New Fathom IT - Blog #SpamNew Fathom IT - Blog #Spamhttps://www.newfathom.com/blogs/tag/spamFri, 10 Apr 2026 18:08:57 -0700http://zoho.com/sites/<![CDATA[What can happen when you click a link?]]>https://www.newfathom.com/blogs/post/what-can-happen-when-you-click-a-link

What are the things that can happen when you click a link in a malicious email?

Stage 1 (Just by clicking the link)

  1. Bad actor gets the indication that your email works
    1. Most links sent in an email will be unique to the email it's sent to. If you click the link the bad actor will know that your email address is up and working. Also, they'll know that you are the type of person that clicks links so they'll probably send you more spam!
  2. Bad actor gets your browser "fingerprint"
    1. Your browser session (and every browser session being used) has a footprint based on the information that's available from your session on that website. There are over 50 different data points that your browser gives to a web page just by visiting it. This information (although some is trivial) can disclose information about you and your company. So just clicking a link is giving bad actors 50 clues about you and your company. Here's a few of the things that can be part of your fingerprint: Public IP address, browser used, operating system (e.g. Windows, Mac), browser language, time zone, extensions, and much more! You can go to https://amiunique.org/fingerprint to see how unique your browser session is (the more unique the worse off you are, don't be snowflake!).
  3. Everything and anything
    1. It's also possible if your browser is not updated that bad guys could use a vulnerability in your browser to do lots more than just gather information. Here's a list of the vulnerabilities that Chrome has had: Reference. Some of these allow for someone to own your browser completely. But don't worry, Chrome does a great job of updating, but if you're using an outdated browser or turned off automatic updates you could be in trouble.
  4. Downloading a file
    1. Sometimes just clicking a link can begin the process of downloading a file onto your computer. Usually it will require you to open or run the file to do anything truly malicious, but just getting the file on your computer is a bad step!

Stage 2 (After you click the link)

  1. Web page asks you to enter login credentials
    1. This is call phishing or credential harvesting. These bad actors are trying to get your login information. Usually it's an attempt to get your business email login, but it could also be for other things like your Amazon account or bank account. See Brian Krebs great blog on the value of a compromised email account here: Reference.
  2. Web page installs a malicious extension
    1. If a malicious extension is added the bad actor will basically own your browser and be able to read information on web pages you visit including. Many times these extensions fall into "adware" where they will get paid to re-direct your website to a different web page or send you pop up notifications, but they could also be more malicious.
  3. You open or run a downloaded file
    1. This could be "game over" on your computer. Depending on the malware this could spring board to installing viruses on your system. Sometimes these files would be an office file with macros, or perhaps just an executable or a PDF that will exploit a vulnerability in Adobe or some other application.
    2. The reason bad actors may want to do this are many, see Brian Krebs blog on the value of a compromised PC: Reference.
Get Started Now
]]>Thu, 24 Aug 2023 09:44:02 -0700<![CDATA[Recognizing Malicious Emails]]>https://www.newfathom.com/blogs/post/recognizing-malicious-emails

How to Recognize and Avoid Malicious Emails

According to Britannica, 50% of email on the internet is spam. These emails range from selling Viagra knock-offs to trying to convince you to wire them money. Some of these emails are so obvious they need no introduction, but cyber-criminals are becoming more and more sophisticated. In this blog we're going to help you recognize a malicious email, respond appropriately, and recover if you've fallen for them. The last section is how to prevent these things happening in the first place.

Key Takeaways

  •   STOP! If you think an emails seems a little off, stop and investigate.
  • Check Links, Check the "From", Look for Grammar mistakes and misspelled words
  • Look out for urgency and manipulation. Aka, someone wants something fast or they have something you need.

Types, Detecting, and Responding

Business Email Compromise (BEC)

When someone takes over a legitimate email account and uses that account to send malicious emails, that's called Business Email Compromise. These emails are the hardest to stop and detect because they usually appear to be from someone you know and trust because they are, in fact, from their email account. These accounts get taken over when someone has gotten the login information for the compromised account, they've signed in, and are using that account for their own practices. 

Detecting BEC Emails

When you receive an email from a compromised account, it usually has a couple clear tell tale signs that it's a fake. Here's how to spot them:

  • There's almost always a link
  • The link almost always takes you to a page requesting login information
  • It seems off and non-typical
  • You didn't request it
  • Check for bad grammar and spelling errors. Many of these people use a translator app and English isn't their first language

Responding to BEC Emails

If you've gotten a BEC email, or one that you suspect is a BEC email, what should you do?

