Viruses and spam get more and more clever at getting through! The authors of these pieces of rogue software know that their victims are more likely to open emails that come from colleagues or - better - from their web administrator. It's very easy indeed to guess the account names for administrators, and also to harvest email addresses from web sites. It's also easy to send an email from one internet connection and pretend to be someone who has no connections whatever with that connection.

Suggested action

Make a presumption that all unsolicted emails that ask you to open something or validate an account are forged and attacks. However, these attacks make it very hard for the real administrator to get through to you. If you think an email might be genuine, I suggest that you email the administrator by TYPING IN HIS EMAIL ADDRESS into your mail program and not by following a link in the email you have received (again, that may be forged).

DO NOT open any enclosures until you hear back.
DO NOT click on anything that looks like a link ... especially if it ends in .com - it could be a Dos executable program.

You might be wondering if spam and email filters and virus checkers can help you. To some extent they can - we've already got email filtering in place and yet a proportion of these things get through. The particular problem with the messages highlighted in this article is that they're designed to look as close as possible to the genuine article, so they're hard for filters to deal with. We do recommend a virus checker on your own system, and that you use the virus checkers / filters provided by the ISP from whom your download.

Example of a rogue email

Here (for example) is an email I received within the last hour ....

Dear user graham,

You have successfully updated the password of your Wellho account.

If you did not authorize this change or if you need assistance with your account, please contact Wellho customer service at: administrator@wellho.net

Thank you for using Wellho!
The Wellho Support Team

+++ Attachment: No Virus (Clean)
+++ Wellho Antivirus - www.wellho.net

<enclosure called email-password of 31k, type .zip>

"Clearly" from someone who doesn't know us, for example ...
- We're "Well House Consultants" not "wellho"
- We don't style ourselves as "support team"
- We don't actually have an "administrator" email address

And what would be the point in sending out an attachment to someone who's correctly updated their email anyway? Ah - it's an attempt to get the recipient to open the .zip file which will infect his computer!
(written 2005-06-14, updated 2006-06-05)

 G910 - Well House Consultants - Scams
  [78] Domain Registry of America - (2004-10-07)
  [178] Calling a spade a spade - (2005-01-15)
  [860] Warning - false emails, said to be from Paypal - (2006-09-09)
  [1313] Tratum Technologies - (2007-08-21)
  [1342] Google, wwmdirectory, Freshwater, ATP - new scam? - (2007-09-09)
  [1680] Astroturfing - the online definition - (2008-06-17)
  [1772] Ken Palm, iTime, and Domain Name Tasting - (2008-08-25)
  [1795] What have iTime, honeytrapagency and domain listing center got in common? - (2008-09-12)
  [2373] Translation from Ghanaian to English - (2009-08-23)
  [2403] Hotel Booking Scam / Cost of calls to 070 numbers - (2009-09-12)
  [2524] An update on legal changes from the FSB? - (2009-12-03)
  [2690] The World Company Register - is it another scam? - (2010-03-23)
  [2895] Global Computer Maintenance Department - (2010-07-29)
  [2988] Not mugged in London! - (2010-10-08)
  [3222] Clickjacking - another way to get you to follow a malicious link - Facebook issue - (2011-03-29)
  [3291] Pay and refund scam - alive and kicking against Melksham businesses - (2011-05-16)
  [3480] Direct Message: Really horrible blog about you ... a clever phishing trip, said to be from an MP - (2011-10-14)
  [3859] Youve Been Selected for the 2012 Edition of the Global Registry - (2012-09-16)
  [4385] A booking that looks too good to be true? It probably is too good to be true! - (2015-01-05)
  [4651] Pressure selling in the fire safety business - (2016-02-19)

