What’s Wrong With This Picture?

We've all seen, heard about and scoffed at the "suckers" who've been duped by email scams.  I've always wondered, "What were they THINKING?!" Didn't they see the warning signs?!"  Well, maybe they didn't see them.  Maybe they didn't know what to look for.  Today's post is focused on what to look for in avoiding email scams that could open up your network to malware, badware and other nefarious things.

Below is an email message that's fresh out of today's inbox.  Take a moment to look through it and make note of anything that throws up a red flag for you.  At the bottom of the email, I've summarized my own red flags.

From: "Becky Andrade" <juan.e.castro@betterlookingrecords.com>
Sent: Tuesday, November 08, 2011 6:52 PM
To: accounting@virtualdensity.com
Subject: Acquire new EIN

To the ATTENTION of: Accounting Department

Dear Sirs,

herewith we are informing you that you are required to get a
new EIN for security reasons related to the risk of fraud. We
are sorry for causing you any possible troubles by this measure.
Please use the link below for detailed instruction:


Yours sincerely,

Becky Andrade
Office of Professional Responsibility
Internal Revenue Service

Setting aside the irony of a the writer's claim that they're worried that you're at risk for fraud, there are some simple things to look for and to do that can help you avoid becoming "one of *those* people".

juan.e.castro@betterlookingrecords.com Look at the email address of the sender.  In this case, it doesn't match up to anything else in the email.  The link in the body of the email doesn't match the sender's domain and the email is allegedly from the Internal Revenue Service!  Why would an email from the IRS come from anyone at betterlookingrecords.com?  And, Juan E Castro (if that is his real name) doesn't match the name at the bottom of the email either.

"To the ATTENTION of: Accounting Department" Who does that?  Who writes in all caps in the middle of a sentence in a business letter?  No one with any legitimate business, that's who!

"Dear Sirs" Sexism aside, that salutation alone indicates the sender doesn't know who the email is supposed to go to.

"herewith we are informing you" The use of the word "herewith", especially without a leading capital letter, always triggers a knee-jerk response from me.  No one in America uses that word in casual correspondence and probably only lawyers use it in business correspondence.  Continue reading the email.  The language in the body of the email is stilted and doesn't sound like the writer understands the language.  While I'm not suggesting that all emails from everyone are letter perfect, don't you think that a legitimate email from the IRS would at least be written by some who speaks something resembling correct English?

http://www.derniervirage.com/edmb6se/index.html  If the email is "signed" by the Internal Revenue Service then wouldn't you expect to find a link to a site within the IRS's domain? Like say: http://www.clickhere.irs.gov
DON'T CLICK ON ANY LINK if you're not sure of it's origin!

Office of Professional Responsibility, Internal Revenue Service  I'm not claiming that there's no Office of Professional Responsibility within the Internal Revenue Service; it sounds like a likely department for a government agency, actually.

However, the IRS isn't going to send you an email as a first point of contact on any matter, ever. They're going to send a letter, maybe a even registered one, or show up in person or maybe send a sheriff or other law enforcement agent.  They are not going to send you an email directing an unnamed, vague recipient to do anything.  And they will always date their correspondence and set up a realistic timeline for response or reply. The message above is not dated and makes no mention of a time by which the recipient must reply.  You can find the IRS's official page on keeping your personal information safe here. (You can click on this one. It's legit, I promise.)

The sample message I used above clearly an attempt to get you to click on a link and open the door to who knows what! Messages like this one go out every day. Why? Because they work. Even as a low percentage game, there will always be naive users who click a link out of curiosity... the same kind of curiosity that killed the cat.

While no one can know everything there is to know about Internet scams and how to avoid them, it's important that you resist being curious and take a moment to read questionable messages so you can learn to spot threats before they become problems. Much of the expensive repair work IT service techs perform is the result of badware or viruses that were contracted because a user was convinced to click a link in an email message that they shouldn't have. So check it before you regret it. Better to delete something out of doubt than to be harmed by an act of negligence.

If you receive alot of these kind of messages and want help reducing or eliminating this kind of spam, give us a call. We're experts at filtering suspect messages. But we can't help until you ask.

Call us for help - 203-648-9906 option 2

-Jenn 11/9/2011

Leave a comment!

You must be logged in to post a comment.