ExSp33db1rd

Missing an e-mail that may have got sent to a Gmail address of mine, looked in Gmail Spam and there is a message from "Google" ??? that says I have 4 damaged e-mails, and inviting me to "Open the e-mails".

I'm suspicious and reluctant to. Am I being paranoid ?

Capetonian

They are 'phishing' emails. Many variants around, also using LinkedIn, Faecesbook, etc. Referring to lost/damaged/recovered/new messages.

For example :

India Four Two

ExSp33db1rd,

With these kind of suspicious emails, the key is to check the From and/or the Reply To addresses. How you do that depends on which email program you are using.

Bonafide emails from Google will always be from the google.com or gmail.com domains. Fake emails may include the words google or gmail in the address, but the domain will be different. Often, as capetonian posted above, the link in the email is to a completely different domain.

crewmeal

Moral of the story - never open anything suspicious. Check the sender's address and if it looks sus then it probably is. 'HSBC' are spamming atm claiming I've done too many login attempts. 'Click here to reset your password' Considering I don't have an HSBC account.........

mixture

Erm, I get the impression from your paragraph that you don't fully understand the implications of what you're saying.

For the absolute avoidance of doubt and clarification, simply looking at email addresses or domain names IS NOT the way to tell if an email is kosher.

"From" addresses can be forged .... incredibly easily, and with no special software, coding or "hacking" required.

So as far as "from" addresses go, to paraphrase Mr Starr's song .... "FROM! What is it good for? Absolutely nothin'!"

In order to correctly evaluate the authenticity of an email, the ONLY way to look at the email source and go through the full raw email headers.

And finally, as has already been mentioned, even if the email looks Kosher based on raw headers, but contains an unexpected attachment, or a link to a security-sensitive function ... you should be weary and get in touch with the sender before proceeding further.

jimjim1

Yup.

The analogy I like is - It is just like putting the "wrong" return address on the back of an envelope. Anyone can do it.

Rasthem

I am not familiar with the various computer e-mail programs. However, from my own experience (reading e-mails with thunderbird) many of this type of 'phishing' e-mail contains Hyperlinks. If I hover my cursor over these links details appear in the bottom left of my screen telling me the address of the link connection. This is usually a complicated address which I do not recognise. I then conclude that the e-mail is phishing and discard it.

Ancient Observer

I use the simplest solution. I delete them all, and only ever click on expected attachments from known senders. Even some mail from the known senders is deleted.

As a friend of mine says, "If it is important, they can always call you". The UK to NZ call charge from the discounters is only 1p/min.

localflighteast

they are scams for certain. I get them every so often.

first clue is that they end up in the spam filter, why would google filetr its own emails?

second clue is when I look at them in the spam filter google warns me "we couldn't verify that this email was sent by <random domain>", so not sent by google then.

I can see how people could be fooled though

Keef

In Gmail, you can look at the message body in its "original" form, and see the trail of where it came from. Sometimes, curiosity leads me to do that. Gmail's spam and phishing filters look to be pretty good.

The simple rule is that your bank will not e-mail you a form to fill in, and certainly won't ask for passwords etc in one.

As others have said, any e-mail you weren't expecting, with an attachment, needs caution. Most competent anti-virus software catches them anyway.

mixture

Google bought Postini a few years back, so you would expect their spam and phishing to be somewhat comparable to some of Postini's competitors.

mixture

Most banks (and other financial sector companies) will hardly email you anything more than a generic invitation to login to their website to see whatever they have to say to you.

The risk of interception and falling foul of the regulator and data protection means they hardly send anything more than a generic message about anything these days.

Which is a good thing in my opinion.

Capetonian

Genuine email from the bank :
They will never ask you to click on a link in an email. Also the scams usually say :
Dear Customer
or
Hello
added too witch the apaling english and Spelling is usually a bit of a clew!

Mac the Knife

""From" addresses can be forged .... incredibly easily, and with no special software, coding or "hacking" required."

"In order to correctly evaluate the authenticity of an email, the ONLY way to look at the email source and go through the full raw email headers."

Correct. If it is spam or malware there will be a clue in there somewhere.

Mac

And I find Mailwasher - MailWasher Pro - Superior anti spam filter software | Firetrust - invaluable for deleting crap on the mailserver before it hits your computer.

(Mix - please don't let us start that argument again - please)

Rwy in Sight

Did anyone had to change their Gmail password over the weekend? I tried to log on several times on Friday night- Saturday morning and I got an answer of wrong password. I had to change it, but then on Sunday I inserted the previous one as a test, and I was told it was the correct but old one.

Anyone with similar experience?

Rwy in sight

mixture

I assume its the one where I tell you by the time its reached your Inbox, you're wasting your time with anti-spam ?

Fair enough, I'll watch you suffer in silence, but I feel to compelled to point out to others that if they are facing anti-spam issues, then that's something they should point out to their mail provider (or change mail providers) because filtering is best done upstream.

By the time it reaches your Inbox its too late, the goal is to exterminate it before it uses disk space (server or your desktop) and before you have to waste bandwidth and processing cycles trying your own software.

That is all.

Booglebox

I use Exchange server-side spam filtering. Feels like it's local but works all the time on the server, it's very good

Mac the Knife

(Mix - please don't let us start that argument again - please)

I assume its the one where I tell you by the time its reached your Inbox, you're wasting your time with anti-spam ?

No, it's the one where I check the mail-headers on the server before downloading the messages and delete trash directly on the server, long before its reached my Inbox.

But I could never get you to understand that then and don't expect you to understand it now,

Mac

mixture

Which is exactly what I was always telling you. By the time its reached your Inbox (and that includes your Inbox on the server), then you're wasting processing cycles on stuff that really should have been done upstream !

The whole point is the magic should happen upstream. The only stuff that should ever be stored to the server disks is stuff you want.

If crap is being stored to disk on the server, then your email providers spam filtering aint' right. Simple as.

Same to you & happy new year.

jimjim1

mixture mentioned:
Back to 1983. Again? :-)

Last time I looked, above mentioned resources were ludicrously cheap except for bandwidth which possibly is only cheap. For most home users these are irrelevant. Convenience trumps all.

Corporates may be significantly different, not sure, not been there for a bit. The difference is that corporates tend to have mirrored drives, sophisticated backups, redundant power and all that good stuff which puts up the cost of the resources substantially.

Anyway, I use free email, their spam filtering is good enough for me, so I don't care about any of that:-)