G909 - Well House Consultants - Spam, Spamming and Spammers
  [259] Responding to spam - (2005-03-27)
  [268] Information request forms, cleaning up spam - (2005-04-05)
  [276] An apology to Mr Boneparte - (2005-04-11)
  [338] OO techniques are hard to teach - (2005-06-06)
  [417] Telephone Preference Service - we're registered - (2005-08-17)
  [495] More spam - a success story - (2005-11-13)
  [872] Email metrics - (2006-09-20)
  [1037] Impact Engineering and Backscatter - (2007-01-16)
  [1115] Unexpected visitors to our site - (2007-03-22)
  [1523] Ive just received an email from myself. Should I be worried? - (2008-01-29)
  [1532] Comment spam blocked. Please comment via Forums - (2008-02-05)
  [1763] Co-operating to save, yet we dont - (2008-08-21)
  [1817] Marc Schneider is still having email trouble - (2008-09-30)
  [1978] From spam to mod_alias - finding resources - (2009-01-05)
  [2019] Baby Caleb and Fortune City in your web logs? - (2009-01-31)
  [2177] Preventing forum spam - checks at sign up - (2009-05-12)
  [2179] Offers that I can refuse - (2009-05-12)
  [2276] Who is Marc Schneider of Multilingual Search Engine Optimization Inc - (2009-07-10)
  [2398] Websitemediasolution and a goldfish called Carl Johnson - (2009-09-06)
  [2697] Email metrics and filtering - (2010-03-28)
  [2884] Hotlinked images onto adult material sites - (2010-07-23)
  [3016] The legal considerations of your web presence - revisited - (2010-10-26)
  [3166] Well house is strong - confirmed? - (2011-02-11)
  [3190] What do the following web sites have in common? - (2011-03-03)
  [3316] Twitter Phishing Trips ... and a great new alert service - (2011-06-04)
  [3352] World Trade Register - Certainly NOT worth 2985 Euros. - (2011-07-09)
  [3506] Cold call contacts - preference services and turning off spam sales approaches - (2011-11-03)
  [3661] Keeping forum and blog comments clean - (2012-03-19)
  [3910] Identifying your real customers and keeping them well informed fast - (2012-11-02)
  [3912] Sand to Arabia, Coals to Newcastle or Woodburners to Russia - (2012-11-04)
  [3946] Moving from a warning system to a control system - PHP, forum spammers - (2012-12-07)
  [4135] Introducing your product to Well House Consultants - single, personally tuned email please - (2013-07-08)
  [4315] Welcoming genuine forum posters quickly - but turning away off topic advertisers - (2014-11-16)
  [4520] No cold sales calls please - but delighted to hear from others! - (2015-09-29)

