For people in the know, it is common knowledge that the only way you should get updates for windows, Outlook or any Microsoft product is generally through Microsoft update in Microsoft Windows or their actual website. For everyone else they may just think this is Microsoft being kind and that they got the email address because it’s a Microsoft product and that they want to help you avoid being taken advantage of by scammers or hackers.

Of course that is exactly what some people think and go ahead and extract the zip file try to run the update and get themselves a trojan virus which gives the spammer/hacker control of your machine or something else like logging all your keystrokes for user names and passwords.

All I can say is obey the Microsoft update rule and only get it direct from them and always copy and paste the subject into google as you will most likely find a site at the top telling you it’s a spam email, oh and make sure your antivirus and malware checkers are up to date.

One more thing generally updates are version specific, so if you know your software has many versions this should give you a hint that there is something not quite right, so double check with the main company website if you want to be sure.

——————————————————-

What the Attached Zip file is called: officexp-KB910721-FullFile-ENU.zip

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:

1. Run attached file officexp-KB910721-FullFile-ENU.exe

2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

Also there are absolutely no links so you can’t even detect the usual false link behind the one that shows on screen.

So the only option you have is to open the zip file, which I don’t know exactly what this one does, but I can assure you they are never good, hopefully your antivirus is up to date and can save you if you do open it.

Any company sending out a digital e-card will do it with a link that takes you to a page (remember to hover over the link and make sure it’s legit), they won’t bother with sending out an actual file to you. Also a family member will most likely have their name in the email through a legit e-card website.

If you are ever in doubt always copy some of the email or the subject line and add the word spam and something should come up in the search engines that will let you know if it’s spam or not. if you’re in doubt get in touch and we can help you identify it for you.

here’s it the full text that’s in the email (the zip file has a name of ecard.zip)

——————————————————–

Good day.

Your family member has sent you an ecard from 123greetings.com.

Send free ecards from 123greetings.com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days.

If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, open zip attached file.

The email below is quite clever in how it makes you think that you are the reason that your getting the email. First off you don’t know the person, but his name is David, a common enough name that you might not think about it and start reading the email as you’re curious.

So the way the email starts ‘yo mate, ok I’ll give you my trick’ right away for most guys this is how an email might start with some of your best mates, so you just keep reading. Then comes the little threat, ‘but if you give it away I’ll…’ which only serves to strengthen the believability of the email.

If you’re thinking I wouldn’t fall for that, think about the fact this is specifically targeted to a very specific type, so it wouldn’t work with you, remember spam fishes for people who will believe it’s a numbers game to them!

So the email goes on to make you just want to get right on and start betting, why? well it’s promising free money, this is where the alarm bells should be triggered, if it’s too good to be true then it’s probably is. In this case we know this or I wouldn’t be writing about it, however there are some people out there that would think because it tells you don’t do more than £1,000 a day that this means it must be true.

There is also a link to a specific casino website, which is obviously where they want to get you to go to and waste soo much money trying out the technique all day to get it to work. Now if it is a real casino you might actually get luck, why because it is a 50/50 shot, so even if you fail 9 times out of 10 that 1 time may make you think that it’s possible and it’s something your doing wrong. Now you’re in Gambling addiction area, something I’m not going to get into here, but just think again about who they are targeting with this spam email.

Lets face it, all Casinos do is look for patterns, so even if there was a hint of truth in this they would be on it right away, you might get lucky with a few of the smaller ones as they might not have the resources, but word spreads quickly in communities like that, but it’s fake so we don’t need to worry about it, but I’ll bet some of you reading this started thinking wow what if it would work on lesser known Casinos. That there is the power of suggestions, that’s why Spam can work so well, we all want something for nothing.

Finally as a convincer (which normally comes first and why it works so well here), is at the very end of the email where it actually has what looks to be an email from you to David. It’s short to the point and conceivable if you like to gamble a little bit or would be curious about it that you might have sent it and completely forgot, my how we can convince ourselves it it means free money!

So there you go some good lessons in there that can be applied to many other spam emails like lottery ones especially.

Stay Safe

Alan

Spam email below

———————————————————–

yo mate, ok I`ll give you my trick but if you give it someone else I`ll fuckin kill you you know in roulette you can bet on blacks or reds. If you bet $1 on black and it goes black you win $1 but if it goes red you loose your $1.

