So, one of your closest friends just emailed, warning you that someone’s posting very, very bad things about you online. Whatever you do, though, don’t click that all-too-tempting link in the body of the message.
Why not, you ask? Because your pal probably didn’t send that email.
Chances are that your friend’s email account was hijacked by a hacker who’s now spamming everyone in your friend’s address book, hoping to fool at least some of them—maybe even you—into clicking a link that leads to one of the shadier corners of the web.
How can you tell the fake emails from the real ones? Well, that can be a bit tricky.
An especially enterprising hacker may go to great lengths to impersonate one of your friends or co-workers, all in the hopes that he’ll trick you into giving up a credit card number or a password.
Far more common, though, are the somewhat crude, easy-to-spot messages sent to a wide swath of people, typically with a clumsy (or non-existent) subject line and a single, arcane-looking link.
Let’s tick off six warning signs that the email you just got is from a friend’s hacked email account, starting with:
1. There’s nothing in the message except an odd-looking link
It’s mysterious and tempting, no doubt—and it’s also a favorite tactic of hackers trying to fool the most people with the least amount of effort. Do yourself a favor and steer clear.
2. There’s a string of random email addresses in the “To:” field
Puzzled that your friend sent a sketchy email message to you and six other people you don’t recognize?
Well, hackers usually divvy up the email addresses in their victims’ address books and send their spam messages to small chunks of them at a time—often in alphabetical order.
3. Your friend is suddenly pitching weight-loss pills or “enhancement” remedies
Did your buddy just send an email suggesting you slim down, find an exciting new career, discover the secret of personal enlightenment, or boost the size of your … ah, “organ,” shall we say?
Nope, your friend isn’t trying to drop a hint. Instead, you’re looking at some of the crudest, yet most effective spam pitches of all time. Toss these messages in your “Junk” folder, pronto.
4. Your friend warns that someone’s posting funny—or mean—things about you online
“Hello this user is posting very bad things about you,” writes your friend. Or another variant: “Someone just posted a funny picture of you.”
You know you want to click, right? (Full disclosure: I’ve almost fallen victim to this ploy myself.)
Well, don’t—that is, unless you want to end up on a porn site, an online pharmaceutical store, or worse.
5. Your friend needs you to wire money, ASAP
Troubling news: a neighborhood friend who’s travelling in Rome (hmm, she went on vacation without telling you?) had her purse—along with her ID, passport, credit cards, and traveler’s checks—stolen, and now she’s frantically emailing you for help. Could you do her a huge favor and wire her some cash?
Well, here’s the scoop: your friend probably isn’t on vacation, nor did anyone boost her purse. That said, someone likely has taken control of her email account in the hopes of tricking you out of a few hundred dollars.
6. A colleague needs your social security number, password, or credit card number
Bob from the office just emailed, and he’s got more details on the BlueStar account that you’ve both been slaving over. He also has an odd request: he needs your social security number, your date of birth, and at least one credit card number for a web form. Could you send ’em right over?
Beware. Even though “Bob” seems to know specifics about the office, it’s possible you’re the target of a so-called “spear-phisher”—a hacker who’s managed to scrounge up some “inside” personal or professional information about you, and who’s using said info to impersonate someone you know.
Spear-phishing is a clever, tough-to-spot tactic that’s netted some high-profile victims, and there’s no sure-fire way to protect yourself.
But if a co-worder suddenly requests a key password or your Visa card number over email, think twice (or better yet, give her a call) before clicking “send.”
- Getting suspicious email messages from a friend? Make sure to contact him or her immediately and let ’em know.
- You may see some of these same tactics used on Facebook, Twitter, and other social networking sites, so careful with spammy-looking direct messages and wall posts.