G902 - Well House Consultants - Web site techniques, utility and visibility
  [23] Skills and responsibilities - (2004-08-22)
  [32] Web design platoon - (2004-08-29)
  [98] No more 'Error 404' pages. Something better. - (2004-10-24)
  [109] URLs - a service and not a hurdle - (2004-11-04)
  [117] A case of case - (2004-11-14)
  [142] Colour for access - (2004-12-06)
  [165] Implementing an effective site search engine - (2005-01-01)
  [173] Data Mining - (2005-01-09)
  [179] The hunt for unique words - (2005-01-16)
  [182] Your personal Google ranking - (2005-01-19)
  [197] Allow for peak traffic on your web site - (2005-02-01)
  [202] Searching for numbers - (2005-02-04)
  [222] Who are all these visitors? - (2005-02-20)
  [261] Putting a form online - (2005-03-29)
  [274] Our most popular resources - (2005-04-10)
  [278] Cover all the options - (2005-04-13)
  [284] The Iconish language - (2005-04-19)
  [288] Colour blindness for web developers - (2005-04-22)
  [311] Growth pains - (2005-05-14)
  [314] What language is this written in? - (2005-05-17)
  [320] Ordnance Survey - using a 'Get a map' - (2005-05-22)
  [322] More maps - (2005-05-23)
  [348] Graveyard pages - (2005-06-15)
  [369] CMS - the minefield of Choices - (2005-07-05)
  [376] What brings people to my web site? - (2005-07-13)
  [414] Form Madness - (2005-08-14)
  [492] New Navigation Aid - Launch of My Wellho - (2005-11-11)
  [510] Dynamic Web presence - next generation web site - (2005-11-29)
  [528] Getting favicon to work - avoiding common pitfalls - (2005-12-14)
  [533] Bigger Box Campaign - (2005-12-18)
  [649] Denial of Service ''attack'' - (2006-03-17)
  [658] Keeping the visitors happy and browsing - (2006-03-26)
  [681] Mirroring a dynamic site - (2006-04-12)
  [718] Protecting images from theft - (2006-05-12)
  [732] Where is a web site visitor browsing from - (2006-05-24)
  [757] Horse and Python training - (2006-06-12)
  [767] Finding the language preference of a web site visitor - (2006-06-18)
  [800] Effective web campaign? - (2006-07-12)
  [893] Visibility - (2006-10-14)
  [916] Driving customers away - (2006-11-07)
  [976] Santa at the station - (2006-12-09)
  [994] Training on Cascading Style Sheets - (2006-12-17)
  [1015] Search engine placement - long term strategy and success - (2006-12-30)
  [1029] Our search engine placement is dropping. - (2007-01-11)
  [1055] Above the fold - (2007-01-28)
  [1104] Drawing dynamic graphs in PHP - (2007-03-09)
  [1177] Sorting out for a site map - (2007-05-05)
  [1184] Finding resources - some pointers - (2007-05-13)
  [1186] Two new pages / sites - (2007-05-14)
  [1198] From Web to Web 2 - (2007-05-21)
  [1207] Simple but effective use of mod_rewrite (Apache httpd) - (2007-05-27)
  [1212] What brought YOU to our web site? - (2007-06-01)
  [1237] What proportion of our web traffic is robots? - (2007-06-19)
  [1297] Stuffing content into a web page - easy maintainance - (2007-08-09)
  [1437] Above the fold with First Great Western - (2007-11-19)
  [1494] A time to update pictures - (2008-01-03)
  [1505] Script to present commonly used images - PHP - (2008-01-13)
  [1506] Ongoing Image Copyright Issues, PHP and MySQL solutions - (2008-01-14)
  [1513] Perl, PHP or Python? No - Perl AND PHP AND Python! - (2008-01-20)
  [1534] Where in the world / country is my visitor from? - (2008-02-07)
  [1541] Colour, Composition or Content - (2008-02-16)
  [1554] Online hotel reservations - Melksham, Wiltshire (near Bath) - (2008-02-24)
  [1610] PHP course dot co, dot uk - (2008-04-13)
  [1630] To provide external links, or not? - (2008-05-04)
  [1634] Kiss and Book - (2008-05-07)
  [1653] How do Google Ads work? - (2008-05-25)
  [1711] Rapid growth leads to server move - (2008-07-17)
  [1747] Who is watching you? - (2008-08-10)
  [1756] Ever had One of THOSE mornings? - (2008-08-16)
  [1793] Which country does a search engine think you are located in? - (2008-09-11)
  [1797] I have been working hard but I do not expect you noticed - (2008-09-14)
  [1833] Web Bloopers - good form design - avoiding pitfalls - (2008-10-11)
  [1856] A few of my favourite things - (2008-10-26)
  [1888] Find the link - (2008-11-16)
  [1955] How to avoid duplicating web page maintainance - (2008-12-20)
