For people in the know, it is common knowledge that the only way you should get updates for windows, Outlook or any Microsoft product is generally through Microsoft update in Microsoft Windows or their actual website. For everyone else they may just think this is Microsoft being kind and that they got the email address because it’s a Microsoft product and that they want to help you avoid being taken advantage of by scammers or hackers.

Of course that is exactly what some people think and go ahead and extract the zip file try to run the update and get themselves a trojan virus which gives the spammer/hacker control of your machine or something else like logging all your keystrokes for user names and passwords.

All I can say is obey the Microsoft update rule and only get it direct from them and always copy and paste the subject into google as you will most likely find a site at the top telling you it’s a spam email, oh and make sure your antivirus and malware checkers are up to date.

One more thing generally updates are version specific, so if you know your software has many versions this should give you a hint that there is something not quite right, so double check with the main company website if you want to be sure.

——————————————————-

What the Attached Zip file is called: officexp-KB910721-FullFile-ENU.zip

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:

1. Run attached file officexp-KB910721-FullFile-ENU.exe

2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

So in this one (see spam email at the bottom) just look at the reference number, guaranteed you won’t have that on any of your official tax documents.

The link also goes to a completely different site from the inland revenue you can tell that because their web address is  http://www.hmrc.gov.uk/  and they have http://online.hmrc.gov.uk.okio1v.kr/… if you hover over the link you’ll see this address show up.

Basically after the first two slashes in the http:// the very next slash you see signifies the end of the actual domain name. so in this case the .okio1v.kr part is taking you to a completely unrealated domain name to the …online.hmrc.gov.uk… part.

Also in this case they got my name from my email address, which most people have, so that’s why it seems like it’s personalised (generally spam email isn’t personalised), so if you have a strange ID to your email this should look even more suspicious.

HMRC will very rarely email you, most of these issues will be dealt with via a letter in the post or a phone call, so if you get any emails verify it by calling up the revenue just to be sure.

———————————————————————————-

Taxpayer ID: alan-00000217490017UK
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):

review tax statement for taxpayer id: alan-00000217490017UK

HM Revenue and Customs

——————————————————————————————

The email below is quite clever in how it makes you think that you are the reason that your getting the email. First off you don’t know the person, but his name is David, a common enough name that you might not think about it and start reading the email as you’re curious.

So the way the email starts ‘yo mate, ok I’ll give you my trick’ right away for most guys this is how an email might start with some of your best mates, so you just keep reading. Then comes the little threat, ‘but if you give it away I’ll…’ which only serves to strengthen the believability of the email.

If you’re thinking I wouldn’t fall for that, think about the fact this is specifically targeted to a very specific type, so it wouldn’t work with you, remember spam fishes for people who will believe it’s a numbers game to them!

So the email goes on to make you just want to get right on and start betting, why? well it’s promising free money, this is where the alarm bells should be triggered, if it’s too good to be true then it’s probably is. In this case we know this or I wouldn’t be writing about it, however there are some people out there that would think because it tells you don’t do more than £1,000 a day that this means it must be true.

There is also a link to a specific casino website, which is obviously where they want to get you to go to and waste soo much money trying out the technique all day to get it to work. Now if it is a real casino you might actually get luck, why because it is a 50/50 shot, so even if you fail 9 times out of 10 that 1 time may make you think that it’s possible and it’s something your doing wrong. Now you’re in Gambling addiction area, something I’m not going to get into here, but just think again about who they are targeting with this spam email.

Lets face it, all Casinos do is look for patterns, so even if there was a hint of truth in this they would be on it right away, you might get lucky with a few of the smaller ones as they might not have the resources, but word spreads quickly in communities like that, but it’s fake so we don’t need to worry about it, but I’ll bet some of you reading this started thinking wow what if it would work on lesser known Casinos. That there is the power of suggestions, that’s why Spam can work so well, we all want something for nothing.

Finally as a convincer (which normally comes first and why it works so well here), is at the very end of the email where it actually has what looks to be an email from you to David. It’s short to the point and conceivable if you like to gamble a little bit or would be curious about it that you might have sent it and completely forgot, my how we can convince ourselves it it means free money!

So there you go some good lessons in there that can be applied to many other spam emails like lottery ones especially.

Stay Safe

Alan

Spam email below

———————————————————–

yo mate, ok I`ll give you my trick but if you give it someone else I`ll fuckin kill you you know in roulette you can bet on blacks or reds. If you bet $1 on black and it goes black you win $1 but if it goes red you loose your $1.

