customer,
We’ve received a request to reset the password associated with your account from an unrecognised device.
Location: Germany (IP=217.610.92.24)
Note: The location is based on information from your Internet service or wireless provider
Was this you? If so, you can disregard the rest of this email.
If this wasn’t you, please follow our verification process to protect your account information from potential future account compromise:
What you can do to minimise fraudulent transactions?
- Download the attached document and open it in a secure browser .
- Follow the verification process to protect your account
Sincerely,
There has been quite a good use of professional vocabulary, and the email looks official enough (although, I have deliberately not opened the images on the page); but where the email fails is at the point of having a user download an HTM file as an attachment in order to verify the details of an account – under no circumstances would Paypal (or any other site for that matter) require you to verify using this method – and most individuals would expect a verification link to be present in the email itself. So, all I have to say is: if they can’t hack the site they are impersonating to create a page to feedback information to another destination and instead create an HTM file, they will have a very low success rate with whatever they are trying to do.
Barclays
Translation:
We are sorry to inform you that your online account has been temporarily limited.
A large number of failed login attempts have been recorded in your account as a security measure had to temporarily limit your account.
To restore your account we have attached a form to this email, please download and complete the form.
After completing the form, within 24 hours you will be called by one of our operators to confirm the data sent.
Warning: For security reasons we recommend you open the Internet Explorer browser.
If you choose to ignore our request you risk your account being suspended indefinitely.
We apologize for any inconvenience this may have caused.
Honestly, BARCLAYS Security Department.
We advise that you keep this email for future notifications. (E-mail ID: 3827552)
Note: If you have received this email in SPAM section please add to your address book secure@barclays.co.uk
© Copyright Barclays Bank PLC. 2023- All rights reserved
This is an example of using the backscatter method – possibly for harmful reasons or to steal information from a user once again. In this instance, the email has been written reasonably well, however, they’ve forgotten one major element to assist with readability: formatting. Bolding words such as “warning” and line breaking on appropriate sentences e.g. “Honestly, BARCLAYS Security Department.“ (Oh, and no one uses “Honestly” as a valediction!) could have improved the success rate of this email. They’ve also forgotten what most people do when their back accounts have possibly been compromised… they give the bank itself a phone call!
Yahoo
Translation:
We noticed your account is open in one other location with network IP address (200.1.2775) Click here to logout the account from your mailbox and block the IP, from login in again from the address.
Firstly, let’s pay attention to the instances of grammatical errors. Although there are only 2, in an email as short as the above, this is quite a generous volume. Now let’s look at the purpose of the email; the sender is attempting to persuade the recipient to click on the link within the email (with a good use of call-to-action anchoring). However, most email alerts would include an indication of “where” the login was made in addition to the IP address – but some individuals would ‘trip up’ on this and could have recently logged in at another location. But finally, the real fails are 1) an alert would be sent to one account rather than multiple, 2) If this email was from the mail server of the account, it would not find itself into the junk mail folder. There’s clearly no sound coming from this alert.
Mega Jackpot Lottery
Translation:
YOUR E-MAIL ADDRESS WON THE MEGAJACKPOT LOTTERY.
We wish to congratulate you over your email success in our computer balloting sweepstake held on 10th August 2023. This is a millennium scientific computer game in which email addresses were used. It is a promotional program aimed at encouraging internet users; therefore you do not need to buy ticket to enter for it.
Your email address attached to ticket star number *344401* Ref. N?: 5K4/WXV/141/09/12/TR, Batch. N?: EUST/0713/598/408/78 drew the Uk Mega Jackpot International Lottery lucky numbers 8-12-13-90-65 which consequently won the draw in the Second category. You have been approve for the star prize of £1,000,000,00 GBP (One Million British Pounds).
You are advised to keep this winning very confidential until you receive your winnings. This is a protective measure to avoid double claiming by people you may tell as we have had cases like this before, please send your Full Name, Home Address, Age and Mobile Tel Number for processing of your winning fund.
Once again congratulations.
