E-mail Phishing Attempts Get Trickier: Fake bounced mail and Fake mail-from-scanner

Two phishing1 attempts made it through the work spam filter earlier this month, and they show the creativity of bad guys as they try to get access to your machine. The attempts at social engineering were interesting enough I thought I’d describe them here. We’re getting pretty close the line where we can’t tell a legitimate e-mail from ones with nasty side effects.

The Fake Bounced Message

This message has the appearance of being a bounced e-mail from a server called ‘cyber.net.pk’.
Screenshot of a fake bounced e-mail message.

Screenshot of a fake bounced e-mail message.

Why I Digitally Sign My E-Mail

Most e-mail messages I send are digitally signed using a process called “Pretty Good Privacy“, or PGP. In e-mail applications that don’t understand PGP, this digital signature will show up either as an attachment called “PGP.sig” or as a part of the message starting with “BEGIN PGP SIGNATURE” at the bottom of the e-mail. This file — containing gibberish to the human eye — is used by PGP-aware programs to verify that the message actually came from me. If you are using PGP, I could also sent you a message that only you could read (e.g. “encrypted”). This page gives some background on PGP and why I consider it important.

A New Year, a New PGP Key

It is the start of a new year1, and it seems like a good time to update my public encryption key. My previous one — created in 2004 — is both a little weaker, cryptographically speaking, than the ones newly created (1024-bit versus 2048-bit) and also an uncomfortable mixing of my professional and personal lives. For my previous key, I attached all of my professional and personal user ids (e.g. e-mail addresses) to the same key. This time I decided to split my work-related user ids from my other ones. My reasoning for the split is that I might be compelled by my employer to turn over my private key to decrypt messages and files sent in the course of my work. If my personal user ids are also attached to that private key, my employer (and who ever else got ahold of that key), would be able to decrypt my personal messages and files as well. That is not necessarily a good thing. So my solution was to create two keys and cross-sign them. I’ve outlined the process below.

These keys are part of a computer standard and software algorithm called “Pretty Good Privacy“, or PGP. If you are interested in more of a background about PGP, see a companion post on why I digitally sign my e-mail.


  1. Some have even said it is the start of a new decade, but of course that isn’t true. We won’t start a new decade until 2011, just like we didn’t actually start a new millennium until 2001. []

HOWTO Deal With Spam as a Mailman List Owner

Dealing with SPAM e-mail is a real hassle. Dealing with SPAM e-mail as a mailing list owner is an even bigger hassle. Here are some tips for dealing with SPAM e-mail on mailing lists using the Mailman software package.

The Symptoms

Unless you are making your users as well as yourself miserable, you’ve probably set the “Action to take for postings from non-members for which no explicit action is defined” to “Hold”. I believe this is the default setting for new lists.

\"Hold Nonmember\" Setting in Mailing list administration -> Privacy Options -> Sender filters

Hold Nonmember setting in Mailing list administration, Privacy Options, Sender filters

Getting a Hyperlink of the Last Sent Message from Mail.app using Applescript

I’ve been a fan of Getting Things Done as a technique for managing projects, but it was only recently that I settled on OmniFocus as the “trusted system” collecting all of my next actions. One of the things I like about OmniFocus — as a rich, Mac-only application — is its ability to hold links to messages from Mail.app as notes for each action. This occurs, for instance, when you use the “Clippings” function of OmniFocus to create a new action based on the message that you are currently viewing in Mail.app. (There are other ways to do it, such as the method described by Adam Sneller.)

One of the things I find myself doing is creating actions in a “Waiting” context based on e-mail messages I’ve just sent. Initially, I’d just create the action via the OmniFocus Quick Entry window. But I found myself needing to refer back to the message I sent when the person I’m waiting on doesn’t come through. So I started clicking and dragging the message from the Sent mailbox to the action. But to do that I’d have to click into the Sent mailbox and have the Mail.app and the OmniFocus windows set up just right. Or I’d have to follow a select-sent-mailbox, select-message, OmniFocus-quick-entry-with-clipping, select-Inbox, select-next-message workflow. And that took time and effort. So I’ve created an AppleScript ditty that does the work of creating a hyperlink on the clipboard of the last sent message. The results can then be pasted into any RTF-aware application, including OmniFocus.

Pointless E-mail Disclaimers

I’ve been collecting disclaimers that appear on the bottom of e-mail messages in a draft post on DLTJ for about a year now — every time I’d get a new one with a different twist, I’d save it anticipating the day would come that there would be enough humor here to share with the rest of you. That day has come. There wasn’t one that disclaimer that finally pushed the publication of this post over the edge; just the accumulation of examples. Identifying information has been removed, but the humor was left intact. If you recognize your institution/company in these examples, please laugh along with me. If you are the lawyer or pseudo-lawyer that drafted these, please do us all a favor and find something else to work on. Like drafting disclaimers for toothpicks and such.