It's all to often that we hear about being scammed on the internet especially when using Craigslist – the popular website for selling and buying almost anything on the internet. But it seems as though the majority of the website has become devoted to messages warning us of the potential for getting scammed. Recently, I received multiple such emails and one of them was quite believable. Because there is such a high possibility that we will end up dealing with email scams in the course of our internet use, this article is devoted to the analysis and steps necessary to determining whether or not you should even waste your time replying. We will start by analyzing the content of such emails and will end with pointing out just where to look in the email's header in order to determine the originating IP address and subsequent physical location of that IP address.
Off to the Sp3ll!ng B33
For the most part, the easiest way to tell whether or not an email is worth actually reading is by looking for some obvious details. These details include the email's formatting, spelling, grammatical usage, and punctuation. Figure 1 shows a portion of one of the emails I received.
Figure 1: The story
The text in figure 1 is peppered with errors of all kinds. Notice that some words are capitalized while others are not at the start of each sentence. Also notice that some of the words are not even the right word or word tense. If you attempt to read it all the way through, the text really doesn't make much sense and you have to ask yourself the question, why would someone be attempting to rent an apartment from another country without going through a broker or real estate agent.
Figure 2 lists the actual information that the “landlord” needs in order to determine our ability to rent the apartment. Yet while the information seems standard, most real estate agents don't ask the question “Are you Married?”
Figure 2: The information
Having looked at an email that resembles an obvious scam, let's now turn our attention to an email that is a little more believable.
Figure 3: A more believable approach
In figure 3 the first indicator is that it's written with better English in that there are not as many glaring errors. The scammer is also attempting to let the reader know why they didn't respond right away. Moving on, figure 4 shows what could be considered the core of the email.
Figure 4: A more believable story
Taking Steps To Protect Yourself
Dealing with just the email is not always a clear indication as to whether or not your dealing with a scam, simply because a well designed website is all you need to disguise a phishing attack. But that being the case, there is one piece of information that can be used to make a determination once and for all about what your dealing with, that's the originating IP address of the email. To figure this out, we have to dig deeper into the email and track it down through the email's header information.
Figure 5: Email header information
Received: from zap-server (***********@173.224.219.130 with login)
Figure 5 shows the originating IP address of the email and in order to find this we need to look for the very last IP address which tends to be closest to the bottom of the header information. To do so simply click on “Actions” and then “View Full Header” if you are using Yahoo! Mail or click the down arrow in the upper right hand corner of the email and then “Show original” if using Gmail. Now that we have obtained the originating IP address we can use a website to trace it back its physical location. There are many websites that can be used to do this but for demonstration purposes we have used ip-adress.com.
Figure 6 shows the end result of our trace as well as the originating destination of the IP address.
Figure 6: Tracing results
Looking at the output in figure 6 we see that the email originated from Western Africa and most likely Nigeria or the like. Knowing this information, we can now make better decisions as to whether or not we should supply our personal information or even bother replying to the email.
Conclusions
As is usually the case, the best way to prevent such attacks is to avoid giving out your personal details in the first place. It should also be noted that you are almost never asked for personal data through email. If you should be asked for personal information make sure to verify with the person who is asking for your information before filling out any web forms or submitting attached “rental applications.” And if it happens that the email looks plausible, take the time to track down it's originating IP address and check where the email actually came from. Following the analysis we went through as well as the steps to tracing the email's original location will help you avoid having your identity stollen and will add a layer of protection to your personal information.
No comments:
Post a Comment