Email Scams, Tricks, Hacks, Cheats, and Tweaks That Everyone Should Know

If you get an email from yourself that you never wrote, it doesn’t mean you’ve sent yourself an email from another dimension. It most likely means you are a victim of email spoofing. Yes, it has your email address as the sender and it may look convincing, but unless you are suffering from a split personality disorder, someone else is using your address to either send spam or to perform some sort of phishing scam.

Now, you might think only a sophisticated hacker would be able to do such a thing. In fact, you can download programs that can make it look like you are sending an email from any address that you want. You can write your message, write in any ‘From’ address you want, and send your email. Voila! People think they are getting an email from someone they know. This is true spoofing. (Go ahead and try to spoof yourself. This way you can test your email provider’s spam filters.)

Hacking is a bit different. The person or bot has already gotten (hacked) into your email account and is using your address book to send messages. Any message they send from your account would get through most receiving servers since your address is valid. Sadly, this once happened to me while I was using my Gmail account. I suddenly started getting ‘undeliverable’ messages in my inbox. I knew what was going on and quickly tried to change my password, but the damage had been done. Luckily, the messages only sent spam. Unluckily, some of the people receiving the message with the subject line, ‘How are you?’ took it for a legitimate question and sent me an email in response. I, therefore, had to spend a good deal of time explaining that I had not sent the message and, in some cases, explain why I hadn’t contacted them for such a long time. And I thought I had a pretty good password.

The good news is that you can recover from hacking. The bad news is that there is little you can do about spoofing. A malicious person can continue spoofing your email address and continue sending whatever message they want to whoever they choose under your name. If they want to ruin your reputation, this is the way to do it. Fortunately, most of this kind of spoofing is used to send spam and nothing more.

Web beacons are not often considered as hacks, but they are somewhat intrusive. They are usually programs that are built into invisible pixels in an image. Often one pixel in size, they are used to gather information about you. These beacons are often sent to you in emails that contain images. They gather information about your browsing habits and, in this way, they serve as a marketing tool. They can let the marketer know if you’ve opened the email, your IP address, when and for how long you’ve looked at the email, what browser you’re using, and even look over any cookies you have from other trackers to gain more information on your browsing habits so as to target you for specific ads.

Google Gmail decided it didn’t like the idea of other marketers using its site to make money, so it now opens images on its own servers. The only information marketers will get from their beacons is the IP of the Google servers. Some email services will ask you if you want an email image to be opened. This means that the email site has detected a beacon but will allow you to open the image if you really want. These beacons not only exist in emails. They are a common part of browsing and many pages have these to get information for advertisers. You can block some of these by turning off cookies (though it may hamper the performance of some sites) or you can add a program like Ghostery to your browser. I decided to give this a try and, indeed, it does let you know who is tracking you on each page you visit as well as giving you the option of blocking them or not. It is, however, not liked by some pages and some browsers and could slow down your browsing. I often get a message from Microsoft that if I want to speed up my browsing I should disable this add-on.

But can these beacons be more than just a nuisance? The simple answer is, yes. It is possible for some cookies, accessed by beacons, to contain enough information to serve as a hacking platform and allow an attacker to gain administrative rights on a network. Spammers can use beacons to ramp up their spamming assaults. Perhaps most threatening though, is that hackers could gain enough information through beacons and cookies to construct a more targeted spear phishing attack.

Some email tracking programs can be used as a form of stalking. There are a number of these that will tell the sender when the receiver opens an email. The social network, Line, has this feature for its messaging service. When I spoke to users about this, they felt that it had its drawbacks. They found they would get angry at someone who received their message and either didn’t immediately open it or opened it and did not respond within sufficient time. If you want to see if someone is using a program to keep track of you, check here for some possible actions you can take. If you think someone else may be using your Gmail account, go to your main Gmail page, go to the bottom right-hand corner, and click “Details” under the words “Last account activity”. This will show you the IP addresses of those who have accessed your account.

There are a few more things you should be aware of when it comes to email. Don’t always unsubscribe to some newsletters you are being sent. This may be a signal to spammers that you have, indeed, been reading their spam. In this case, you will get even more spam. Don’t be so quick on the send button. Almost everyone has sent something before they meant to. One way around this is putting in the senders address last, but this won’t work if you are replying to a previous message. In this case, you can use Gmail’s settings (Lab) to enable an “Undo Send” button. This will appear after you push send and right beside the notification, “Your message has been sent”. In other words, it gives you a few seconds to change your mind and stop your email from being sent. Another Gmail feature I have used on numerous occasions is one that reminds me that I have forgotten to actually attach something to my email. If you write such words as “have attached” or “I’ve attached” in the email and did not include an attachment, Gmail will send you a message saying, “Did you mean to attach files?” Just remember to mention the attachment in the body of your letter to get this to work.

Another problem you may encounter is keeping messages you have sent private. After all, after someone  receives your message, that message is totally in their hands. There is also the chance that someone may be spying on your email through some sort of man-in-the-middle attack. Your employer could be reading your emails at work. How do you know? In either case, if the message contains incriminating information,  you could end up in big trouble. One way to get around this is to send a self-destructing message. The recipient is sent a link to a message that self destructs after it is read. A number of sites, such as this one, will do this for you. There are other programs that will let you control all sorts of files, such as photos and videos after they have been sent and received. Unfortunately, it doesn’t take much imagination to see how hackers could use these programs to get into someone’s device or computer, but I won’t help them by detailing such an exploit here.

Spammers may be a nuisance, but you have to keep in mind that many spammers consider what they do as email marketing. As such, they do whatever they can to avoid automated spam filters. There are even companies that will help them get into your inbox. The fact is that there is a thin line between spam, marketing emails, or mass mailings. After all, if many members of a staff receive the same newsletter from a legitimate professional organization, it may bear all the earmarks of spam and, yet, be legitimate. Mass mailing does not necessarily mean spamming and, you guessed it, there are other companies that will help ‘mass mailing marketers’. These companies may state that they do not want their software used by spammers, but…

The bottom line is that there are numerous ways your email can be used against you. Hopefully, the tips given here will give you a little more control over what happens in your email inbox.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s