Identifying scam emails?

[Shep]

Is there and easy way to sort the wheat from the chaff?

After years of fake bank security emails the scammers have taken a different tack, though I fail to see what they will gain unless its just to install malicious bits of software on my PC?

Just recieved an email from UPS it looked fine, we use UPS on a regular basis and had posted a parcel by them recently, but I was suspicious as I knew the parcel had arrived yet this email was saying the parcel was undeliverable and that I should use the link supplied to track the item.

My AVG security package picked it out as spam and flagged it but in the past it has also flagged genuine emails as well.

I phoned UPS and they confirmed it was a scam.

Is there a quick way I can check mails are genuine?

Shep

 

[turbine_2]

I look at the URL that it goes to from "View Source". If it looks like it goes to their web site then I go to their web site by typing the URL and then going for any relavent details. If it's something obviously not (www.someplace.com/stuf/www.hbos.co.uk as an example for an hbos scam) then it gets deleted.
If it's a UK company, or I can easily find a contact for the site I usually pop them a copy of the scam e-mail with a note that they've been hacked but never really get a reply.

 

[ovenpaa]

The UPS mails are worse than scams, they contain Malware - XPAV2008 and variants, we see so many new variants every day now it is scary, has to be the big one of 2008

 

[Rushy]

I keep on gettin the UPS one at work and also ones that are to do with the online flight reservation that I have made !? I guess they think people will open it becuase they are worried that someone has booked a plane ticket in their name & possibly using their Credit Card details.

 

[ovenpaa]

I am always interested in new samples so you can always mail them to me We are very interested in new releases and trends plus we look at detection rates and propagation methods as well.

EDIT - Perhaps I should explain a bit more, a lot of this crap tries to get you to pay money to remove 'infected' files on your machine and will also connect to remote sites to download even more malware, a couple of weeks ago our QA manager had a few minutes to spare so he logged the latest source sites and contacted the hosting companies. Many companies did not reply, however he had 155 source sites closed in one day.

Yes, that is one man, one day had 155 associated malicious sites downed. It does give an indication of the size of the issue.

 

[Dreamer]

Non-spam emails should always be addressed to you personally, not "Dear Customer" etc. It's a good guide, but not foolproof.

The best bet is to never use links in emails... Just log onto the sender's website by typing the URL directly. Takes a little longer, but you'll know that you're interacting with the right organisation. e.g. Go to UPS.com, find their tracking page, etc etc.

There seems to be a big glut of HSBC phishing emails at the mo...

 

[brassmonkey001]

Got two from Abbey this morning.
I knew they were scams as I don't bank with them.

 

[unhinged]

One rule of thumb is never ever click on the links in the e-mail no matter how legitimate they look. If you use UPS, go to their web site by typing it in yourself and entering the parcel number.