Spam emails are a fact of modern day life. Here I will go through an email that I recently received that claims to be from Santander.
As expected, the email is written in such a way as to cause panic and fear. The goal is to get you to act immediately before their website is shut down and the opportunity to get your banking login details is lost.
The more you examine the email, the more obvious it becomes that it is fake. The spammer is hoping that you will simply skim read the message and click the link in that email where the next stage of their con can continue.
At first glance the email address looks legitimate and the web address shown is indeed for Santander.
However, not all is as it seems. Let’s read the email and see what it says.
It’s safe to open an email to read, just don’t open any attachments or click any links within the email until you’re sure it’s legitimate.
Starting at the top…
The first thing that raises suspicions is the grammatical mistake in the subject: ‘3 Times Login Attempts’. It’s highly unlikely that a banking giant would make such an error.
Next is the header image. It’s clearly not in the correct proportions, and if you look carefully you can see there is a mismatch of colour between the red in the logo and the red strip of colour running behind it. A big name brand would never allow their logo to be displayed in such a way.
Moving on to the text below:
Why is there an accent above the ‘e’? There is also a grammatical error in the form of an erroneous comma and a lack of full stop at the end of the paragraph.
The lower section of the email again features an improperly proportioned image, spelling mistakes and grammatical errors.
So, after all that we’re pretty sure that is message is fake. There is one final check that will put this to bed, and that is to check the headers of the email.
What are headers?
Header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some headers are mandatory, such as the FROM, TO and DATE headers. Others are optional, but very commonly used, such as SUBJECT and CC. http://whatismyipaddress.com/email-header
The process of checking a header varies in email clients, but in the case of Microsoft Outlook you need to open the email in question and then click the arrow to the right of reply and select ‘View message source’.
A box will pop up with lots of text to scroll through. Here we looking for an email address that is different to that of the one we saw earlier. In the following image I have highlighted the email address in question.
The email address is not legitimate.
Checking the links
If by now your still not sure you can also check the links within the email. If a spam email does not have an attachment then it is likely they are wanting to direct you to a website where they can extract your personal information. By putting your cursor over a link, in this case the ‘Confirm’ link. we can see where we are being taken by looking in the bottom left of the browser window.
This is obviously not a Santander address.
For the sake of research, lets visit the site (please don’t do this yourself) and see what we find…
Immediately we are redirected to a clone of the Santander login screen which appears almost identical to the original.
But look at the address bar.
A subtle addition of an ‘i’ to the spelling of Santander. This is not the real website. Cheeky monkeys even have an SSL certificate!
So, after all of this we can agree that this is a fraudulent email. They did make it easy for us this time but be aware that some emails are much more polished. I hope that with the above information you will now be able to analyse emails and pick out the frauds.
Today we received a remote support request from a local customer who was having trouble with a spam pop-up that was hijacking his browser.
The pop up displayed a warning message stating that the computer had a security vulnerability and that the user should call the number listed to get support.
Along with the message a loud beeping noise was coming from the speaker which one would assume was to cause panic and fear.
Despite a button being available to close the message, on doing so another tab would open and the same message would appear.
To fix this we:
Used task manager (Ctrl+Alt+Delete) to stop the process (Microsoft Edge Browser in this instance).
We then opened the browser and were greeted with the tabs automatically reloading before our nimble mouse movements could close them. The pop ups reappeared and the spam message / noise occurred again!
To work around this we:
Opened a command prompt.
Ran the following command: start microsoft-edge:https://www.cvrg.co.uk
This opened Microsoft Edge and automatically opened a fresh tab with our website.
We were then able to right mouse click on the tab to the far left and select: Close tabs to the right
All the tabs closed and our customer was able to continue with their surfing.
How many times have you sent an email and received a cryptic bounce back message that makes little sense?
Have people mentioned that they have been unable to email you and you’ve had to resort to alternative an means of communication?
The reasons for email problems are numerous but in our experience the number one problem… Mistyped email addresses!
Once the above has been discounted we turn to more technical issues that can cause sending problems.
To help prevent spam there are worldwide spam lists that email servers use to check the validity of an email sender.
There are a number of reasons why a domain may end up on one of these lists. These include:
An email account has had unauthorised access and has been used to send out spam
Another email account hosted on the same server as you has been flagged and an IP range (that includes your mail server) has been blocked
You can check to see if a sender’s domain has been blacklisted by using MXToolBox
Another reason why an email may be rejected is that no SPF record has been setup for the domain.
An SPF record identifies which mail servers are permitted to send email on behalf of your domain. The purpose of this is to prevent spammers from sending a message with a forged From address at your domain.
Occasionally, implementing SPF records are overlooked when setting up a domain name but it should be the first place to check.
If you have access to a domain control panel you can usually set a SPF record here. If, however you have a managed domain name you will need to contact your domain name provider.
Having a Reverse Domain Name System setup is very important when it comes to email deliverability.
When a server accepts an incoming message is first takes note of the originating IP and the domain from where the email claims to be from.
Before allowing the message through the receiving server performs a rDNS lookup using the IP address to ensure that the domain name tallies with what it expects. If it does, your message makes it through, if not, it doesn’t.
If the sending server does not have rDNS correctly configured then there is a good chance that the receiving server will not allow the message through.
Outdated mail server software can also present problems from reduced functionality to weaker security.
Ensure that your email provider is running an up-to-date email system.
While on the face of it email deliverability may seem like a simple process, there are many areas that if not configured correctly can cause problems. It’s important when choosing an email provider that you pick not only a company that can provide the technical expertise but also a reliable point of contact. The cheapest provider is not always the best!
At Convergence we own and fully manage our email servers.
We are a local, independent company and our team is able to provide assistance from help setting up your email on various devices to investigating bounce back messages and failed deliveries.