We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

'Spam Spotter Rules: It’s the bit before the .com that counts' blog discussion

Options
13

Comments

  • I recently clicked on my bank from my bookmarks list. It looked perfect until I was logging in and was asked for my full PIN and password. This on the same page that said we will never ask for your full PIN or password! I called the bank's fraud line and they recommended I take my PC to an expert for cleaning. It turned out I had several trojans and assorted malware that took quite some clearing, in spite of having plenty of protection. My online banking was suspended and it was nearly 2 weeks before I was confident I was clean. I don't follow suss links or go to dodgy sites so I've no idea how I got infected. There was no damage to my bank account or anything else but it was very inconvenient. Now I always type the URL to go to my regular sites, as the bank advised. No more bookmarks.
  • OK
    Repeat after me:
    1. Never click on email links
    2. If you expect the mail then follow point 1, rather cut and paste as someone suggested
    3. Never open or click on attachments
    4. If you receive an attachment EVEN from family follow point 3
    5. If you NEED to open or get the attachment then DO save it first to your PC and scan it with anti virus software.
    6. Never open mail from un known origins, the moment you open it you might be hosed, There are exploits that will hose your PC just by looking at a Web page, and most email clients make use of web technology.
    7. Be careful to "un-subscribe" from mail lists that you did not subscribe to. This could be a method of making sure the mail address THEY spam to does exist!

    And so on...
    IT is for every one not just those that can see, know how or have a lot of money...
  • Eco_Miser
    Eco_Miser Posts: 4,853 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    7. Be careful to "un-subscribe" from mail lists that you did not subscribe to. This could be a method of making sure the mail address THEY spam to does exist!
    And so on...
    I think you meant
    7. Be careful not to "un-subscribe" from mail lists that you did not subscribe to.
    Following the unsubscribe link is as bad as clciking on any of the other links in a dodgy email.

    If you're not sure whether it's a genuine email or not, use the View Message Source (Ctrl-U in Thunderbird) to see the hidden codes. This is safe to do (if you do it right), as the display is plain text with no clickable links or autorunning code - you will see the code or the fake links if they're present, but they can't be activated from that window.
    Eco Miser
    Saving money for well over half a century
  • mroakley wrote: »
    Just in the last couple of weeks I've been getting lots of these spoof emails - Halifax; Abbey; Tax Office; etc. I'm also getting loads from "pharmaceutcal suppliers", offering everything from Viagra to antidepressants, which look very dodgy. Should I be worried that I'm apparently, all of a sudden, being targetted? I haven't clicked on the links they send and so far, if my PC Tools anti-virus is correct, I haven't picked up any viruses. But I'm still worried - especially now I've read all this information here. I generally use the same password for everything - online banking; bingo; job sites; you name it. Should I change my password(s)? I can't even remember half the sites I'm signed up to. Jeez, I can feel a panic attack coming on!
    Can anyone give some additional, very basic advice here (keeping in mind I'm relatively new and green to the internet) on what I should do to tighten up my security?
    Many thanks
    M
    There is a very useful piece of software called "roboform" that allows you to save multiple different passwords and logon IDs. There is a free trial version for up to 10 passwords, or you can pay for a more complete version. As part of my work I deal with several Govt departments who insist on passwords that include upper case, lower case, numeric and character symbols.. and cannot be changed by the user. This avoids having to write passwords down on paper and keep in your office drawer.
  • Let's get some facts down first:
    1. A URL (Uniform Resource Locator) is made by an indication of the protocol used (e.g. http for the web), a separator (:) and an address (e.g. forums(dot)moneysavingexpert(dot)com);
    2. Every URL must be read right-to-left, e.g. http(colon)(dash)(dash)forums(dot)moneysavingexpert(dot)com is in the com TLD, belongs to the moneysavingexpert domain, is the forums host, and you are connecting to it via http;
    3. An address is made by a host name (forums), a domain name (moneysavingexpert) and a TLD (Top Level Domain, e.g. com);
    4. A TLD can be geographic (uk, de, it) or not (com, org, net);
    5. In a special case for us and other countries, our TLD is composite, where our geographic TLD (uk) is preceded by an indication of the category of the domain (co for companies, org for other organizations, gov for Government sites and so on). That would result in a four-part address like www(dot)hmrc(dot)gov(dot)uk;
    6. Don't get fooled by some strange looking addresses like www(dot)oddsite(dot)uk(dot)com, the uk bit must be at the end; that address is on the uk(dot)com domain name, and not an UK based site: the com TLD is from the USA.
    Now that you know how a URL is made, it will hep you to spot if a site is what it purports to be, or is a phoney one. Just follow some rules:
    1. NEVER click on a link in an email;
    2. If you were not expecting that email, see point 1;
    3. If you are a customer of the sending company, see point 1;
    4. In any other case, see point 1. ;)
    And remember to keep your PC up-to-date: updates to your operating system and office suite, but also to all of your applications (especially Adobe Flash and Reader).
    If you are using Windows or MacOS, an antivirus is compulsory.
    I'd recommend the free version of Avast!, but other free options are available (e.g. Microsoft Security Essentials).
    To keep your system in shape, give MalwareByte's Anti Malvare (Google MBAM) a spin. It's free and quite effective in eradicating many nasties from your patch.
    And if you have the slightest suspicion, seek expert advice.
    :cool: Keep your cool
  • Another good Firefox add-on is Flagfox. Sticks a country flag at the end of the URL bar and mouse over gives domain, IP and Country.

