Most of us were taught that most people are good and only a few are bad. This truism has carried over to computers where it is not applicable, especially in the case of email. It isn’t that there are more bad computer users than good ones though. Here’s how it works. If you have 100 good people who each say one word, and 1 bad person who says 10,000 words, then the number of words your hear from bad people is 1000 times what you hear from good people.
People tend to trust email, but in fact the amount of email being sent from bad people is probably 4 times as much as is being sent by good people. When you get a message in your inbox you really have to assume it is from someone who wants to harm you. If you take this approach then perhaps you won’t be so curious about those emails coming from the Storm worm gang.
In recent times the gang has send a ton of fake eCards. These were almost always easy to spot because they never gave the name of a person you know as having sent them. Now the tactic they are using is fake registrations. Emails claiming to be for clubs and organizations with login information have links to malicious software.
If we in the security industry have to blog about each email scam then users are never going to be safe. It’s like driving head on into purple cars because nobody ever told you to avoid the purple cars. If you survive that and need to be told not to drive into the olive green cars you’ll crash again.
While emails that appear to be from people you know may not always be legitimate, emails from people you do not know are almost always bad news. Do not follow links in emails from unknown sources!
Director of Technical Education
Author ESET Research, We Live Security