So I found a way you can win everytime:

bet $1 on black if it goes black you win $1

now again bet $1 on black, if it goes red bet $3 on black, if it goes red again bet $8 on black, if red again bet $20 on black, red again bet $52 on black (always multiple you previous lost bet around 2.5), if now is black you win $52 so you have $104 and you bet:

$1 + $3 + $8 + $20 + $52 = $84 So you just won $20

now when you won you start with $1 on blacks again etc etc. its always bound to go black eventually (it`s 50/50) so that way you eventually always win. But there`s a catch. If you start winning too much (like $1000 a day) casino will finally notice something and can ban you. I was banned once on royal casino. So don`t be too greedy and don`t win more then $200 a day and you can do it for years. I think bigger casinos know that trick so I play for real money on smaller ones, right now I play on elite vip casino: www.elitetables.net for more then 3 months, I win $50-$200 a day and my account still works. You`ll find roulette there when you log in go to “specialty” section – “american roulette”. And don`t you dare talling about it anyone else, if too many people knows about it casinos will finally found a way to block that trick. If you have any questions just drop me a line here or on skype.

c ya

—– Original Message —–

From: “efrengj” <info@cmmc.co.uk>

To: <matthewzprx@monalisabridal.com>

Sent: Tuesday, September 15, 2009 1:14 PM

Subject: Please send me the system

> Hi david.

>

> Please tell me when you will send me your roulette trick?

> You promised you`ll send it few weeks ago

>

> Thanks in advance.

>

The next thing again is that when you rollover the ‘Personal Log on’ button you will see that the actual domain address is wrong the first part starts off like it’s ok ‘http://online.lloydstsb.co.uk’  but it doesn’t actually end there it continues with ‘.623hneczc1.com’ Which unless the is a / means that until the last fullstop and one of the usual .com, .net .co.uk or many other ones the domain isn’t finished, therfore it’s not likely that Lloyds would ever have .623hneczc1.com at the end.

As always the best peice of advice I can give is to login manually to your banks online account, so never click on the link in the email.

Stay Safe

Alan

This one comes with an attachment called ‘MTSN_87743484.zip’ the content is very plausable, but you should ask the obvious question who is sending you that money. Generally you will know to be expecting it and if you are already expecting money then the totals should be completely different.

Also note that a typical sign of a spam email is the generic ‘Dear Customer’ if they have you’re email address and it involves money the chances are they have your actual name or at the very least a reference number you can check somewhere else.

I’m not familiar with Western Unions methods of transferring money, so I’m not sure how they alert you to the fact that there is money to be collected or if that’s even possible. Maybe the money gets wired direct to an account and the only notification is the person sending you the money telling you or you checking you’re bank statement.

Either way I wouldn’t trust anything that seems to good to be true like this and there are many examples out there.

————————————–

Dear customer.

The amount of money transfer: 1037 USD.

Money is available to withdrawl.

You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.

Western Union.

Customer Service.

In the email below what they cleverly do is make you think that the link is actually ok to use by calling it a ‘private secure new link’

I’ll be honest this is one of those you need to know how Microsoft do things to know that they wouldn’t issue a link that wasn’t direct on their site or through the windows update software, which makes this email a very clever and dangerous spam email.

If there is an email that talks about updates from Microsoft always try the windows update first or the actual Microsoft website, they won’t send you an actual email unless you’re on some partner program, but that would be easy to know if it’s a real email as it will come from a much more obvious address and have proper links to their website.

Another sign is the jumbled up letters at the bottom, a real email from them wouldn’t have this, I’m not quite sure why it’s there, but if you know leave a comment for us all please.

—————————-

Security update

When necessary, Microsoft provides a new security update on the second Tuesday of each month and publishes a bulletin to announce the update.

Occasionally, updates are released more often.

The links below go to the latest update download.

(Privat secured new link)

http://mail1.e-corecorporation.com/postinfo.html

Each bulletin includes links to the security updates.

Microsoft has submitted a new update for all Windows OS web browsers, which brings a more stable and secure application, Internet Explorer version 7.0.195.24.

The new version has no new functionality but fixes one security vulnerability that has been classified as “high”, the highest level. Vulnerability refers to the possibility of external attacks through Internet Explorer and Outlook Express . We recommend installing the update to keep you and your system safe .

Thank you, Adrian King Director of Security Assurance Microsoft Corp.

QIFMPZCLOZNGFGOKDMCWUKXJOTRWQFNWSEWMWT

—————————————————————–

Stay Safe

Alan Fair

If it requires you to log into your account don’t ever click on the link in the email, go direct to the website in a browser using the proper address, then log in. If there is a problem most banks should tell you once you’ve logged in, if not you will very likely recieve a letter in the post, unless you’ve selected to only get digital letters. Even still with digital letters they should be accessible from the logged in account.

If there is an attachment to the email I think I can safely say completely ignore it everytime a bank won’t send any attachments, if however you know of a bank that does please leave a comment on this post and put in it what the file is and potentially why. This will help anyone who questions if it’s safe or not to open, thanks.

So on to the HSBC email, this one has graphics so I’ve had to take screenshots for it.

