Tag Archives: spam

Tax Refund Phishing Alert and 5 Tips to avoid being Phished

Just a quick warning to folks reading this that there’s a Phishing email doing that looks like it’s from the Indian Tax Department is doing rounds. The email text reads

tax_phishing

Averse that some of us have become to reading the complete text I clicked the link that took me to

tax_phishing1

and it was only when I saw the card number and card verification number that it occurred to me something’s not right here. On close examination things started to fall out of place. This page is a cleverly devised one and can make a lot of people fall for it unless they are alert enough. The right side pane have links to actual sites and the look is a complete rip off from an official site. While this might be a clever attempt it isn’t perfect and here’s why(keep this things in mind for similar situations)

1) Asking for Card Number and/or Pin: If anyone needs to transfer money to you, all they need is your name, your bank account number and branch. There isn’t any need for a credit/debit card number and pin

2)  Non Clickable Icons/Links: On trying to find where various links on the sites are pointing out I realized that left pane is just an image and not an html section with actual links, the same holds true for the footer which looked genuine but is just an image

3) Generic Name: On a closer look you’ll realize  that all the text from email to the web page is not being addressed to you or anyone in particular. It’s just a generic text like ‘Dear Applicant’ and a silly ‘Dear Income Tax Department of India customer’  for email

4) URL: The site URL could be a great pointer in Phishing cases and the URL here (http://indiataxrefdep.com/folder/) reveals that something isn’t right here. When was the last time you accessed a government site which had ‘folder’ in it’s url?  Also, aren’t government sites on the ‘.gov.in’ domains?

5) Email Sender: It’s really important to check the sender email id of such emails(which I didn’t check in the first place to be honest). On second thoughts a quick look at the email id would have cleared all doubts, the sender email was ‘fihktr@yahoo.com’. Yes, an Income Tax Department email coming from a yahoo mail id.

These five tips should be helpful in figuring out if an email is a Phishing attempt or not. Feel free to add more points to the list.

I had written a similar post to avoid being Phished on Facebook, you can read it here

5 Tips for Writing Better Emails

Yesterday evening while trying to explain some best practices for writing emails to my younger brother I tried to make my point clear by showing him some examples and asking him to identify the differences. Given the amount of badly designed/structured emails doing rounds it wasn’t hard to find an example of badly designed email from my inbox.

Here are two emails that I picked up for him, both are regarding bloggers meet.

bad_email

and

good_email

Instead of pin-pointing the differences I asked him spot them and it didn’t take him a second to say

“The second email is addressed to you while the first one is SPAM”

Though I wasn’t expecting him to flag the first one as spam but I guess that’s how it would appear to anyone who doesn’t know the context beforehand.

Trying to figure out what was really bad about the first email isn’t rocket science. It’s essentially two very simple things

bad email marked

1) ‘To’ Field: I try to find some clues like who all was the mail addressed to etc,  from the ‘To’ field (some people put their entire list in to field btw). As you can see here the email’s ‘from and to’ fields are same. Thankfully email clients don’t work like packet sniffers else this mail would have reach spam folder directly, no questions asked.
Perhaps like we used to think during our college day the sender thought it’s mandatory to have an address in ‘To’ field and therefor it’s their name in the ‘To’ field while the addresses email id’s are shoved in the ‘BCC’ field.

2) ‘Greeting’: It’s basic courtesy (common sense?) to greet someone by their name (unless you are not sure about their name) when sending email and it’s even more important when you are sending mail to a blogger on behalf of a client. The last thing the recipient should think is if it’s a bulk email or worse spam.

Given the fact that recepients of such emails wouldn’t be numerous I don’t think it would have bee a tough job.

5 Tips for Writing Better Emails:

1) Don’t send bulk emails. And if you have to then don’t make it apparent that it’s a bulk email by addressing it like ‘Hi Bloggers’ or ‘Hi Guys’ .

2) Write personal emails:

Emails starting with just ‘Hi’, start on a fishy ground(unless you know the recipient)

bulk emailThough the ‘To’ field here has your name unlike in example 1 above since it starts with just ‘Hi’, you can’t assume that this email is just being sent to you.

3) Avoid generic statements:

‘Your blog makes for very interesting reading’. That’s the kind of lines spammers use these days. Avoid them and insted writing something that seems more genuine and believable.

4) Be relevant/targeted:

irrelevant email

Now that’s seriously lame. Thankfully they didn’t add neighbours and relatives to the list.

5) Have an opt-out link: If for whatever reason you plan to send emails to people regularly without asking them before hand at least have a link for them to opt-out from your emailing list.

As with other things finding bad examples is quite easy but finding good examples isn’t. Here’s an example of what could be called a better designed/structured email sent for the first time (to some email list I suppose)

nice_email

second half

nice_email2You might want to checkout this awesome email checklist by Seth Godin and writing more effective emails by Chris Brogan for more on better/effective emails.

Got some tips to share about writing better emails?

