Viruses and spam get more and more clever at getting through! The authors of these pieces of rogue software know that their victims are more likely to open emails that come from colleagues or - better - from their web administrator. It's very easy indeed to guess the account names for administrators, and also to harvest email addresses from web sites. It's also easy to send an email from one internet connection and pretend to be someone who has no connections whatever with that connection.

Suggested action

Make a presumption that all unsolicted emails that ask you to open something or validate an account are forged and attacks. However, these attacks make it very hard for the real administrator to get through to you. If you think an email might be genuine, I suggest that you email the administrator by TYPING IN HIS EMAIL ADDRESS into your mail program and not by following a link in the email you have received (again, that may be forged).

DO NOT open any enclosures until you hear back.
DO NOT click on anything that looks like a link ... especially if it ends in .com - it could be a Dos executable program.

You might be wondering if spam and email filters and virus checkers can help you. To some extent they can - we've already got email filtering in place and yet a proportion of these things get through. The particular problem with the messages highlighted in this article is that they're designed to look as close as possible to the genuine article, so they're hard for filters to deal with. We do recommend a virus checker on your own system, and that you use the virus checkers / filters provided by the ISP from whom your download.

Example of a rogue email

Here (for example) is an email I received within the last hour ....

Dear user graham,

You have successfully updated the password of your Wellho account.

If you did not authorize this change or if you need assistance with your account, please contact Wellho customer service at: administrator@wellho.net

Thank you for using Wellho!
The Wellho Support Team

+++ Attachment: No Virus (Clean)
+++ Wellho Antivirus - www.wellho.net

<enclosure called email-password of 31k, type .zip>

"Clearly" from someone who doesn't know us, for example ...
- We're "Well House Consultants" not "wellho"
- We don't style ourselves as "support team"
- We don't actually have an "administrator" email address

And what would be the point in sending out an attachment to someone who's correctly updated their email anyway? Ah - it's an attempt to get the recipient to open the .zip file which will infect his computer!
(written 2005-06-14, updated 2006-06-05)

