We get emails every day for all kinds of reasons, and we think we know which are safe.  As of today, I have four clients, and probably at least one more, that have clicked links in emails that they thought were from friends or bosses, that downloaded worms and trojan horses to their computers.  If you haven't heard of these types of malware, I'll tell you why they are bad in another post.

First of all, let me tell you that it is possible to get an email from someone that didn't come from that someone.  (Huh??!!)  The way viruses and other forms of malware work is that they go into the emails and address books on the computer they have infected and scrape out the addresses found there.  That's why, in this post, I told you that when you include people's addresses in emails you send out, you compromise their privacy.

After they have their newly acquired list of addresses, they begin to send themselves out from one address in the list to another.  This way, they look like they came to you (or someone in that address book) from someone you trust.  The best way to illustrate how this works is to tell you a true tale.

Several years ago, I started getting Windows-based virus-laden emails from my parent's PC.  In actuality, the message COULD NOT HAVE COME FROM THAT LOCATION.  My parents have never used a Windows-based PC; they have always used Macs.  Macs cannot be infected with Windows-based viruses, so the messages could not have come from their machine.  As it turns out, one of my father's friends had contracted the virus, and, since both Dad's and my email addresses were on that PC, I started getting the emails.  Since my main computer is a Mac, I was able to deconstruct the messages and figure out what went on without worrying about getting infected.

The last bit of information is that the subjects and message text look like something you might get from the person who appears to be sending you the email.  A new client thought he had gotten a message from one of his colleagues about a UPS shipment.  Although he wasn't expecting a shipment, it wasn't an unusual event, so he clicked the link to check the status of the package, and infected his machine.

So, that's how the messages end up looking legitimate.  Here's how to tell if they are or not.

Every link, such as the one I listed above to another of my posts, has an address behind it.  You can view that address simply by placing your cursor on the link WITHOUT CLICKING IT.  When you do that, the actual link will show up at the bottom left corner of whatever program you are in (e.g., Outlook, Outlook Express, Internet Explorer, Firefox).  Examine that link.

No matter what the web address, a legitimate link will have the domain name as the last part of the link.  For example, if the person sending you the email wants you to go to the Kodak website to look at pictures, the last part of the link will show "kodak.com".  If it says something like "kodak.femtobot.com", you should view that as highly suspicious.  Such a link is going to send you to a site that is recognized as "femtobot.com", not "kodak.com".  Since you are likely not familiar with "femtobot.com", you should avoid clicking the link.

In my client's email discussed above, the link was "ups.imgoingtoscrewupyourpc.com", or something like that.  So when he clicked the link, it took him somewhere that downloaded bad stuff to his hard drive.  It took over three hours to clean it up so he could use it again.

There are two things I want to say here.  The first is:  I DON'T LIKE MAKING MONEY OFF OF THESE TYPES OF COMPUTER ISSUES!! (Sorry for the shouting, but I want you to understand I feel strongly about this.  I promise not to shout in this post again).  The second is: DON'T BLINDLY CLICK ON LINKS YOU FIND IN EMAILS, EVEN IF THEY APPEAR TO COME FROM SOMEONE YOU KNOW!!  (I lied.)

If you receive an email from someone, even your father, asking you to click on a link to see something you might find amusing or interesting, or naked pictures of your best friend's wife, before you click, call the reputed sender and verify they sent you the email.  It's really worth the time it takes to make the call.  And don't get lazy about this, or I'll have to do something I don't like - fix your PC when the problem could have been avoided.

Thank you, and be careful out there.