Dodgy emails

this type of malware laden email supposedly from a delivery firm has been common for some time - be very wary of attached zip, pdf and MS word files as all can hide such malware

Thanks for the advice, Frances.

I should also add that many similar such emails purport to be coming from friends and acquaintances, sometimes people from whom one has not heard for a long time. Usually the message just says "Greetings" to oneself, followed by a link. Presumably the miscreants have managed to get into my email addresses. My solution is always to right click "delete", and then do the same from the Delete file. One friend I contacted even said he knew he was being used in this way! But I do worry about getting caught out one day, not being as young and on top of things as once I was; and I worry especially on behalf of folks more elderly and vulnerable than myself. Hearing of the ever more cunning ways criminals are using the internet to part people from their earnings etc does not bode well for the future.

That seems to be the key.

If you've just ordered something online and there's a message from that company pretty soon after - okay. If you can't quite place what it is, mark it as spam and delete it without bothering to open the message at all.

I have four or five BT email accounts and had a message from BT a few days ago about just one of them saying that that account might have been one of those compromised in the recent yahoo attack and advising me to change the password. It's a dedicated a/c which is only used to send messages between my Macbook and iMac. The MacBook has very little information on it and no address book, so I didn't bother. Next day there was another email from BT repeating the first message and noting I hadn't yet changed my password . This time I accessed the account from the iMac and duly changed the p/w. But I had wondered whether that one was a phishing attack. However, I received another email acknowledging the change.

I did wonder why only that one a/c was notified as having possibly been compromised.

I've had a few emails in a similar vein (courier companies) when I have not ordered anything. As above - delete then delete. As, and if not more, worrying are the emails from people who you recognise, but are not expecting an email from. I am not a techie, but I understand these may derive from malware which can access an individual's address book on their PC. The two such emails I have received have purported to come from university undergraduate colleagues, one of whom I have not had any contact with since graduation. The URL (luckily reproduced in full, rather than hidden behind a hyperlink) which I was asked to click on looked very dodgy indeed.


OG

All of this is indeed very dodgy and one cannot be too careful. When receiving an email from a known sender, the first thing to do is check if the address from which the email purports to have come is the one that you have from the purportedly known sender and, if it isn't, send an email to them at their known address and suggest that their email account might have been hacked. Usually does the trick and usually works out just like that - i.e. said account has indeed been hacked.

As someone who once had his credit card account hacked and the bank realised this and closed it down and replaced the card account, I can report that the replacement one was also hacked even before I received the replacement card; as I wrote, one cannot be too careful and, in the worst case scenario, one might not be able to guarantee having protection against this kind of activity.

I also had just the one email from BT though I have three addresses. I had changed the other two passwords last year, so perhaps you've changed some passwords since 2014.

I had the very same email/delivery notice today. As I was expecting a delivery, I was nearly caught but the system at my ISP filters most spam mails and remove the attachment, as it did to this one and sends it to Junk Box. Even so I contacted their help desk asking to restore the attachment but they assured me that this was spam. In the meantime, I was reassured from another source that this was not the firm I should be expecting. So all was well but what a bother!!

I always delete the spam/junk folder as a matter of course. every few days without ever looking at it.

Every email is packaged with so-called "headers" that usually reveal the true source of the message. If I spot an email that looks suspicious (e.g. from a bank I don't deal with), I always look at the message headers before opening it. Usually the true sender is revealed as a strange email address unrelated to the sender name in the in-box. Often will come from an Eastern European domain (e.g. ".ru" is one that appears sometimes). In these cases I delete the email immediately. Sometimes these messages are not caught by Spam filters, and get through to the In-box.

To see the message headers, in Yahoo (for example) you can right-click on the message in the list, and select "View Raw message". In the latest Outlook, Microsoft (in its wisdom) has made it more difficult than it used to be, and you either have to add an option to the "Quick Access" toolbar (which I've just found out how to do!), or risk opening the message in a new window, (Double-click on the message) and then selecting "File", "Properties" . The headers are then revealed. The headers are full of technical stuff, which can be ignored, but if you just look for the "sender" information, it will probably help.

The dodgy invoices etc seem to arrive in flocks and then nothing is heard for months, I delete them from the Inbox and then from Deleted items (in Outlook),

Just because you receive a dodgy email allegedly coming from someone know to you does not necessarily mean that either your or their computer has been affected by malware. It is so easy to harvest anyones email address and then to insert it into a dodgy email.

I'm just sitting back and waiting for all those chickens coming home to roost in poorly secured IoT (Internet of Things) devices. They really are a disaster waiting to happen. I include Smart Meters in this category.

We just have the one device ( a Humax YouView PVR that lets us watch iPlayer and other channels back catalogues) but even then I am a little paranoid. To prevent any security flaw in the Humax device being exploited in such a way that the Humax can then be used as a mechanism ('attack vector") by the hackers to infect any of our computers I now have two network security zones set-up.

I have the normal router/modem that connects to my ADSL line. The LAN side of this router is my semi-secure zone and into which any IoT devices are connected. However, one of the Ethernet ports becomes a WAN connection to a second dedicated router and it is on the LAN side of this router where our computers are connected. So even if the Humax or IoT device gets infected, it cannot re-infect our computers.

More info here https://www.grc.com/nat/nats.htm

Oh dear, just when I thought that I'd grasped the basics......................

Presumably, the IOT that Anastasius is talking about would include music systems that update via a router, or that stream via a router ?

Unlike Gradus I dont think I have grasped even the basics.