  [1961] Making our things easier to find - (2008-12-26)
  [1970] Plagarism - who is copying my pages? - (2009-01-02)
  [1982] Cooking bodies and URLs - (2009-01-08)
  [2056] Web Site Loading - experiences and some solutions shared - (2009-02-26)
  [2065] Static mirroring through HTTrack, wget and others - (2009-03-03)
  [2225] How important is a front page ranking on a search engine? - (2009-06-09)
  [2332] Formation, des langages Open Source - (2009-08-09)
  [2333] Formaci[83][c2]ón, de los lenguajes de c[83][c2]ódigo abierto - (2009-08-09)
  [2334] Formazione, Open Source computer lingue - (2009-08-09)
  [2335] Ausbildung, die Open-Source-Sprachen - (2009-08-09)
  [2336] Forma[83][c2]ç[83][c2]ão, Open Source computador l[83][c2]ínguas - (2009-08-09)
  [2337] Opleiding, Open Source computertalen - (2009-08-09)
  [2338] Uddannelse, Open Source computer sprog - (2009-08-09)
  [2339] Oppl[83][c2]æring, Open Source datamaskinen spr[83][c2]åk - (2009-08-09)
  [2340] ldning, Open Source dator spr[83][c2]åk - (2009-08-09)
  [2341] Koulutus, Open Source tietokone kielill[83][c2]ä - (2009-08-09)
  [2389] Writing with our customers words - (2009-09-01)
  [2410] Removal of technical resources from this site - (2009-09-19)
  [2519] Status Page / breaks of service in early December - (2009-11-30)
  [2532] Analysing Google arrivals by country of origin - (2009-12-10)
  [2552] Web site traffic - real users, or just noise? - (2009-12-26)
  [2569] How to run a successful online poll / petition / survey / consultation - (2010-01-10)
  [2668] Is it worth it? - (2010-03-09)
  [2981] How to set up short and meaningfull alternative URLs - (2010-10-02)
  [3022] Retaining web site visitors - reducing the one page wonders - (2010-10-31)
  [3087] Making the most of critical emails - reading behind the scene - (2010-12-16)
  [3149] Looking back at www.wellho.net - (2011-01-28)
  [3197] Finding and diverting image requests from rogue domains - (2011-03-08)
  [3367] Google +1 - what is it? - (2011-07-22)
  [3426] Automed web site testing scripted in Ruby using watir-webdriver - (2011-09-09)
  [3491] Who is knocking at your web site door? Are you well set up to deal with allcomers? - (2011-10-21)
  [3532] Sharing the user experience - designing a form with the customer in mind - (2011-11-29)
  [3554] Learning more about our web site - and learning how to learn about yours - (2011-12-17)
  [3563] How big is a web page these days? Does the size of your pages matter? - (2011-12-26)
  [3589] Promoting a single one of your domains on the search engines - (2012-01-22)
  [3623] Some TestWise examples - helping use Ruby code to check your web site operation - (2012-02-24)
  [3734] QR codes with marketing logos embedded - (2012-05-16)
  [3744] Short Web Addresses for Melksham - (2012-05-30)
  [3745] Legal change - You need to obtain user consent if you use cookies on your website - (2012-06-01)
  [3776] Some traps it's so easy to fall into in designing your web site - (2012-06-23)
  [3896] An email marathon - (2012-10-15)
  [3974] TV show appearance - how does it effect your web site? - (2013-01-13)
  [4001] Helping search engines with appropriate 400 error codes - (2013-02-11)
  [4076] Web site - fully back! - (2013-04-29)
  [4115] More or less back - what happened to our server the other day - (2013-06-14)
  [4136] How do I post automatically from a PHP script to my Twitter account? - (2013-07-10)
  [4239] Facebook marketing - early experiences - (2014-01-19)
  [4376] Well House Consultants, Well House Manor, First Great Western Coffee shop, TransWilts / 2014 web site reports - (2015-01-01)
  [4401] Selecting RECENT and POPULAR news and trends for your web site users - (2015-01-19)
  [4474] Effect on external factors on traffic to our web sites - an update - (2015-04-26)
  [4492] Almost so wrong, but perhaps it's right for some? - (2015-05-11)

Back to No Smoking Pubs

Previous and next or Horse's mouth home

Forward to Graveyard pages

Is photoajustment an addiction?
Want to be one better
Comments in Tcl
Frightening and from-friend viruses and spams
No Smoking Pubs
Spotting a denial of service attack
Walk in Bath
Should I use structured or object oriented?
The evening after the course