So, here are some indications that the email, or text, that you have received may have some issues that you might be concerned about.
Actually, here's one to be concerned about, regardless of whether it's a text or a call. Supposedly I have received a call (which I didn't pick up) from 604-555-1212. If you watch a lot of TV or movies, you will recognize the 555 exchange. It is, in fact, a reserved exchange, regardless of the area code it is under. There are some numbers in it that are used purely by the telephone companies, for internal purposes. There are no legitimate numbers that will call you from the 555 exchange, and that is why TV and movie phone numbers always use that exchange: nobody does, and nobody will. (555-1212 was, at one time, and in some areas, used as a directory information number.)
This comes under the heading of, "if it seems to good to be true, it probably is." All (well, *almost* all) of these messages are offering you something for free. You have won a free prize, and all you have to do is confirm your account (which lets them steal your account) or pay the shipping fee, or the handling fee, or both fees, one after the other, and then possibly an additional fee after that ... Sometimes this is a version of advance fee fraud, and they will be after you for multiple fees. Sometimes they are after your account, and you may think that your account is of no value: after all, it's not a *bank* account. But email accounts, social media accounts, and other "free" accounts can have a lot of value, even beyond the nuisance value of having to get a new email account and contact everyone. For example, these days, a great many other accounts are tied to your email account, and you could lose all of them, as well.
This type of attack is a kind of subset of the larger class known as phishing attacks. These are messages that attempt to obtain information from you, that can be used in other attacks. Very often the information is about you: person information, but not necessarily *too* personal. For example, what were your parent's names at birth? Since many systems suggest that you use your mother's maiden name as a security question, this is information that can be used to break into your accounts.
This particular spam came via text, but it points up a warning that applies to texts, email, and even Websites. The message says to make a claim at https://bit.ly/ICBCcove . There are a couple of points to make. The first is the https. Some people may have been told, or believe, that this provides for some level of security. It doesn't provide any security against scams or frauds. The second issue is with regard to the site bit.ly. This site is a URL redirector. It is usually used simply to shorten URLs, but it can also be used to specify a particular name. So, just because it *says* ICBC, it doesn't really mean that ICBC has anything to do with it. Since it is a redirector, all it really means is that you have no idea where this link is sending you. Always be somewhat suspicious of these types of links.
This is a fairly common type of spam, and scam. These particular people are trying to steal your email account, and, as noted above, there are a variety of uses and values that they can obtain from it. The red flags here start with who this email is from. on the top line, towards the right, you will notice that the email is from someone at AOL. I really can't see why someone in authority to remove your account, at Microsoft (*not* Micro Soft), needs to use an AOL account for email. Also, as I pointed out, Microsoft is unlikely to spell or format their own name incorrectly. The 48 hour time limit is yet another use of social media to panic people and get them to make decisions in haste, and without considering these factors. (The "Dear Customer" salutation is also a bit of a flag. If you actually *are* a customer, presumably they know who you are.) The mention of the account not being updated on their servers is another oddity: *you* don't need to update *their* servers.
This particular message came to an Outlook ( Microsoft) account that I have and do use. Outlook is particularly bad at spam filtering, and (rather oddly) particularly at identifying and filtering this kind of messaging attacking their customer's Outlook email accounts, which are often tied to other Microsoft services. As noted, I do receive legitimate email on this account, but much of the time I find that at least three quarters of the messages I receive via Outlook are attacks on the Outlook account itself. (Just something to consider when you are choosing email services.)
More to come ...
No comments:
Post a Comment