    So if the link you clicked on is supposed to be your UK bank - and it comes up with a Chinese flag...............
  • The bbc -itv link is spooky!
    I always read the address properly re what before the . com bit, but didnt realise it could be a complete 'mislead'. Thanks:)
    BSC 343 - AD March 2012

    :smileyhea Take just one day at a time, you never know what tomorrow will bring....Be Happy! :wave:
  • Another tip

    make sure your email provider offers a spam blocking filter on your email address and if it doesn't switch to another that does. You don't have to use the email provided by your broadband supplier.

    I also have built my own custom start-up home page, which is saved to my hard drive. On it is links to sites i regularly visit. think of it as a custom bookmarks/favourites folder but its on your own homepage. No chance of a dodgy site adding a fictious address into my bookmarks, and as i created the links i know they are correct.

    Mines built by hand, but there are plenty of tools to build simple html pages or if you must, use Word, add links to a new document and save it as web page filtered. Point your browser to the file and set it as your home page
  • wiganshale
    wiganshale Posts: 28 Forumite
    Part of the Furniture Combo Breaker
    edited 17 February 2011 at 5:42PM
    albinohawk wrote: »
    Thought I would share my spam strategy.

    I tend to treat all mail with suspicion (guilty until proven innocent), operating on the principle that until verified its a stranger telling you to do something. Obviously there are different ways of verifying - friends talking about things you know, emails requested from forum. Anything with links to finance stuff sets off alarm bells in my head.

    I also have 3 levels of email addresses. One with my handle for anyone and anything such as forum sign ups etc. A more businesslike one for shopping and banks etc, and a personal one just for friends. It keeps my personal one pretty clear and I know i can trust those emails a little more.

    Finally I use Thunderbird which has a great bayesian spam filter in it and makes it very easy to tag spam. I also have an extension that moves tagged spam into a Spam folder and adds a delete all spam button. That means I only have to run my eye down a list of say 10 potential spam emails before more often than not hitting delete all.

    Hope that helps
    I'd like to add my own strategies:
    I use a hotmail account for all sites that ask for such. That way all spam tends to go to there only and hotmail has various features that make it easier to identify and deal with spams.
    I open up a second browser window to google the site name coupled with key words such as "complaint", " spam" &"scam".
    Last, I use google-maps to check out any addresses given. I zoomed in on one and got a picture of a shop offering accommodation address facilities.
  • Eco_Miser
    Eco_Miser Posts: 4,853 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    edited 21 February 2011 at 3:41PM
    dralphs wrote: »
    make sure your email provider offers a spam blocking filter on your email address and if it doesn't switch to another that does. You don't have to use the email provided by your broadband supplier.
    I moved the other way. Before my ISP did spam blocking, and after, when it was optional, I used my own filters, on a program called Magic Mail Monitor, which deleted spam direct from the server, according to my rules, or flagged it as probable spam for me to check and delete or not, according to my rules. So I never saw most of the spam/malware, and dealt quickly with the rest.
    Now my ISP has outsourced to Google, which dumps emails from my banks and even my ISP in the spam folder, so I have to keep checking it, and scan all the spam, through their horrible webmail interface. In all, a much worse experience, and the possibility of losing important notifications. So I've switched the important stuff to a 'vanity' domain of my own.
    dralphs wrote: »
    I also have built my own custom start-up home page, which is saved to my hard drive. On it is links to sites i regularly visit. think of it as a custom bookmarks/favourites folder but its on your own homepage. No chance of a dodgy site adding a fictious address into my bookmarks, and as i created the links i know they are correct.
    I did that many years ago, and now have several sub pages to keep things organised.
    As a further precaution, the page with links to my banks and utility companies is stored on an SD card, along with my budget spreadsheet and other important personal data, reducing the chance of interference by malware even further.
    Eco Miser
    Saving money for well over half a century
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.