Do not click on links in email messages!

Do not click on links in email messages unless you are 100% certain they lead somewhere you want to go.

We are being assaulted by a torrent of phony email messages from criminals. The messages look legitimate. The links lead to fake websites that will try to steal your password or credit card number.

Always hover over a link in an email message before you click on it. Do not click unless it is obviously a legitimate link.

When you hover over a link, a popup will show you where it leads. Don’t click if the link doesn’t match the company that is supposed to have sent the message.

If you get a malware message and you don’t click on a link, it hasn’t hurt your computer. Delete it.

Spam message 2017 - Docusign

Today – just today! – I got a dozen messages that appeared to be from Netflix, Docusign, FedEx, Microsoft, Office 365, and more. All of them were designed to look like real messages from those companies. All of them were from criminals.

We’re under attack. I have been contacted by more clients about fake messages in the last three weeks than in the rest of 2017. This is apparently the latest game for the bad guys. Maybe some new email servers went online for bad guys and they’re celebrating.

The latest malware messages are all subtle and understated. The bad guys know that we are in a hurry when we read our mail. We’re more likely to click on links that don’t call attention to themselves and look like routine tech maintenance.

There are two giveaways.

Spam 2017 - sample malware message

The sender of the messages is almost always a random name that has nothing to do with the company supposedly sending the message. In the above message supposedly from “Docusign,” the bad guys at least made an effort to fool you – it looks like it’s from but the name is spelled with alternate characters and umlauts, which a computer reads as something different than the real thing. But the next identification of the sender, in brackets, obviously has nothing to do with Docusign. (Nobody’s mail was hacked and the email address shown as the sender has nothing to do with the scam. The bad guys are picking random names as the “senders.”)


Hovering over the link shows that it does not lead to anything like Docusign. That’s the real giveaway. Always hover over a link before you click!

Here’s an example of a message that appears to be from Netflix.

Spam 2017 - Netflix

If you got this message and clicked on the link, you would be taken to a website that looks like the real Netflix site with a real-looking login window.

Spam 2017 - Netflix landing page

If you sign in, the bad guys have your Netflix password. They’ll test it with banks and other online services to see if you used the same password. Then they’ll take you to a page to “update your payment information.” If you’re not paying attention, you will voluntarily give your credit card information to criminals.

Here are more examples from today’s mail. In each case, there is a link that leads to a phony website.

Spam 2017 - sample malware message

Spam 2017 - sample malware message

Spam 2017 - sample malware message

Spam 2017 - sample malware message

Spam 2017 - sample malware message

Here’s one about “cluster email,” a meaningless phrase that sounds vaguely computerey. The message has a PDF attached. The PDF is harmless by itself, but it has links in it to “manually clear your cluster levels.” You guessed it – all the links lead to poisoned websites.

Spam 2017 - sample malware message

It doesn’t matter what a message says. Don’t click on links unless you are 100% certain they lead somewhere you want to go.

Read the Rules for Computer and Online Safety. Be careful out there!

Share This