Tag Archives: e-mail

eCards linking to dangerous executable files…

In a previous post I mentioned that phishing and spoofing were still very much in the mainstream. There are many tricks that scammers use in order to convince the unsuspecting Internet user to part with their financial details. One such trick is to send fake e-mails inviting users to click on an “eCard”. In reality, clicking on the eCard link typically links to file that can be run on the victim’s computer – even though today’s modern browsers offer many levels of warning, users frequently click on yes or OK when asked “are you really sure?”

Most eCards are trojan horses – they lay in wait watching for useful information such as credit card details, passwords, etc. to be typed into reputable web-sites. They then capture that information and, more often than not, attempt to transmit it to a central source that is capable of making the most of stolen credit card information.

Here’s an example:

As noted in my previous posting, it’s always worth verifying the destination of any links found in e-mails (there are some good comments on that post, with tips worth heeding). However, link aside, the text of the e-mail has a few other clues that suggest it might not be authentic. Look for problems with grammar, spelling mistakes, incorrect spacing, etc. I’ve highlighted a couple in the e-mail above. Also look out for “odd” e-mail addresses that are out of character, e.g. Hallmark would never use a personal e-mail address (other card vendors are available!)

If you are feeling even more adventurous, you could take a look at the message itself. In Microsoft Outlook if you right click on an e-mail in the Inbox view, choose Message Options and you’ll see something similar to the text below:

Return-path:
Envelope-to: your.name@yourdomain.com
Delivery-date: Mon, 13 Oct 2008 15:30:19 +0100
Received: from dynamic-123-123.natpool.uc.edu ([123.137.123.123])
by pc1.yourmailhost.com with esmtp (Exim 4.69)
(envelope-from )
id 1KpOR9-0007BM-6h
for your.name@yourdomain.com; Mon, 13 Oct 2008 15:30:19 +0100
Message-ID: <09622.bamber@nolan>
Date: Mon, 13 Oct 2008 12:42:56 +0000
From: “123greetings.com”
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: “friend”
Subject: You have received an eCard
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=4.7
X-Spam-Score: 47
X-Spam-Bar: ++++
X-Spam-Flag: NO

A few things can be gleamed from the e-mail headers. Most reputable eCard web-sites wouldn’t use a client-side e-mail tool such as Thunderbird. Nor would they purport to be “123greetings.com” but actually be a personal e-mail address of a.bbbb@acccgggs.com. Similarly, “friend” isn’t something mainstream vendors would use. A closer inspection reveals that this e-mail appears to have made use of a .edu domain, i.e. an educational establishment may have been used in the transport of this particular e-mail. Indeed, it is this .edu domain that demonstrates the true nature of trojan horses – they don’t always steal your financial details, they sometimes enable your computer such that it can act as e-mail hubs whereby further propagation of the the same or similar eCard e-mail takes place. In other words your computer could be used to send out eCard e-mails.

Incidentally, this particular eCard hit my spam filter before I even saw it. However, whilst my e-mail host has good spam filtering, coupled with my local spam filter (MailWasher Pro), it doesn’t mean other e-mail hosts are doing the same, it’s still possible that an eCard could make it into your inbox.

Again, regular readers will be sucking eggs after reading this post, however these e-mails are still doing the rounds. I always find it handy having these real world examples handy as demonstrations when I’m explaining the less than salubrious side of the Internet to newcomers.

Technorati Tags: , , , , ,

GTD Action/Deferred/WaitingFor/Someday folders in Microsoft Outlook – Show Item Count

Following on from my previous posts about using Microsoft Outlook for GTD (here and here), I’d like to mention a further tweak that we can make to Microsoft Outlook’s folder view control. Most of us probably have Microsoft Outlook display the number of unread items in each folder. However, for the GTD folders that I mentioned earlier, it’s likely that you will have read the items before they are filed in the GTD Action, Defer, Waiting For or Someday Maybe folders.