 G902 - Well House Consultants - Web site techniques, utility and visibility
  [3589] Promoting a single one of your domains on the search engines - (2012-01-22)
  [3563] How big is a web page these days? Does the size of your pages matter? - (2011-12-26)
  [3554] Learning more about our web site - and learning how to learn about yours - (2011-12-17)
  [3532] Sharing the user experience - designing a form with the customer in mind - (2011-11-29)
  [3491] Who is knocking at your web site door? Are you well set up to deal with allcomers? - (2011-10-21)
  [3426] Automed web site testing scripted in Ruby using watir-webdriver - (2011-09-09)
  [3367] Google +1 - what is it? - (2011-07-22)
  [3197] Finding and diverting image requests from rogue domains - (2011-03-08)
  [3149] Looking back at www.wellho.net - (2011-01-28)
  [3087] Making the most of critical emails - reading behind the scene - (2010-12-16)
  [3022] Retaining web site visitors - reducing the one page wonders - (2010-10-31)
  [2981] How to set up short and meaningfull alternative URLs - (2010-10-02)
  [2668] Is it worth it? - (2010-03-09)
  [2569] How to run a successful online poll / petition / survey / consultation - (2010-01-10)
  [2552] Web site traffic - real users, or just noise? - (2009-12-26)
  [2532] Analysing Google arrivals by country of origin - (2009-12-10)
  [2519] Status Page / breaks of service in early December - (2009-11-30)
  [2410] Removal of technical resources from this site - (2009-09-19)
  [2389] Writing with our customers words - (2009-09-01)
  [2341] Koulutus, Open Source tietokone kielillä - (2009-08-09)
  [2340] ldning, Open Source dator språk - (2009-08-09)
  [2339] Opplæring, Open Source datamaskinen språk - (2009-08-09)
  [2338] Uddannelse, Open Source computer sprog - (2009-08-09)
  [2337] Opleiding, Open Source computertalen - (2009-08-09)
  [2336] Formação, Open Source computador línguas - (2009-08-09)
  [2335] Ausbildung, die Open-Source-Sprachen - (2009-08-09)
  [2334] Formazione, Open Source computer lingue - (2009-08-09)
  [2333] Formación, de los lenguajes de código abierto - (2009-08-09)
  [2332] Formation, des langages Open Source - (2009-08-09)
  [2225] How important is a front page ranking on a search engine? - (2009-06-09)
  [2065] Static mirroring through HTTrack, wget and others - (2009-03-03)
  [2056] Web Site Loading - experiences and some solutions shared - (2009-02-26)
  [1982] Cooking bodies and URLs - (2009-01-08)
  [1970] Plagarism - who is copying my pages? - (2009-01-02)
  [1961] Making our things easier to find - (2008-12-26)
  [1955] How to avoid duplicating web page maintainance - (2008-12-20)
  [1888] Find the link - (2008-11-16)
  [1856] A few of my favourite things - (2008-10-26)
  [1833] Web Bloopers - good form design - avoiding pitfalls - (2008-10-11)
  [1797] I have been working hard but I do not expect you noticed - (2008-09-14)
  [1793] Which country does a search engine think you are located in? - (2008-09-11)
  [1756] Ever had One of THOSE mornings? - (2008-08-16)
  [1747] Who is watching you? - (2008-08-10)
  [1711] Rapid growth leads to server move - (2008-07-17)
  [1653] How do Google Ads work? - (2008-05-25)
  [1634] Kiss and Book - (2008-05-07)
  [1630] To provide external links, or not? - (2008-05-04)
  [1610] PHP course dot co, dot uk - (2008-04-13)
  [1554] Online hotel reservations - Melksham, Wiltshire (near Bath) - (2008-02-24)
  [1541] Colour, Composition or Content - (2008-02-16)
  [1534] Where in the world / country is my visitor from? - (2008-02-07)
  [1513] Perl, PHP or Python? No - Perl AND PHP AND Python! - (2008-01-20)
  [1506] Ongoing Image Copyright Issues, PHP and MySQL solutions - (2008-01-14)
  [1505] Script to present commonly used images - PHP - (2008-01-13)
  [1494] A time to update pictures - (2008-01-03)
  [1437] Above the fold with First Great Western - (2007-11-19)
  [1297] Stuffing content into a web page - easy maintainance - (2007-08-09)
  [1237] What proportion of our web traffic is robots? - (2007-06-19)
  [1212] What brought YOU to our web site? - (2007-06-01)
  [1207] Simple but effective use of mod_rewrite (Apache httpd) - (2007-05-27)
  [1198] From Web to Web 2 - (2007-05-21)
  [1186] Two new pages / sites - (2007-05-14)
  [1184] Finding resources - some pointers - (2007-05-13)
  [1177] Sorting out for a site map - (2007-05-05)
  [1104] Drawing dynamic graphs in PHP - (2007-03-09)
  [1055] Above the fold - (2007-01-28)
  [1029] Our search engine placement is dropping. - (2007-01-11)
  [1015] Search engine placement - long term strategy and success - (2006-12-30)
  [994] Training on Cascading Style Sheets - (2006-12-17)
  [976] Santa at the station - (2006-12-09)
  [916] Driving customers away - (2006-11-07)
  [893] Visibility - (2006-10-14)
  [800] Effective web campaign? - (2006-07-12)
  [767] Finding the language preference of a web site visitor - (2006-06-18)
  [757] Horse and Python training - (2006-06-12)
  [732] Where is a web site visitor browsing from - (2006-05-24)
  [718] Protecting images from theft - (2006-05-12)
  [681] Mirroring a dynamic site - (2006-04-12)
  [658] Keeping the visitors happy and browsing - (2006-03-26)
  [649] Denial of Service ''attack'' - (2006-03-17)
  [533] Bigger Box Campaign - (2005-12-18)
  [528] Getting favicon to work - avoiding common pitfalls - (2005-12-14)
  [510] Dynamic Web presence - next generation web site - (2005-11-29)
  [492] New Navigation Aid - Launch of My Wellho - (2005-11-11)
  [414] Form Madness - (2005-08-14)
  [376] What brings people to my web site? - (2005-07-13)
  [369] CMS - the minefield of Choices - (2005-07-05)
  [348] Graveyard pages - (2005-06-15)
  [322] More maps - (2005-05-23)
  [320] Ordnance Survey - using a 'Get a map' - (2005-05-22)
  [314] What language is this written in? - (2005-05-17)
  [311] Growth pains - (2005-05-14)
  [288] Colour blindness for web developers - (2005-04-22)
  [284] The Iconish language - (2005-04-19)
  [278] Cover all the options - (2005-04-13)
  [276] An apology to Mr Boneparte - (2005-04-11)
  [274] Our most popular resources - (2005-04-10)
  [268] Information request forms, cleaning up spam - (2005-04-05)
  [261] Putting a form online - (2005-03-29)
  [259] Responding to spam - (2005-03-27)
  [222] Who are all these visitors? - (2005-02-20)
  [202] Searching for numbers - (2005-02-04)
  [197] Allow for peak traffic on your web site - (2005-02-01)
  [182] Your personal Google ranking - (2005-01-19)
  [179] The hunt for unique words - (2005-01-16)
  [173] Data Mining - (2005-01-09)
  [165] Implementing an effective site search engine - (2005-01-01)
  [142] Colour for access - (2004-12-06)
  [117] A case of case - (2004-11-14)
  [109] URLs - a service and not a hurdle - (2004-11-04)
  [98] No more 'Error 404' pages. Something better. - (2004-10-24)
  [32] Web design platoon - (2004-08-29)
  [23] Skills and responsibilities - (2004-08-22)