So I found a way you can win everytime:

bet $1 on black if it goes black you win $1

now again bet $1 on black, if it goes red bet $3 on black, if it goes red again bet $8 on black, if red again bet $20 on black, red again bet $52 on black (always multiple you previous lost bet around 2.5), if now is black you win $52 so you have $104 and you bet:

$1 + $3 + $8 + $20 + $52 = $84 So you just won $20

now when you won you start with $1 on blacks again etc etc. its always bound to go black eventually (it`s 50/50) so that way you eventually always win. But there`s a catch. If you start winning too much (like $1000 a day) casino will finally notice something and can ban you. I was banned once on royal casino. So don`t be too greedy and don`t win more then $200 a day and you can do it for years. I think bigger casinos know that trick so I play for real money on smaller ones, right now I play on elite vip casino: www.elitetables.net for more then 3 months, I win $50-$200 a day and my account still works. You`ll find roulette there when you log in go to “specialty” section – “american roulette”. And don`t you dare talling about it anyone else, if too many people knows about it casinos will finally found a way to block that trick. If you have any questions just drop me a line here or on skype.

c ya

—– Original Message —–

From: “efrengj” <info@cmmc.co.uk>

To: <matthewzprx@monalisabridal.com>

Sent: Tuesday, September 15, 2009 1:14 PM

Subject: Please send me the system

> Hi david.

>

> Please tell me when you will send me your roulette trick?

> You promised you`ll send it few weeks ago

>

> Thanks in advance.

>

The next thing again is that when you rollover the ‘Personal Log on’ button you will see that the actual domain address is wrong the first part starts off like it’s ok ‘http://online.lloydstsb.co.uk’  but it doesn’t actually end there it continues with ‘.623hneczc1.com’ Which unless the is a / means that until the last fullstop and one of the usual .com, .net .co.uk or many other ones the domain isn’t finished, therfore it’s not likely that Lloyds would ever have .623hneczc1.com at the end.

As always the best peice of advice I can give is to login manually to your banks online account, so never click on the link in the email.

Stay Safe

Alan

Second if you hover over the link you will very quickly see that the beginning of the link doesn’t even correspond with abbeys own web address ‘http://www.dailyzohar.com’ They do however in the next bit have the abbey address in there, to hopefully fool you, but it’s the first part that is important. Just think of a house address you can’t put 123 my street, Glasgow, then have 456 the fake street, Glasgow and expect the mail company to send it to the second part of the address and not the first, it just wouldn’t happen.

Finally the content is telling you there has been a mismatch of your details, if you haven’t accessed the account in the last few days then it’s very unlikely it’s you and anyway the golden rule of any email telling you there is a problem with your online account is to log into the account manually like you normally would and it will either prove you still get access because you’ve just logged in or the system will tell you there is a problem and that you need to call a specific telephone number.

Stay Safe

Alan

This one comes with an attachment called ‘MTSN_87743484.zip’ the content is very plausable, but you should ask the obvious question who is sending you that money. Generally you will know to be expecting it and if you are already expecting money then the totals should be completely different.

Also note that a typical sign of a spam email is the generic ‘Dear Customer’ if they have you’re email address and it involves money the chances are they have your actual name or at the very least a reference number you can check somewhere else.

I’m not familiar with Western Unions methods of transferring money, so I’m not sure how they alert you to the fact that there is money to be collected or if that’s even possible. Maybe the money gets wired direct to an account and the only notification is the person sending you the money telling you or you checking you’re bank statement.

Either way I wouldn’t trust anything that seems to good to be true like this and there are many examples out there.

————————————–

Dear customer.

The amount of money transfer: 1037 USD.

Money is available to withdrawl.

You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.

Western Union.

Customer Service.

In the email below what they cleverly do is make you think that the link is actually ok to use by calling it a ‘private secure new link’

I’ll be honest this is one of those you need to know how Microsoft do things to know that they wouldn’t issue a link that wasn’t direct on their site or through the windows update software, which makes this email a very clever and dangerous spam email.

If there is an email that talks about updates from Microsoft always try the windows update first or the actual Microsoft website, they won’t send you an actual email unless you’re on some partner program, but that would be easy to know if it’s a real email as it will come from a much more obvious address and have proper links to their website.

Another sign is the jumbled up letters at the bottom, a real email from them wouldn’t have this, I’m not quite sure why it’s there, but if you know leave a comment for us all please.

—————————-

Security update

When necessary, Microsoft provides a new security update on the second Tuesday of each month and publishes a bulletin to announce the update.

Occasionally, updates are released more often.

The links below go to the latest update download.

(Privat secured new link)

http://mail1.e-corecorporation.com/postinfo.html

Each bulletin includes links to the security updates.

Microsoft has submitted a new update for all Windows OS web browsers, which brings a more stable and secure application, Internet Explorer version 7.0.195.24.