For these folders, I prefer to see the total number of items regardless of whether they have been read or not. Like a lot of things in Microsoft Outlook, the folder list is configurable. Right-clicking on a folder, then choosing Properties will allow us to configure the “total” that appears after the folder name.

This is a simple little tip, but one that might be of use to you if are are “rolling your own GTD” implementation.

Other posts
GTD Action/Deferred/WaitingFor/Someday folders in Microsoft Outlook – Show Item Count
Making e-mail simpler and easier to handle: using Microsoft Outlook rules
Elementary GTD using Microsoft Outlook “move to folder”

Technorati Tags: , , , , , , ,

PM#3 – Use e-mail properly

E-mail can be a hinderance for three reasons:

  1. Unless you are very strict, most folks find themselves checking e-mail more than three times per day. This is especially true if your e-mail application has a notification facility whereby you see and/or hear new e-mail arriving. It’s very difficult to resist the urge to go and read new e-mail. Worse, in open plan environments, it’s possible to hear other peoples’ new e-mail arriving.
  2. E-mail, as an application, has history, it has etiquette, it has a modus operandi. Very few people, in my humble opinion know how to make good use of e-mail. This is especially true for “newcomers”, i.e. those folks who have joined the e-mail bandwagon late and don’t realise that there are written and unwritten rules that should be understood (notice I don’t say ahered to, rules can be broken if the timing is right, but that’s another posting!)
  3. E-mail has no real means of helping us manage our to-do list, it doesn’t help us manage those e-mails that require us to respond to, nor does it help us manage those e-mail for which we are awaiting a response. As project managers, we find ourselves dealing with collections of issues, requests for information, decisions, etc. How do we solicit such data? We use e-mail. How do we track who has responded and who hasn’t? Suddenly it becomes very difficult.

One of the e-mail rules that I like to adhere to however, is one that is all too often broken by others. If you find yourself in the CC section of an e-mail, i.e. not in the TO section, this typically means that the e-mail, for you, becomes a FYI…for your information. Your response, unless solicited directly in the e-mail, is not required. Should you choose to offer a response, you should apologise for interjecting from a CC.

Managing by e-mail is also rather difficult. I know some folks work on a “zero in-box” policy whereby e-mails are converted to tasks (we’re talking about Outlook here) and thus you have a prioritised list of things to do. This works, however I think the problem of information management, and e-mail falls into this category, is a much more difficult arena, and one that is not served by a killer application. Of course, managing all this properly brings with it the need to classify, attribute, associate, infer, etc. links between items, prioritise items, and so on. Whilst work is being performed in this area, all we can do today is learn to use e-mail properly.

Don’t let e-mail rule your life – you don’t need to check your e-mail more than three times per day (if somebody tells you that they have just sent you an e-mail that requires your attention, you may of course check your e-mail in between times!)

Do try to keep your immediate in-box cleared down to a reasonable size, I prefer to have less than 20 items “in my face” when my e-mail client(s) start up. Use folders and colour-coding (if available) to help you sort’n’prioritise – not to the point that it overcomes point 3 above. Generally speaking, I’ve noticed that I have very few e-mails whose lifespan is more than 7-10 days – as such, I have a folder “older than 10 days” which can be used as a manual dumping ground, or automated via a rule. Your threshold may vary, but try it, you may be surprised.

You don’t need to keep all trivial e-mails, move them to a “trivial” folder, or better still, delete them.

I will often include myself in the CC list of an e-mail. This allows me to clear out my sent items folder fairly frequently. If your e-mail client offers you “sent item”-specific features, such as delivery/open tracking, this might not be an option for you (but only if such tracking is required).

In this series:
PM#11 – Management By Shouting Loudest (MSBL)
PM#10 – The truth is best…admit it…
PM#9 – Avoid duplication of effort
PM#8 – Multi-tasking is evil
PM#7 – High workload means lower productivity…
PM#6 – You were right and I was wrong
PM#5 – Whose schedule is it anyway?
PM#4 – Start it…finish it
PM#3 – Use e-mail properly
PM#2 – Focus on the project
PM#1 – decision making