From the Actrix Online Informer June 2009

by Rob Zorn

The dodgy emails of May (or here we go gathering nuts...)

There's been quite a rash of dodgy emails received by Actrix customers this month. One was a definite phishing attempt designed to get customers' passwords and personal details, and a few were just silly annoyances. I am not sure why May was the 2009 month for questionable emails, but it was.

Give us your details or you'll lose it all

The first started showing up around or shortly after 20 May and purported to come from the ACTRIX WEB MAIL TEAM. Now we don't actually have a dedicated Actrix web mail team, but our customers may have missed that first vital clue that this is a dodgy email. The message goes on to announce that "we" are upgrading our web mail service and that it will be shut down for 12 hours on 31 May for scheduled maintenance.

Okay, that sounds a little bit plausible, but then it goes on to say "we" will be deleting all web mail accounts to make room for new accounts, and implies that if you want to save your web mail email account, you need to reply to the email with your personal details, including your email address (from which they'll get your user name) and your password.

First of all this would be quite a stupid (and legally fraught) way to do business (announcing to customers you're going to delete their email unless they ask you not to). Secondly, we would never ask you to put your personal details and passwords in an email. Emails are as open as postcards when they travel across the Internet so they should never contain sensitive information. Secondly, all reputable companies make it a policy never to ask you for your password in email. That should be a red flag, whether an email appears to come from us, from your bank, from Trade Me or whatever.

You can be fairly sure that other ISPs have been hit with a similar scam. We have already set filters in place to catch this one, but if they change tactics and more get through, please delete the email. If you're the good-natured and trusting sort and have already replied with your personal details, please log in and change them as quickly as possible. Call our help desk on 0800 228749 if you need help doing that or further advice.

AAAAAA way to protect your friends

A customer contacted me recently about another email she'd received. This one said that a sure-fire way to protect your friends from a virus infection spreading to them from your computer is to add a new contact to your address book simply called 'A'.  with aaaaaaa@aaaaa as the listed email address. Then when a worm infects your machine and tries to use your address book to spread itself, you'll immediately know because you receive a bounce from the non-existent aaaaaaa@aaaaa email address. This will alert you and you can take steps to rid yourself of the virus/worm.

This email has been around for a while. Though following this advice probably won't do any harm, it's basically rubbish and won’t work.  It assumes viruses behave like humans and work systematically through address books. In fact they rarely behave that way, and most have their own mechanisms to find email addresses to send themselves on to.

Here's a page on the Urban Myths website that explains a little more about it. In fact, if you ever receive this sort of 'helpful advice' and want to know whether it's true, Urban myths (Snopes) is a great website you can use to check.

How to make you act like a virus

The next dodgy email a customer asked me about this month was a warning about a hacker named Simon Ashton who will try and contact you by email. This guy seems like quite the scary genius, because if you add him to your address book he will then be able to figure out your computer ID and hack into your system, and all of your friends' systems. This is unmitigated nonsense and doesn't make any sense at all, but it is designed to make you feel uneasy. To further your unease, it claims that this terrible news has just been announced by both Microsoft and Norton.

The fun really starts with this email when it  encourages you to send the warning on to all the people in your address book and encourage them to send it on as well. A lot of people do send these emails on because they're not sure whether it's possible for someone to get access to your PC just because they're in your address book (it isn't) and they think it is better to be safe than sorry. Fair enough, but the irony is that in doing so, you have unwittingly acted like a virus yourself, sending the email out to everyone and trying to get them to send it on. That's the joke. Unfortunately, most people find emails like this really annoying. That's not a joke, especially if your name is legitimately Simon Ashton.

Microsoft wants to give you money

The next email I was asked about is one for the Tui billboards. Guess what, your email address has been drawn at random by Microsoft and AOL and they want to give you £500,000 which will somehow help ensure Internet Explorer remains the most widely used browser. To claim your prize, however, you need to email them back a whole lot of personal information about yourself. They don't ask for your user name, password or bank account number, but no doubt – if you're trusting enough to send them your name, address, phone number and a few other details – they'll be back in contact to ask more about you.

Who knows what their eventual plans are for all your personal information? It could be to lure you into handing over more, or it could be about eventual identity theft. The important thing is not to find out more by not replying. By all accounts Bill Gates seems to be a nice enough guy, but he's not going to give you ridiculous amounts of money for no good reason.

Spotting the scams

This month I also received offers from Russian women wanting to marry me (join the queue ladies and have your bank statements ready) and the usual emails about how I'm probably related to someone who has just died without an apparent heir, but customers haven't contacted me about these so I assume we're all 'onto' them.

Most of these types of emails are easy to spot if you know what to look for. An authentic email from Microsoft wouldn't have a copyright notice from 2006 in its footer. A warning about a terrible hacker or virus would know that Norton isn't a company. The company is Symantec and their product is called Norton. Valid emails from reputable companies aren't full of bad grammar and woeful sentence structure.

Those wanting to read more could try our series of recent articles on Internet-based scams.


Copyright © 2009 Actrix Networks Limited | Contact: