My wife, Sian, turned right on a red light recently, without coming to a complete stop. In California this is equivalent to running a red light. The local police force were kind enough to send us several photographs to prove the point and even invited us to visit a Web page so that we could see the whole sorry incident on video. The cost for all this unwanted attention was a $400 fine and a day in driving school.

Sian duly went back to school (driving comedy school - which was not funny in the slightest), filled in the paperwork and mailed in my credit card details to pay the fine.

Yesterday she received the following e-mail:

Sorry, we were not able to deliver postal package you sent on October the 19th in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 6$ per day.
Your UPS
————————————————————————
Viruses found in the attached files.
The file UPS_INVOICE_9871.zip: Trojan horse Generic12.GVO. The attachment was moved to the Virus Vault.

You will probably see immediately that this is yet another lousy spam, but being slightly sensitized to the traffic situation and the fact that if her paperwork (which she sent be registered mail) did not arrive, the court paperwork had threatened all sorts of nasty retributions, Sian believed that it may have been her court paperwork that was undelivered. Had her AVG virus protection not done such a fine job in detecting the virus laden spam e-mail, she might have clicked on the attachment and her computer could have become a personal information dispensing liability, without her even knowing it.

Apart from the unhappy coincidence that this spam arrived soon after an important document had been mailed, I think part of the problem is that we have got rather good at dealing with Spam. On my server Spamassassin (equipped with Razor) does a sterling job at deleting Spam and the Thunderbird e-mail client, gets rid of most of the rest. Consequently it is easy to get a little complacent when a malicious spam does arrive.

The following are lessons from this incident:

• Install a virus checker that checks e-mails and make sure it is up to date
• Carefully examine the e-mail before clicking on any attachments (who’s it from? Does their e-mail make sense, i.e. if it says it is from the UPS then the sender should at least try to pretend that it is from UPS. Is it written by an illiterate? Look for clues - who says 6$ rather than $6? Why would the UPS “fine” you $6 per day for using their service?)
• Make sure that everyone who accesses your computer is familiar with ‘phishing’ schemes and malicious emails.
• Find out what measures your e-mail service provider is taking to get rid of spam.
• Don’t panic.

Filed under: E-mail by Martyn Whittaker