A new wave of fake job applications and responses isn’t caught by Outlook.
Spammers aren’t completely stupid, they release a new type of infected email that isn’t caught by the Outlook Junk Email filter even when it’s set to ‘High’ ( Actions | Junk E-mail | Junk E-mail Options | Options ).
They also to wait for a ‘new’ junk email filter from Microsoft to start sending out their latest bulk messages – this gives their new creations at least a month (probably more) of unfiltered access to Outlook users around the world.
The latest examples are messages supposedly from various real companies either offering you a job application or declining your application.
All of these messages are rigged to come from fake addresses starting with [email protected] – a clever choice because that’s a common email prefix for Human Resources departments.
The file attachment is a ZIP file which isn’t normally blocked by Outlook. Inside the ZIP file is an .exe file that any prudent computer user should assume is some nasty infection. The last thing you should do is open the ZIP file, let alone run the .exe file inside.
All the links in the message are genuine links to the real company web site (in our example thecoca-colacompany.com ) however the message did NOT come from that company. There’s no point in replying to the message or complaining to the company that’s been spoofed – they are as much a victim as message receivers.
What to do?
Eventually Microsoft will update their Junk E-mail Filter to deal with these message but in the meantime you’re on your own.
For many people the best option is simply the delete key – just press that to get rid of the nuisance messages.
However the manual option might not suit you or you’re responsible for many copies of Outlook and need a way to automatically handle this nuisance.
Make a Rule
Making a rule to deal with unwanted email automatically is a good idea, if only as a temporary measure until Microsoft catches up. Some care is required to ensure that you trap only the unwanted messages and not any legitimate messages.
As always, we provide this rule not only to help with the current spam but as an example you can adapt to your own needs.
This particular group of messages makes that difficult since the company’s are real, [email protected] is a common email prefix and it’s also common that HR departments send attachments to messages. Different companies are spoofed so checking for the names of particular company’s won’t work.
Here’s what we came up with … create a new rule from Tools | Rules and Alerts and make a new rule for messages when they arrive. You can work through the wizard to set what to look for in messages and, importantly in this case, exceptions to the rule.
Firstly, set the conditions to check:
- Look for the text ‘ [email protected] ‘ in the senders address
- Only messages which have attachments
- Messages that have ‘ .zip ‘ somewhere in the message header.
Outlook doesn’t have a direct way to test the file name of email attachments. You can try testing for a string in the message header but it doesn’t always work. It does work with these particular spams that we’ve tested. There is a small risk that messages could be trapped accidently since the ‘.zip’ test is applied to the whole message header not just the email attachment name.
We suggest moving the messages to the Junk E-mail folder which is where Microsoft’s filter should put them. A message in the Junk E-mail folder can be searched for and retrieved if detected in error.
That rule might be enough, especially if you don’t usually get messages from human resource departments. But if you do deal with HR then there’s a greater risk that the above rule will move messages you want to see.
To avoid that, add an exception to the general email rule. This will stop certain messages from being moved to the Junk Email filter according to the main rule.
The spam messages have one shortcoming – they don’t mention you by name. The email addresses are farmed from various sources and usually don’t include names. Even if a name is in the TO: field it usually isn’t included in the message body.
If you make an exception for any messages that have your first or last names in the message body it will help separate messages truly for you from broadcast spam.
The third step in the wizard is about exceptions:
- Except if the body contains specific words.
The specific words to use are your first and last names separately. If you put your full name in as a single string you’d not exempt messages that are addressed such as:
- Hello Fred
- Dear Mr Dagg
Another possible exception is to check for any company you normally deal with. You can do this by adding their name or domain name to the ‘body contains’ list together with your own name.
Or check for the domain name in the incoming email address. Checking for the domain name is more reliable than a specific email address which could change.
You can use one or both of these exceptions as suits your situation.
- Catching ATT bogus messages
- ‘Summary of Payments’ infected ‘Excel’ email
- Windows Live ID confirmation – bogus!
- Fake emails missed by Outlook
- Do you have the latest Junk Email filter?
- Fake Windows update ignored by Outlook’s email defences
- When Outlook doesn’t detect a spam message
- More ‘news’ spam not detected by Outlook
- More CNN based phishing missed by Outlook
- Outlook isn’t catching ‘CNN.com Daily Top 10’ phishing trap
- Junking “You’ve received … ” spam
- Setting Outlook’s spam filter for Office Watch
- Organizing the email pile in Outlook