It was recently brought to my attention by a client that they were receiving a large amount of spam emails with subject lines like “unpaid invoice,” “final notice,” or “overdue invoice” in them. Well, sadly, they are not alone. A lot of people are receiving these emails and they are filled with malware meant to steal your personal information.
Even I am subjected to these emails on a daily basis. I get dozens of these emails a day, all using different names for the sender. Most end up in my spam box, but several a day even still manage to get through to my actual inbox. It’s not pretty. And, I feel for everyone who has to deal with them, since I am in the same boat.
These are just some of the ones that landed in my spam folder in a 12 hour period. It doesn’t even include the ones that missed the spam folder and ended up in my inbox. As you can see, each of them contains a paperclip, which means the email itself has an attachment the sender wants me to download (of course they do…LOL).
“Unpaid Invoice” Emails
The current email spam trend that people seem to be battling comes in looking as if you need to pay an invoice, and they always contain a zip file attachment. These fraudsters are using social engineering to try and trick you into opening the attached file by claiming you have an unpaid invoice and it needs to be paid as soon as possible. The email that is going around right now also includes the zip file attachment, which supposedly contains your “overdue invoice,” as shown in my the screenshot from my email account below.
The zip file itself is actually harmless to your computer. That is until you were to click on the file to open it. If you do this, then you will likely be installing malware software onto your computer that the thieves will then use to steal your banking information, login information for various accounts, passwords and other little tidbits from your computer.
I Just Know It’s My Email Provider or Website Hosts Fault!
Many people are quick to blame their hosting company or email provider for the amount of spam they are getting. But, in reality, it’s not their fault. It’s really up to you to learn how to control and prevent spam. Your email provider can only do so much, without taking a chance of blocking potentially legitimate email for their other customers.
Believe me, they are battling spam to the best of their ability, including the reverse problem of spammers using the email addresses of their legitimate hosting customers to send out massive amounts of spam, putting a stain on their servers.
For instance, I have an email address that is tied to a domain I no longer use. Several months ago I began receiving emails saying my mail was undeliverable, when I didn’t even send any mail out. This certainly seemed odd. It turns out that someone had used that old email address, spoofed it and was sending out bogus emails to people.
This I find even more frustrating than getting spam emails myself, as, all of the sudden, I started getting hundreds of emails a day to that address telling me that an email that I never even sent couldn’t be delivered. Even worse, people who are receiving those emails are likely to think they are coming directly from me, since my name is attached, and they aren’t! Grrrrrrrrr…..
Spam email issues is one of the biggest reasons we discourage our website design clients from using email inboxes with our hosting accounts. While you can still get a “domain branded” email, we generally prefer to set up clients who choose to use our hosting with a separate email provider, generally via Google Apps or some similar email service.
Try as we might, we just can’t convince some clients that our hosting servers are not the reason for their spam problems. Some can’t accept the fact that they also may be contributing to their spam problems by using poor email practices themselves, such as including their email addresses on their website, even when we discourage that practice. And many just didn’t want to hear the cold hard fact that eventually their email address is going to get spam! That’s 100% guaranteed. I don’t care who your hosting provider is.
Most hosting providers, including us, as well as popular email services such as Gmail, have tools in place to help you set up email “traps” and filters to weed out legitimate emails from bogus emails. But, you need to spend some time learning how to use the tools they offer you. Many people simply don’t want to take the time to learn how to use them to control their spam issues.
Don’t expect your email provider or host to uniformly apply spam settings or filters to all of their customers, because not all of their customers can afford to have legitimate emails caught up in these “traps.” It’s a catch 22 for them, so you need to take control of your own email on your end of things.
Email Best Use Practices
I can’t stress enough that best practices with email, as well as other internet links, is in order to make sure you don’t fall victim to these type of email scams.
Never open or click on a link or file in an email from someone you don’t know.
If you don’t know the person, don’t click their links. If you do, you may be asking for trouble. Period. End of story.
Never click on a link or file in an email from someone you do know, unless you are expecting something from them.
Sometimes scammers will spoof legitimate email addresses and identities from people you know and try to make it look like a legitimate email. If you aren’t expecting an invoice from Bob’s Bakery, even though you do business with them, don’t click on that invoice until you have verified that it truly is from them.
Email spammers will spoof their email addresses and create emails saying you owe money. This happened to IMAGINiT, a provide of software and training for design and engineering companies.
Make sure any security software you run on your computer is always up-to-date.
New viruses are released on a pretty steady basis into the wild. Security software is constantly updating to account for those viruses. Always make sure that your software is current and up-to-date.