Best regards,
Mrs Vivian Lugard
Mega Jackpot coordinator.
This example is quite similar to the ‘old’ annoying banners on websites which tell you “Your IP has won a huge amount of money – click here to claim”. Shall we begin the critique of this email?
The tone of the message is very similar to a person writing a letter, speaks English as a second language and is still in the stages of grasping it. Consequently, they are attempting to sound as professional as possible with a few slip-ups e.g. it is very possible that where the sender wrote the word “scientific”, s/he intended to say “specific”. But the main fails here are as follows. Firstly, the millennium happened 12/13 years ago, secondly, the sender contradicts the target locations of the competition by calling it the “Uk Mega Jackpot International Lottery” and finally, the capitalisation of the details to be send back is quite an obvious ‘copy and paste’ job. So err… nice “computer game” guys!
Hello From “Miss Confort”
Translation:
Hello
My name is Miss Confort Amaruda i was very happy when i saw your profile today during my research and it really attract me alot i believe you are the one i have been searching for to share my love and my good interest with. How is your health? i hope all is well with you. I believe we can move from here .by knowing each other too well. But you have to understand that distance, age and color dose not matter what matters is the true love and understanding, in my next email to you i shall include my photo. i will be waiting for your email reply for further introduction. Bye my love.
Miss Confort Amaruda.
Love at first sight! Well, not really.
This is an example of a message designed to break down the ‘stranger barrier’ in another attempt to obtain personal information from the account holder. This is much more of an emotional approach but is still quite impersonal and brief on the specifics. Take the first sentence for example – “she” mentions a profile that “she” saw of the account holder; was it a Facebook profile? Dating profile? Yahoo profile (although almost no one actively uses that feature on Yahoo!)? It may have been a more effective statement if the sender took a chance and “guessed” a type of profile the recipient owned and proceeded to mention that in the email. Furthermore, taking this message as a whole, this email is a bit too ‘forward’ for an introduction. By using phrases like ‘I believe you are the one’ and ‘bye my love’, the sender is literally “jumping” over the barrier rather than breaking it down – and no one likes to have strangers on their territory or past their personal perimeter. So Miss Confort, to be honest, I don’t think this is going to work out; it’s not me, it’s you….
Short and Simple
Translation:
I have a confidential business worth 24.5 Million US Dollars for you to handle for me. Kindly reply via leung.w70@gmail.com
“Forget beating around the bush – let’s get straight to the point.”
And just like the message, I’m going to keep this critique short and simple:
- No description of the ‘confidential’ business (and is more than likely to be illegal).
- ‘24.5 Million US Dollars’ with no catch? Hmmm…
- Why has the email arrived from one account; and the user is required to email to another account?
- If it’s just for one person to handle, then why has the email been sent to multiple accounts?
- No names mentioned or valediction.
Telex Copy
Translation:
Good day,
Your client has instructed us to make the following payment to your account. Please kindly check and confirm that the bank details are correct. The funds should be in your account within 3 working days. Also check it up from your bank and let us know by return email.
Thank you for the patience with us.
Regards
Account officer
This final example has to be the best attempt and at the same time, a pointless effort towards obtaining personal information.
I will not go too in depth, but for those who don’t know what Telex is – it is best described as a teleprinter system which is commonly used for billing. The days of Telex machines are numbered and they are only ever used internally within companies, or in places in Africa where this is seen as the most reliable network technology to use. Anyway, let’s look at the flaws of the message.
The first and most obvious is the mention of a ‘client’, but a lack of ‘name’ included. The likelihood that the recipient has emailed a client through a non-company domain email address is extremely low – unless they are going for the “minimalistic professionalism” approach. The second issue is the anonymity of this email. Once again, there is a lack of introduction by including a name in the message and furthermore, there is no indication of the organisation they may be from. At this point, the least the sender will have received is a reply consisting of drilling questions. And aside from the grammatical errors again, no one titles a PDF with a money figure – usually because it significantly reduces the probability of the recipient opening the PDF and taking it seriously. In conclusion, there will be no developments with this email.