G909 - Well House Consultants - Spam, Spamming and Spammers
  [3506] Cold call contacts - preference services and turning off spam sales approaches - (2011-11-03)
  [3352] World Trade Register - Certainly NOT worth 2985 Euros. - (2011-07-09)
  [3316] Twitter Phishing Trips ... and a great new alert service - (2011-06-04)
  [3190] What do the following web sites have in common? - (2011-03-03)
  [3166] Well house is strong - confirmed? - (2011-02-11)
  [3016] The legal considerations of your web presence - revisited - (2010-10-26)
  [2884] Hotlinked images onto adult material sites - (2010-07-23)
  [2697] Email metrics and filtering - (2010-03-28)
  [2398] Websitemediasolution and a goldfish called Carl Johnson - (2009-09-06)
  [2276] Who is Marc Schneider of Multilingual Search Engine Optimization Inc - (2009-07-10)
  [2179] Offers that I can refuse - (2009-05-12)
  [2177] Preventing forum spam - checks at sign up - (2009-05-12)
  [2019] Baby Caleb and Fortune City in your web logs? - (2009-01-31)
  [1978] From spam to mod_alias - finding resources - (2009-01-05)
  [1817] Marc Schneider is still having email trouble - (2008-09-30)
  [1763] Co-operating to save, yet we dont - (2008-08-21)
  [1532] Comment spam blocked. Please comment via Forums - (2008-02-05)
  [1523] Ive just received an email from myself. Should I be worried? - (2008-01-29)
  [1115] Unexpected visitors to our site - (2007-03-22)
  [1037] Impact Engineering and Backscatter - (2007-01-16)
  [872] Email metrics - (2006-09-20)
  [495] More spam - a success story - (2005-11-13)
  [417] Telephone Preference Service - we're registered - (2005-08-17)
  [338] OO techniques are hard to teach - (2005-06-06)

G910 - Well House Consultants - Scams
  [3480] Direct Message: Really horrible blog about you ... a clever phishing trip, said to be from an MP - (2011-10-14)
  [3291] Pay and refund scam - alive and kicking against Melksham businesses - (2011-05-16)
  [3222] Clickjacking - another way to get you to follow a malicious link - Facebook issue - (2011-03-29)
  [2988] Not mugged in London! - (2010-10-08)
  [2895] Global Computer Maintenance Department - (2010-07-29)
  [2690] The World Company Register - is it another scam? - (2010-03-23)
  [2524] An update on legal changes from the FSB? - (2009-12-03)
  [2403] Hotel Booking Scam / Cost of calls to 070 numbers - (2009-09-12)
  [2373] Translation from Ghanaian to English - (2009-08-23)
  [1795] What have iTime, honeytrapagency and domain listing center got in common? - (2008-09-12)
  [1772] Ken Palm, iTime, and Domain Name Tasting - (2008-08-25)
  [1680] Astroturfing - the online definition - (2008-06-17)
  [1342] Google, wwmdirectory, Freshwater, ATP - new scam? - (2007-09-09)
  [1313] Tratum Technologies - (2007-08-21)
  [860] Warning - false emails, said to be from Paypal - (2006-09-09)
  [178] Calling a spade a spade - (2005-01-15)
  [78] Domain Registry of America - (2004-10-07)

Back to No Smoking Pubs

Previous and next or Horse's mouth home

Forward to Graveyard pages

Is photoajustment an addiction?
Want to be one better
Comments in Tcl
Frightening and from-friend viruses and spams
No Smoking Pubs
Spotting a denial of service attack
Walk in Bath
Should I use structured or object oriented?
The evening after the course