If you don’t have security software, you may want to consider getting some, especially if you are on a Windows computer. That’s not to say that Mac computers can’t be affected, they can. But, generally the viruses are geared towards Windows machines because the creators of them know that there is a bigger “pool” of people to choose from by doing so.
The most important thing you can do is to always be on guard with any emails that come to you totally unsolicited, or from people you have never heard of.
This is especially if they want you to click on a link in the email, or if it has a file attached.
Why So Many Spam Emails?
Plain and simple – because spam works! The reason we continue to see these type of scams hitting our inboxes is because they actually do work well.
Many people simply don’t stop and think when they are culling through their email, and make stupid mistakes by not paying attention.
So, the scammers continue to send them. It’s the law of averages. Even if only one person out of 500 clicks on a link or downloads a file, the scammers have “scored.” Multiply that one by however many thousand emails they send out at a time and it can by “payday” for them.
There’s Simply Too Much Spam – Just Make It Stop!
Easy to say. Hard to do. The bottom line is, you can’t completely stop spam. Anyone can send you email. Period. At best you can set up processes to deal with it, so it becomes only an annoyance and not a chore. There are several ways you can tackle dealing with it, but nothing is going to be 100% effective.
Blocking email addresses.
While it may seem like an easy thing to do, going in and blocking a spammer’s email address can be a never-ending cycle. Most spammers change their email addresses often, so that means each time a new email comes in you have to manually block a new address. This can get tiresome.
Also, be aware that spammers can spoof, or fake, email addresses. So they can make an email look like it’s coming from a real friend or family member. If you ban their address, then you will not longer get real email from that person.
Set up spam filters.
Spam filters are helpful because they look at where the email comes from, as well as the technical details of the email. If it looks like spam, then the email is sent directly to your spam or junk mail folder and not your inbox.
But, one caveat with filters is you need to go into your spam or junk mail folder from time to time and browse the contents. Sometimes legitimate emails end up in there.
Some email programs also “train” the filters to work based on how you use them and over time they get better at detecting spam and legitimate email from each other.
Preventing Spam To Begin With
While there is no sure-fire way to stop spam, you can do some things to make your email address a bit less susceptible to being cultivated and put on a spam list. Understand, however, that eventually all email addresses are likely to end up on a spam list eventually.
All it takes is for someone who has your email address in their computer’s address book to click on a link, and then the malware goes into action scraping people in their address book or contacts list and adding them to a spam list somewhere.
But, some people seem to invite spam by not following some best practices to help you stay off these lists. The following examples are some of the various ways lists are cultivated.
Posting your email address publicly.
I can’t stress enough that you should never, ever put your actual email address on your website! It’s much better to use a contact form for clients and customers to interact with you. Public email addresses are routinely scraped by “bots” and harvested from web pages since the chances are they are active and real emails.
Responding to or acting on a spam email.
By simply replying to a bogus email you are letting the spammers know you are a real, live person, which just gives them more reason to send you more spam. Lots of it!
Even if they include an “unsubscribe” link, if it’s not a legitimate company that you know and do business with, chances are by clicking on that you won’t be unsubscribed at all. You have just told them your email address is a valid one and the spam may even get ramped up!
Giving your email address to just anyone or using it to sign up for lists.
Many people will have several email addresses. One they use for work, and one they use for personal emails. Smart people will also have a “throw-away” address or two for signing up to receive sales flyers and such, which is a smart idea.
Many companies also share lists with each other, and if you sign up to receive sales flyers from a company you like and want to do business with, you just may end up on another company’s list as well.
Not educating your friends and family about spam.
There is a reason why almost every email address will eventually end up on a spam list. I am sure you have that friend or family member who likes to forward jokes, photos and the like to a group of friends. Many times they send you and 100 other people an email, with the addresses on the “Cc:” (carbon copy) line.
By doing this they have just shared 100 emails with 100 different people, and every single one of them has access to your address now. So someone who didn’t previously have your email address now does. As these things keep circulating, the list of people on them gets longer and longer. Eventually that list will end up in the hands of spammers.
Educate your friends about making sure they send those type of things using “Bcc:” (blind carbon copy), so they aren’t sharing hundreds of emails addresses with people. Even better, you may want to ask them to remove you from such emails if you aren’t reading them anyway.
Or, simply share this article with them so they can learn about email best practices and combatting spam themselves.
Latest posts by Nora Kramer (see all)
- Why Backups Are An Important Part of Your Website Security Process - June 8, 2017
- The Art of Billboard Design and 7 Tips for More Effective Billboards - May 22, 2017
- 7 Tips to Build a Killer Email List - March 31, 2017