  1. Verify that it's not legitimate
    1. If you get an email from someone that just seems off, use out-of-band communication to contact them. Do NOT email them back and ask "Is this real?" or use the phone number on the signature. If their email is compromised then of course they will say "Of course it's legit," and the signature phone numbers are usually changed as well. 
      1. Call the phone number of the person if you have one on file, or call their company's main number
      2. Text them, fax them, or email someone else at their office. Use something other than that email address to contact the person. This is what we mean by "out-of-band" communication. 
    2. ​Examine links in the file. If it says it goes to a Word document, does the link go to OneDrive or SharePoint? Also, just because it does, doesn't mean you should go there, but that's a good way to tell if it's spam. 
      1. Here's a great site to see where a link actually goes: https://wheregoes.com/ 
  2. Find out who else in your company has also received the email and warn them, especially if it's really tricky. Warn your colleagues or contact your IT department about the scam. It just takes one person to give your company a really bad name. 
  3. Delete the email. Or if you're feeling like you want to have some fun, email the person back and see how long they'll talk with you. Maybe you can get them to wire you some money :-)

General Spam: Solicitations and Trickery

Sometimes the email isn't from someone you know, and they try to convince you to click a link, wire money, or the like anyway. Let's look at some types of these scams, why they happen, and how to respond. These are a different category because these usually are not legitimate accounts, but they appear legitimate. 

Types

Faking the "From"

A common trick out there is to change the "From" name of an email address. If your boss's name is Jane Smith and their email is jane@company.com, a spammer can change their name to be "Jane Smith" even though their email is jane@anotheremail.com. This is usually a good trick and most people don't pay attention to the whole email address. Here are the tell tale signs of these:

  • Check the actual email address
  • Eventually they will ask you to send gift cards or some strange financial request (think wiring money)
Blackmail and Heart Strings

There's really no limit to the ways scammers will try to blackmail you. My neighbor was scammed by a company she was trying to return something she'd purchased and they said they had to get on her computer and check her bank accounts to verify the purchase... well... that wasn't all they were doing. Here are some common ones:

  • I'm a destitute person in [name of third-world country] and I need help
  • I have your email and password and I have sensitive information about you i'm going to publish if you don't pay me
  • I have naughty pictures of you and I"ll release them if you don't pay me (sometimes this one is along with the one above)
  • We could run away together, I just need some money to come visit
Too Good to be True

This may come as a shock, but you probably aren't that lucky to win the lottery or that car, or whatever else they're selling. Don't fall for it and don't click the links!

Detecting

Besides the signs of scammers mentioned above, there are usually a lot of other signs you can look for too in scammers emails:

  • Poor use of the English language. English is usually not their native tongue and so an easy way to tell a scam is by how they handle the complex language:
    • Bad grammar
    • Bad spelling
    • Weird phrasing
  • ​Check for links. It's a good idea to check any link before you click on it. Does it actually go where it should? When it's asking for a login to Microsoft, are you actually on a Microsoft web page?

Recovering From Spam After You've Fallen for It

Sometimes we all make mistakes and sometimes we realize our mistake right after we make it. If you've fallen for a BEC scam here's what you do:

If you just replied to the email

  • Don't really need to do anything. You just sent them a message and engaged them. Just delete their future emails to you.

If you gave them your email and password

  • Reset your password immediately
  • Reset any other accounts that use that same password
  • Make sure your account isn't forwarding emails to an unknown email account. This is a common tactic if an email has been compromised, then they can map out your organization long-after you've changed your password
  • Make sure you don't have an auto-reply you don't recognize

If you've downloaded a program and run it

  • Disconnect your computer from any network connections (WiFi and/or Ethernet)
  • Reset your computer and start over or rollback your computer to a backup before you ran the program
  • If you downloaded a file but didn't open it. Delete the program/file and run a virus scan. You may still need to reset your computer, but you may also be fine.

If you did a remote session and they were on your computer

If you made it this far with someone, they're probably after your money and it's a simple scam to that extent. I would do the same thing as the program downloaded and run. 

An ounce of prevention is worth a pound of recovery

So, what if we just made some changes that stopped spammers in their tracks and made it much fore difficult to fall for these things in the first place? Here are some ideas that will help you be less impact if you fall for spam, and hopefully make you less likely to get it.

  • Use Multi-Factor Authentication for your email account
  • Disable Auto-Forwarding in your email account (You have to be an admin to do this, but it's a really good idea)
  • Deploy an advanced anti-virus on your computer. This advanced anti-virus should be doing active scanning of any downloads
  • Deploy a password manager for you and your team
  • Create alerts for emails that are "Faking the From" so people in your company can more easily recognize them
Get Started Now
]]>Thu, 01 Oct 2020 08:58:00 -0700