Thanks to improved spam filtering it isn’t often that a really blatant scam makes it into my inbox any more, but this scam slipped past the filters so it’s worthwhile to take a moment to hone your spam spotting skills.
Test Your Skills
You should be able to find at least six red flags that tell you this e-mail is fraudulent. Scroll down to the 2nd picture below to see the answers, but first try to find the risks yourself. If you find five, you’re a pro with little to worry about. If you find fewer than four, consider practicing on more of our spam scam examples.
Here are the red flags that identify this message as a scam:
- If you aren’t actively working with the United Nations, they aren’t going to email you – and they wouldn’t do so from a gmail account they have their own email address.
- When the subject line doesn’t include a space between good and news, capitalizes words that shouldn’t be capitalized and is generally illiterate, it’s a scam.
- When the reply-to line isn’t a legitimate UN email address it’s a scam. Surely even stupid scammers could have come up with something better than firstname.lastname@example.org.
- The email isn’t addressed to you. Unless you imagine this email is being sent to bring glad tidings of great joy to the entire email account holding world, then you should expect to see your name on the To: line.
- There is nothing in the email except an alternate grammatically flawed version of the subject line.
- The attachment is the scammer’s payload, everyone who gets fooled into opening it will have malicious software downloaded onto their computer.
Scams may look cheesy or extremely sophisticated. They may come in email, via a social network, or through your phone. They may appear to come from a friend, from a company, or an organization like the United Nations.
This scam was so flagrant that no one should fall for it – unfortunately some people will – but what if it had been sophisticated? What if the ‘from’ and ‘reply-to’ email addresses looked legitimate? What if the subject line was grammatically correct and compelling? And they knew your email alias? And the body of the email had pretty convincing text? Would you then open the attachment?
The ONLY way to know if a message is legitimate is to go to the source independently – in this case the UN’s website – and look for this information independently.
It takes just a moment to validate something; it can take a very, very long time to clean up the mess if you open an attachment or click on a link, or provide your information and get scammed.
To learn more about the increasing sophistication and risks in scams, see my blog Symantec Delivers Threat Report and Excellent Tools that Explain Risks to Consumers.