Twitter Trick Fail

Yesterday a friend of mine, whose not into Twitter at all forwarded this mail to me

— On Fri, 5/15/09, Great Offers and Discounts wrote:

From: Great Offers and Discounts
Subject: The Twitter Trick
To: xzy@yahoo.com
Date: Friday, May 15, 2009, 8:29 PM

If You Tweet, This Is For You

Yes TwitterTrick can work for you, and you’ll quickly discover that it’s easy if it’s all lined up for you,
and you have a quick action plan that s simple to follow…

But you don’t have to fear listbuilding anymore, because the new techniques, and the new social media have made it easy for us…

You don’t have to worry about listbuilding anymore!

Your list will start growing immediately, even while you sleep!

Even if…

$ You’ve never built a list before

$ You don’t know what an autoresponder is…

$ You never heard of Twitter…

$ You’ve never sold anything online before…

$ You can just barely answer your email…

And you have nothing to fear, because you are covered by my “no hard feelings” guarantee, because I just wont have any unhappy customers, if you aren’t happy with this book, in 60 days time, and you didn’t grow your list, and you gave it an honest try, I will happily refund you your money, check it out right now…

Bundled with this offer, get

$ FREE BONUS # 1 : The Twitter Automation Report – Make your Twitter Life Easier

$ FREE BONUS # 2 : Twitter Traffic Magic – How to use Twitter to Boost your Blog/Web traffic

$ FREE BONUS # 3 : The Article Marketing Blue Print

If You Tweet, This Is For You

There is a lot more to know about it. CLICK HERE

Yes, that’s how(and why) bubbles are created. Twitter Trick’s website

So what do you think about the “Twitter Trick” ?

The Great Twitter Spam Attack

You know something isn’t write when #hiring is a trending topic on Twitter, especially when it’s Recession Time. That’s indeed the case. A quick click on the keyword confirms that, here’s what the search page of #hiring looked like

spam_hiring

Out of curiousity I checked out the search page for the next trending topic i.e #tweemyjobs and here’s what I got

spam_tweenmyjobs

and this

spam_tweenmyjobs2

Yes, these two trending topics have been compromised/rigged/spammed and apparently there isn’t a genuine reason for them to be popular except for these bots. Also, if you take a closer look at the tweets here you’ll realize that the words contained in the kwip match the trending list, one for one. HOLY SHIT !! The whole trending list has been screwed badly. So as I write this post millions of users will be seeing the list of engineered topics spammed into attention. What this means is that it’s damn easy to turn the trending list upside down.

Thinking about this makes me wonder how come there aren’t any checks in place to catch hold of such things and control them ?

spam_mothersday

spam_startrek
Not only this, there are other(un-related) people who also want to cash in on the eyeballs the trending topics get and to attain that goal they start using trending topics randomly in their posts to earn some extra clicks. For ex: the one’s here

spam_hiring2

Screenshots of searh results for other trending topics dollhouse, wolverine, imax and giro

Sad but true, the integrity of  Twitter’s trending topics has been screwed.
Let’s see how this incident effects the bigger picture.

ps: excuse me for these hatrick posts on twitter, it’s just a coincidence and twitter got lucky

Startups and Spam

These two “S” words are not often used in the same sentence but I had to use them. Everyone hates getting spam but not everyone hates sending spam. I too like most others get a daily quota of spam in my email account despite the spam filters. While most of those spam emails don’t generate any bad feelings because I simply choose to ignore them there’s this category of spam which I can’t help feeling bad about. This category of spam originates not from shady people selling enlargement creams or Viagra pills but from people who actually own and run less or more popular companies/sites. Most of the spam emails that I get from the category mentioned above are from various early stage startups based out of India(except wayn) so it seems like spamming people in such a way is a trend more popular in India only.

Sample these:

“Hi
Someone close to you had invited you to join www.xyz.com
Please visit www.xyz.com and register, you may win an illuminated t-shirt.”

and

“Your friends have been inviting you to join www.xyz.com”

As if the shady generic signup spam emails like the one’s mentioned above weren’t sufficient that we now also have spam vote for me emails like this

“A friend of yours provided us with your email address and suggested that you would be open to provide 2 minutes of your time to support a startup company engaged in a worthy mission.  We have been nominated in the TATA NEN Hottest Startups contest.  We are writing to request you to vote for us.”

“worthy mission”
was it ? Not sure if anyone who gets this spam email would vote for them, I certainly won’t(despite the fact that I liked the site’s interface when I looked at it for the first time)

I fail to understand why these sites/companies have to resort to such stupid ways of spreading the word. Why why why ? Firstly, I am not a big supporter of mass emails, for I am not really sure if they do more good than bad and secondly if you have to (for whatever reasons) mass email people keep in mind the following things

1) Don’t address it to everyone.
Hi all, Dear all etc are a not a good way to start an email which is not addressed to a known/close group. They look spam from the word go. I’d rather read a mail which reads “Hi Mayank” or at least a “Hi”.
2) Don’t use vague referrers:
“A friend of yours”, “Someone close to you”, “Your good friend” or something weird like this is sure shot sign of a spam email. If you have a referer name use it else don’t pretend to act genuine because this just doesn’t work.
3) Make the text interesting:
I won’t mind reading a random email if its written properly and maybe a bit witty. It should be a run of the mill promotional email.

That said, I’d like to advice startups(and others) to not bombard random people like this as it might give you small returns but it most certainly will piss others off which might have been neutral towards you otherwise but now think of you as evil/lame.  No points for guessing what image I now have for the startups who sent me those spam emails.