Your Internet Lesson of the Day

I got this email today.













FROM: lumberjacksn@inimplast.com.br
TO: oconnellma@aol.com

SUBJECT: Thank you for settling the order No.75111511

Dear Customer!

Thank you for ordering at our internet store.
Your order: Nokia 5800 XpressMusic, was sent at your address.
The tracking number of your postal parcel is indicated in the document attached to this letter.
Please, print out the postal label for receiving the parcel.

Internet Store.
Firstbatteries.com

ATTACHED FILE: D04f5fbec.mim

Oh, no! Something's wrong! I don't remember ordering any item! There must be some mistake! Am I being billed?! I'd best open this attached file right away and find out what's going on!

Okay...

There are people out there, all over the world, looking to rip you off, hijack your computer, or, hell, just wipe out your computer just for the fun of it. This is one of the ways they do it. And they count on people not thinking and just opening the file out of panic or curiosity. Then the deed is done, and you're eight ways screwed.

First off, look at the email address this one's coming from. It has a .br extension. This means it's from a web site in Brazil. For once, it's not out of Africa, at least. Nice to see South America getting it on the fun.

Second, my email address is one letter off. How this actually works, I'm not really sure, but it tends to lead you to think you accidentally got someone else's email...all the more reason to open the file, either to help them out or try to steal whatever item they ordered yourself!

Note the subject line. "Thank you for settling the order". Who talks like that? Answer - people that do NOT speak English as a first language. Bad spelling, grammar, or just awkward phrasing is another clue you're being spamulated.

"Dear Customer!": Just "customer", not me by name. Plus, an exclamation point after it? Again...English as a second language. "Thank you for ordering at our internet store". THAT's working the brand name, guys. Generic = suspicious. "Your order: Nokia 5800 XpressMusic, was sent at your address." It was sent AT my address, not TO my address? Do I handle the company's shipping now? "The tracking number of your postal parcel is indicated in the document attached to this letter". Letter? It's an email. Ass. "Please, print out the postal label for receiving the parcel." Oh, I'll open that RIGHT away, as I'm sure that will give me all the info I need to clear up this misunderstanding! Plus - "parcel", not "package". And it's signed "Internet Store" (there's that catchy store name again). And we finally get a site name: Firstbatteries.com, which I will NOT be browsing out of curiosity, as it's probably set up to shoot all manner of spyware at me the minute I do.

And the attached file. First...IT'S AN ATTACHED FILE. Never open those if they're not coming from someone you know, and even then, maybe not. This one's a .mim file, which is a generic internet format that, in essence, hides what kind of files, and how many files, are attached. If I downloaded that and opened it, I guarantee I could kiss either my computer or my bank account good-bye. Or at least I'd be changing internet passwords 'til spring.

These emails come in all forms. I get regular ones that look like they're coming from PayPal, telling me my account is being shut down unless I click the attached link and clear up "the problem". This link will, I assure you, go to a very PayPal-looking site that asks me to punch in my username and password. Cha-ching! It's Christmas Eve in Nigeria! I get them from banks or alleged banks, where they talk about a problem with your account. Even if you DON'T have an account with this bank (I get BofA ones all the time, and I have no account there), people are still concerned and curious enough to click the link or open the file...you know, just in case they FORGOT about an account they opened up.

Evil men across the globe are out to rip you off or just mess with your life. At this point in time, legally, there's little that can be done about them. All you can do is negate their expectation of you being dumb...by not being dumb. If it looks hokey, it is. Just delete it. Never click a link, never open an attached file. It's 2009 so we should all know this, but based on the fact that so many of these are still flying around, clearly people are falling for it, or they would have stopped long ago.

Don't be that guy!