Q: This is a follow-up question from the one you answered recently about whether we should be suspicious about unsubscribing from email lists that ask us to confirm our email address. I have wondered the same thing and would like to ask the best way to get rid of them?
— Michael Sage
A: The best way to get rid of nuisance email is to set your email program’s spam filter to a high setting and to delete whatever spam or suspicious emails get through. I’m afraid there’s no surefire way to block all unwanted emails without also blocking mail that you want to receive. Of course, you’ll want to check your junk mail folder every once in a while to make sure no legitimate emails that you want have been sent there.
Q: If a sender of an email is unrecognizable to me, I hover over the From field to see the real email address. But just in the last few days I’ve hovered and seen my own email address!! I assume they now use the same trick as they did with caller ID — that they can put a fake email address in there to “fool” us. Fortunately, I know I didn’t send myself these emails and delete from the spam folder (or move to spam folder and delete). My question is basically, is this a new trick, and will it harm us if they eventually fake a real other sender’s email address?
— Sally Paul
A: One possibility, of course, is that your computer has been hacked and is being used to send spam.
A more likely possibility is that someone is using an old trick called “spoofing.” The spoofer substitutes a real email address in the “from” field to trick you into opening the email. Most often the goal is to get you to click on a link in the email that will take you to an advertisement or, more maliciously, that will download malware onto your computer.
Computer security sites urge users to look for poor spelling, or unusual language, presumably on the premise that spoofers tend to be from other countries and are not fluent in English. And, in fact, I’ve seen spoofed emails with those characteristics.
But I wouldn’t count on using poor grammar to detect malicious emails. Instead, my practice is to simply not click on links or open attachments unless I have reason to believe the source is legitimate. (For that reason, I don’t open attachments when readers send in questions to this column.)
Also, configure your email program to not display images in the body of emails. That’s another avenue for delivery of malware.
Q: I have Kaspersky Total Security installed on my HP Pavilion. Several times a day, often times up to five times a day, I get the following alert from Kaspersky: “Malicious link http://pacudoh.com … is blocked.” I can’t find further information from Kaspersky about what pacudoh is and why it seems to be the only malicious link that is blocked every day. I get no other notifications that other sites have been blocked. I briefly looked for pacudoh.com on Google but opted not to open it in the event it really is malicious. Do you have information on pacudoh and why it is malicious? And do you have any suggestions on how I can have it permanently blocked so I am not notified of it being blocked?
— Michael Paul
A: Pacudoh.com appears to be a domain leased by Amazon, which doesn’t necessarily mean it is actually in use. It has been identified by URL scanners as a potential source of malware. The emphasis there should be on “potential.” URL scanners look for signs that there may be malware on the site just as virus scanners look for signatures of viruses.
The thing that makes me curious is the fact that something on your computer keeps trying to go to that domain and Kaspersky keeps blocking it. That may indicate that you already have a piece of malware on your computer. I recommend scanning with another anti-malware program to see if you can identify a culprit. I use Malwarebytes, and there’s a free version you download to perform a scan.