Here is an image when the email is caught in a spam filter. You will notice first the massive list of different emails, the bank would not send an email with this showing as that would be a Data Protection violation. Now you’ll notice a couple of crosses on the image, this is where images would be, but due to my spam filer it doesn’t show images by default. This can be important because if you download images the spam guys know you’re looking at the meail and will add you to further lists, so avoid this as much as possible.

Again as in other warning they don’t mention your actual name on the email it’s a generic ‘Dear Customer’ greeting, this is a good sign it’s spam.

So most spam email usally have a really bad quality logo and the email looks nothing like a real email from them. Now I don’t have a HSBC account so someone else will need to comment on whether this is accurate or not, but in the image below if this came in it would look pretty convincing to most people. Also I looked into the code and they are actually using images from the real website www.hsbc.com so it’s a good bet that it is how the real emails look.

Ok so the final and best way to tell if this is actually a spam email is to hover on the login button to see what the actual link says that it’s going to. In this case it has the followin:

http://www.hsbc.co.uk.8njxvdic.com/1/2/HSBCINTEGRATION_CAM20/00500G5SSYZI16sRkSJyjt2ntf4ep3IDV_URL/index.php

Now I’ve deleted a few things from this link just in case anyone thought to copy and paste it into a browser (please don’t).

If you break it down you will see that the real domain address isn’t right as it has http://www.hsbc.co.uk.8njxvdic.com everything after that doesn’t matter so much as some real links from genuine banks may have things similar in style. The important thing to note is that the real address should be http://www.hsbc.co.uk (or .com) that one has an extra set of letters and numbers to it before the .com ’8njxvdic’ so this means that it’s a fake address.

There are many spam emails that follow a lot of the tricks employed in this one spam email so take note and keep an eye out before you click on anything.

Stay Safe

Alan Fair

This one comes with an attachment called ‘DHL_Label_2a761.zip’ do not ever open attachments unless you know who it’s from and you have eliminated that it is a spam email.

In this case it can be very difficult to tell if it’s a real one or not. Similar to Paypal, companies like this will genereally use your real name, the one on the account or a reference number that you should be able to check from a previous email or letter. Make sure you confirm that first.

You need to also think about are you actually waiting on a parcel and what company is delivering it.

They wouldn’t likely say that the cause is an error with the shipping address they would by standard either leave a card or attempt to deliver it the next day. If they don’t suceed then they would send the card in the post.

If it was sent by someone else then the company would get in touch with them that the address was wrong and wouldn’t use your email address in that instance.

You always need to bring some form of identification with you to get a parcel this doesn’t ask you to do that, so that’s a bit suspicious.

Also emails from the company would usually have actual branding, so you would see the logo somewhere on there, this one just doesn’t have that.

———————————————

Hello!

The courier company was not able to deliver your parcel by your address.

Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please note!

The shipping label is attached to this e-mail.

Please print this label to get this package at our post office.

————————————————

Stay Safe

Alan Fair

Again like others a quick hover over the ‘click here’ will show the actual address to be going somewhere completely different from where you would expect, so be careful and don’t click it.

If you get a spam email saying something is time critical or important like the one below always go directly to the main site by typing in the address yourself, and then login to see if there is a note, email or letter in your account settings kind of area. This is good practice especially for any emails talking about your bank account.

Another thing with Paypal is that they will use the actual name on your account for any official emails, so it saying ‘Dear Customer’ tells me right away it’s a spam email.

————————————————

Dear customer,

Your account has been temporarily limited

Click here to resolve the problem

Thank You.

———————————————–

Stay Safe

Alan Fair

The link that it has is the key to detecting that it is spam for this and actually many other spam emails. Hover over the link and you should see the actual address it will take you to appear in a little roll over tooltip. The important part is the main address.

Here’s what shows up for the first part: http://online.hmrc.gov.uk.cdstrdd.eu

now when you look at it you have to read it carefully as sometimes an ‘o’ is replaced with the number ’0′ or ‘I’ with the number ’1′ this happens a lot and there are many more like that. In this case though it’s the ending of the link the first part ‘http://online.hmrc.gov.uk‘ seems legit it’s the second part ‘.cdstrdd.eu‘ that makes it a dangerous link to click.

Basically this link will take you to a bad server. Everything else after that using the ‘/’ is for them to track or direct you to a specific piece of code that will then get you to download something, fill out a form that cleverly looks like the authentic form or add your email to more spam lists.

So be very careful when you click on a link in an email that is not from a trusted resource.

———————————————————-

Taxpayer ID: info-00000586327359UK

Tax Type: INCOME TAX

Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):

review tax statement for taxpayer id: info-00000586327359UK <http://online.hmrc.gov.uk.cdstrdd.eu/SecurityWebApp/httpsmode/statement.php?id=5406990561606406953&email=info@cmc.co.uk&tid=info-00000586327359UK>

HM Revenue and Customs

————————————————————–

Stay Safe

Alan Fair