October 02, 2008, 8:29 AM — It's only been in the last few weeks that I have begun to notice occassional email claiming to be from Tech Support, but not looking at all like the notices that I normally receive from the "techies" in my company or those that my own group sends out from time to time. Our email filtering does a good job of keeping most of the spam out of my inbox, but a small percentage of this junk gets through. Judging just from what I've seen recently, the fake Tech Support email seems to have somewhat popular amount the spammers.
Fortunately, the genuine notices that I'm used to seeing have a very identifiable format. I suspect they're generated by some automated tool. They tell about planned outages, downed links and their restorations, system upgrades, virus warnings and such.
The fake Tech Support email that came through, in contrast, have a different look, address me differently or very generically (e.g., Dear Customer) and clearly originate from outside my company's domain. It may not be much of a stretch for you or I to recognize and delete this email and get on with our work. It's necessarily not a good idea, on the other hand, to assume that everyone in our organizations is as savvy as we are when it comes to recognizing a hoax.
To help ensure that your own user population won't be snared into the tech support hoax, follow some simple rules and let your users know what to expect.
For one thing, use a specific format for all notices that you send to your users. In addition, maintain a single location for any files that users should legitimately be expected to download or links they might be expected to follow. Warn you users to be on the lookout for suspicious or invalid links in all email they receive. Tell them to be wary of email that contains odd misspellings, often intended to thwart spam filters. Show your users how they can verify links by hovering over them with a mouse and viewing the URLs that the links would otherwise lead them to. Warn them about pop-ups and especially of attachments. Even today, otherwise clever people are still clicking on attachments and getting themselves into trouble. If you use either of pop-ups or attachments for your own puposes, make it very clear when your users should and should not accept them as genuine. If your email client displays only the sender's name in email, show your users how to view the email address of the sender. It still may not be a legitimate email address, but it's unlikely to be the same as any legitimate email addresses in your domain. Warn you users to be especially cautious whenever email they receive suggests a need to take some action immediately. Let them know that you will always provide them with plenty of time to react to any requests that you might make. A false sense of urgency is almost always an indication of something being very wrong.
The techies in my company were very good at getting a warning out to our users. Provide your users with some good rules for avoiding email hoaxes and maybe they'll reward you by identifying the next spammers' fad before you do.