The new version has no new functionality but fixes one security vulnerability that has been classified as “high”, the highest level. Vulnerability refers to the possibility of external attacks through Internet Explorer and Outlook Express . We recommend installing the update to keep you and your system safe .

Thank you, Adrian King Director of Security Assurance Microsoft Corp.

QIFMPZCLOZNGFGOKDMCWUKXJOTRWQFNWSEWMWT

—————————————————————–

Stay Safe

Alan Fair

If it requires you to log into your account don’t ever click on the link in the email, go direct to the website in a browser using the proper address, then log in. If there is a problem most banks should tell you once you’ve logged in, if not you will very likely recieve a letter in the post, unless you’ve selected to only get digital letters. Even still with digital letters they should be accessible from the logged in account.

If there is an attachment to the email I think I can safely say completely ignore it everytime a bank won’t send any attachments, if however you know of a bank that does please leave a comment on this post and put in it what the file is and potentially why. This will help anyone who questions if it’s safe or not to open, thanks.

So on to the HSBC email, this one has graphics so I’ve had to take screenshots for it.

Here is an image when the email is caught in a spam filter. You will notice first the massive list of different emails, the bank would not send an email with this showing as that would be a Data Protection violation. Now you’ll notice a couple of crosses on the image, this is where images would be, but due to my spam filer it doesn’t show images by default. This can be important because if you download images the spam guys know you’re looking at the meail and will add you to further lists, so avoid this as much as possible.

Again as in other warning they don’t mention your actual name on the email it’s a generic ‘Dear Customer’ greeting, this is a good sign it’s spam.

So most spam email usally have a really bad quality logo and the email looks nothing like a real email from them. Now I don’t have a HSBC account so someone else will need to comment on whether this is accurate or not, but in the image below if this came in it would look pretty convincing to most people. Also I looked into the code and they are actually using images from the real website www.hsbc.com so it’s a good bet that it is how the real emails look.

Ok so the final and best way to tell if this is actually a spam email is to hover on the login button to see what the actual link says that it’s going to. In this case it has the followin:

http://www.hsbc.co.uk.8njxvdic.com/1/2/HSBCINTEGRATION_CAM20/00500G5SSYZI16sRkSJyjt2ntf4ep3IDV_URL/index.php

Now I’ve deleted a few things from this link just in case anyone thought to copy and paste it into a browser (please don’t).

If you break it down you will see that the real domain address isn’t right as it has http://www.hsbc.co.uk.8njxvdic.com everything after that doesn’t matter so much as some real links from genuine banks may have things similar in style. The important thing to note is that the real address should be http://www.hsbc.co.uk (or .com) that one has an extra set of letters and numbers to it before the .com ’8njxvdic’ so this means that it’s a fake address.

There are many spam emails that follow a lot of the tricks employed in this one spam email so take note and keep an eye out before you click on anything.

Stay Safe

Alan Fair

This one comes with an attachment called ‘DHL_Label_2a761.zip’ do not ever open attachments unless you know who it’s from and you have eliminated that it is a spam email.

In this case it can be very difficult to tell if it’s a real one or not. Similar to Paypal, companies like this will genereally use your real name, the one on the account or a reference number that you should be able to check from a previous email or letter. Make sure you confirm that first.

You need to also think about are you actually waiting on a parcel and what company is delivering it.

They wouldn’t likely say that the cause is an error with the shipping address they would by standard either leave a card or attempt to deliver it the next day. If they don’t suceed then they would send the card in the post.

If it was sent by someone else then the company would get in touch with them that the address was wrong and wouldn’t use your email address in that instance.

You always need to bring some form of identification with you to get a parcel this doesn’t ask you to do that, so that’s a bit suspicious.

Also emails from the company would usually have actual branding, so you would see the logo somewhere on there, this one just doesn’t have that.

———————————————

Hello!

The courier company was not able to deliver your parcel by your address.

Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please note!

The shipping label is attached to this e-mail.

Please print this label to get this package at our post office.

————————————————

Stay Safe

Alan Fair

Again like others a quick hover over the ‘click here’ will show the actual address to be going somewhere completely different from where you would expect, so be careful and don’t click it.

If you get a spam email saying something is time critical or important like the one below always go directly to the main site by typing in the address yourself, and then login to see if there is a note, email or letter in your account settings kind of area. This is good practice especially for any emails talking about your bank account.

Another thing with Paypal is that they will use the actual name on your account for any official emails, so it saying ‘Dear Customer’ tells me right away it’s a spam email.

————————————————

Dear customer,

Your account has been temporarily limited

Click here to resolve the problem

Thank You.

———————————————–

Stay Safe

Alan Fair