Cyber Security Awareness Month – Spam Reminders

Happy Cyber Security Awareness Month! Since I work daily in cybersecurity, I figured I would try to post a couple reminders this month for my 10 readers.

First, can we please all agree whether it should be cybersecurity (one word) or cyber security (two words) instead of the wild west like it is now? People just throwing whatever spelling they want out there. WTF?! I don’t know which I prefer though, if I’m honest. I tend not to think about it and then just spell it however my fingers end up typing it. /shrug

OK, today I want to share an obvious spam message that I received to highlight a couple obvious red flags. Here’s the email I’ll discuss:

I use Gmail which has been kind enough to flag this as a spam message, so that was my first tip. However, if a message like this gets through, there are a couple other issues.

Always check the “from” address. In this instance it’s supposedly an email from Microsoft Support. But the email address is a account (free account) and sent via a third-party relay “”. Corporations should never send things from a free email address, or have a janky email address like “microsoft_support4848”. In fact, most of the time they use a “do not reply” email address to send from.

Ridiculous “from” address

Be aware that the subject message, “IP address blacklisted (Child Pornography Act 1996 violated)”, is designed to illicit fear so that you’re more likely to click any links or download any attachments. Also, it’s the “Child Pornography Prevention Act of 1996″ … minor, but something that would have been vetted by a legitimate corporation when talking about legal issues.

Incorrect legal Act referenced

In this instance too, they mention that child pornography was accessed from my IP address, but they don’t list my IP address in the body of the email. If this were a legitimate concern, and legal measures were likely to be taken, they would likely provide evidence or list the IP address.

Side note: if there were an access violation from my IP address, a notification would probably come from my Internet Service Provider (Verizon, Cox, Xfinity, etc.) rather than the company that created an operating system like Windows (which I may or may not even be using).

The last two tell-tale signs this is spam happen on almost every spam email. 1) Not using a toll-free number and 2) poor English. The number in this case is an 808 number, the Hawaii area code. It looks like it could be an 800 number, but it’s not.

And, while this email has decent English, there are enough little peculiarities that make you realize it’s not the spammer’s first language. For instance, lowercase “m” in Microsoft, poorly constructed mailing address, lowercase “id” instead of “ID” or “Identification”, “offence” instead of “offense” (British vs. American English spelling … for an American company that doesn’t make sense), etc. Again, these are minor things, but things you should pay attention to.

Remember, legitimate emails from legitimate companies almost never include links anymore. But if they do, NEVER click them. Just open a web browser and navigate to their website to log in to your account. Most of the time the official communication will be waiting in your inbox there, where you know it’s safe.