Spam Damaging Your Computer?

by on Jan 16, 2008 | 0 comments

There has been a lot of lore about a spam message giving your computer a virus and causing all kinds of problems. But, does it actually happen? If the email you received is in text format, the answer is most definitely no. A text message cannot harm your system in any way, so while it may be annoying, you do not have to worry about it. However, if you receive an HTML message (and most spammers do use HTML), there is a possibility that there is some harmful code in that email. Many HTML-capable email programs do run code inside of an email without your warning. A spammer could use this code to launch pop-ups, cover their own tracks, or more dangerous activities. Properly coded, and if you don’t have adequate protection, a spammer could implant a virus on your machine which then sets you up as a zombie (see above). A virus could also potentially install a keystroke macro, meaning anytime you press certain key combinations, you will get some ad or other thing.

Another potentially dangerous practice is phishing. This is not dangerous because it can install software to your computer. It is dangerous because, through social engineering, it could trick people into giving up sensitive information such as log-ins, social security numbers, bank account numbers, etc. The way it works is that the phisher will create an email which is designed to look like a well-known website. Ebay and Paypal are common targets. The email that is sent is designed to look like it came directly from eBay or Paypal (for example). They usually say something like they need to confirm your information because of a server problem or some routine maintenance. In short, they say there is some problem with your account and they need info from you. If you lick the link and go to their website, it is a look-alike copy of the original website. However, if you filled in the form, your info would NOT be going to the company allegedly sending the email. It goes right to the phisher’s database who may then turn around and sell it to criminals. After all, the phisher is a criminal.

How can you identify a phishing email? Its not difficult.

[hidepost=1]

  1. If the email contains a form to fill out, do NOT fill it out. Forms in email are about the most insecure and dangerous thing you could fill out.
  2. If they send the form as an HTML file which is attached to the email, do not fill it out.
  3. If the email looks like it came from eBay or Paypal, view source on the message and see if the images or the form lead indeed to the correct website. Many times, the URLs will have the target website’s name within the URL, but the actual domain which you would go to is not proper. You may also find that the form is submitted to an IP address.
  4. Phishers aren’t always the brightest bulbs in the box. Even though they try to make the email look like it’s official, many times its very obvious to be a fake. Sometimes they send the email with broken images. Sometimes the text will all be in default Times New Roman. They’re just very bad renditions of an email and you know the real company would not send that.
  5. Do not be fooled by the return address. Many times the email you see as the return address will be a valid email address of the target company. However, as discussed above, it is all too easy to manipulate an email’s headers.
  6. If you do happen to click the link to the website, look at the URL in your browser’s location bar. Ensure it is the site you intend and is a secure form.
  7. Many times the address in a phishing email will be an address which is other than port 80. Port 80 is the standard data port for a web server. If the domain is going in on another port, suspect it. They may be doing that in order to avoid search engine detection.
  8. This one is point blank: no bank, Ebay or Paypal or any similar site will ever send you an email with a form in it or ask you to send your login information. If you get such an email, it is NOT from them. If you are unsure, simply log in to your account on that site (not from the phishing email…the real thing) and check your account.

So, is SPAM dangerous? Without proper software settings in your email client, it can be. Without virus software on your computer, it can be. And with a moment of stupidity on your part, it can be. Social engineering is an art, and even the best can fall prey to it at times. It is very simple to avoid the dangers of Spam. I’ve addressed some of the ways to avoid the social engineering above. I will address other ways below.

[/hidepost]

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: