Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Suspicious email "from my bank". Malwarebytes and AVG Cloud missed it.

29 Dec 2015   #1
Stevekir

Windows 7 Home Premium 64bit
 
 
Suspicious email "from my bank". Malwarebytes and AVG Cloud missed it.

I recently received an email message (during the Christmas holiday!!) purporting to come from my bank, saying that important changes had been made to my account and inviting me to open something. Of course I deleted the message without opening it.

However, I have Malwarebytes (paid version) running all the time (scan and protection log shows both place this afternoon, as a daily occurrence,) and AVG Cloud Care was also running (I will be replacing AVG soon). Neither alerted me to the email.

Should they have? if not, Malwarebytes is claimed to spot fishing messages; if so, why not?

Thanks.


My System SpecsSystem Spec
.
29 Dec 2015   #2
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Next time you get a suspicious mail, send it to Virus Total. That checks it with two dozen AV programs.

https://www.virustotal.com/
My System SpecsSystem Spec
29 Dec 2015   #3
LMiller7

Windows 7 Pro 64 bit
 
 

Malwarebytes and AVG attempt to detect phishing messages but do not clasim to catch them all. Phishing has become VERY sophisticated in recent years and try very hard to evade detection, and have become quite good at it. For all their abilities these products have one major weakness in that they cannot understand the text of these messages. That is far beyond current technology. You have this ability. For that reason you must remain vigilant and never rely on technology to protect you.
My System SpecsSystem Spec
.

29 Dec 2015   #4
Stevekir

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by LMiller7 View Post
Malwarebytes and AVG attempt to detect phishing messages but do not clasim to catch them all. Phishing has become VERY sophisticated in recent years and try very hard to evade detection, and have become quite good at it. For all their abilities these products have one major weakness in that they cannot understand the text of these messages. That is far beyond current technology. You have this ability. For that reason you must remain vigilant and never rely on technology to protect you.
On the bold part of your reply, I thought the text of the phishing messages was written by a human and all they had to do was to send out to their list of gathered addresses. My suspicious email was gramatically correct and in good English, not like the also human-written ones from Africa but with spelling mistakes and bad grammar.

My rule is usually not to open any message which is not from someone already in my addrerss book or whose name I already know (but not famous names like Kim Kardashian - I should be so lucky!). This is a bit restrictive because I might ditch a genuine message, but phishing and other suspicious messages are, for me, extremely rare.
My System SpecsSystem Spec
29 Dec 2015   #5
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Give your bank a call. They will be able to tell you if they sent you a email.

A bank will never send you a email asking for any account or personal information.
My System SpecsSystem Spec
30 Dec 2015   #6
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Quote   Quote: Originally Posted by Stevekir View Post
Should they have? if not, Malwarebytes is claimed to spot fishing messages; if so, why not?

Thanks.
@LMiller7 and the others are correct.
No program reads the text of emails.
That is up to you.
Moreover, I don't see where MBAM claims to "spot fishing [phishing] messages" here?
(And @LBB is correct: your bank will never send a legitimate email asking for personal info.)

MBAM detects certain types of non-viral malware (that may be embedded or contained within that email message) upon execution.
And it detects malicious IPs/domains in its database.
But it does not detect ALL malware and makes no claim to do so -- detection of certain types of malware (e.g. many true viruses, and others) is the role of your AV.
It is part of a layered approach to security, alongside your robust AV, firewall and other security applications and methods.

Having said that....
It is a constant battle between the "good guys" and the "bad guys", the latter of whom exploit users through social engineering such as phishing, spear-phishing and other strategies and through new malware variants every day.
No one security program or combination of programs can protect 100% of computers from 100% of malware 100% of the time.
The most critical component is the part between the chair and the keyboard.
Users who are determined to infect themselves by practicing "unsafe hex" will probably become infected, no matter what security programs are running.

There are many comprehensive, authoritative resources about "best practices" for computing safety at the reputable computer help fora.

Cheers,
MM

P.S. As suggested by others, you can always submit URLs and files to VirusTotal or a similar service. And you can submit possibly malicious URLs or IPs or files to the security researchers at MBAM forum and other, similar sites.
My System SpecsSystem Spec
30 Dec 2015   #7
Stevekir

Windows 7 Home Premium 64bit
 
 

The page you quoted states:
"What it does for you

  • Detects and protects against malware in real-time
  • Blocks hacking and phishing attempts
  • Schedules automatic scanning
  • Offers three flexible scanning mode"
In my earlier post, #4, I said "I thought the text of the phishing messages was written by a human and all they had to do was to send out to their list of gathered addresses." I misunderstood the earlier post where the poster was referring to the analysis at the receiving end of the phishing message to detect phishiness. If the text is well written, no software could detect it (as the poster said). I wonder how Malwarebytes (or anything else) could possible detect a phish?
My System SpecsSystem Spec
30 Dec 2015   #8
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Quote   Quote: Originally Posted by Stevekir View Post
The page you quoted states:
"What it does for you
  • Blocks hacking and phishing attempts
Yes, IF you were to click on a malicious link that is in the IP/domain database or IF you were to try to open/execute a malicious attachment containing a file format that MBAM detects.


But, no, as pointed out, neither MBAM nor any other program can "read" the text of an email.


That (and exercising due caution when viewing or opening ANY email, no matter WHO the sender appears to be) is up to the user.


There are a number of 3rd-party utilities that permit one to preview, view, and (if needed) delete or report as SPAM any incoming email message while it is still on the server, before it ever touches the user's local computer. It provides an additional layer to safely screen incoming emails.



Cheers,

MM
My System SpecsSystem Spec
30 Dec 2015   #9
Stevekir

Windows 7 Home Premium 64bit
 
 

I have found in Thunderbird: If you want to investigate it, in the list of incoming emails, select a suspicious email (just a simple single click, do not double click or it will open) so it turns a light colour. Then do Ctrl+U This will open a window showing the message header and, lower down, the message itself. About half way down the window the header lists the sender's email address (see the attachment). This might give a clue about the message (and any attachment) but of course malware senders could easily have an Internet domain name that sounds good.

As I understand it, although the email message and its attachment have already been put on to your computer's hard drive, neither have been opened at this stage. It is opening either that could be dangerous. Also, any attachment's name will be in the message header and it could be search for and deleted.

Finally, if the email is obviously suspicious, it can be deleted as soon as it arrives by RIGHT-CLICKing on it in Thunderbird's list of incoming messages and choosing "Delete" from the dropdown menu.

Another source of error: when on a web site that is offering a download that you have decided is safe, the window is often plastered by other conspicuous DOWNLOAD NOWs etc. This can be confusing, leading to downloading unsafe stuff.

I am pursuing "There are a number of 3rd-party utilities that permit one to preview, view, and (if needed) delete or report as SPAM any incoming email message while it is still on the server, before it ever touches the user's local computer. It provides an additional layer to safely screen incoming emails."


Attached Images
Suspicious email "from my bank". Malwarebytes and AVG Cloud missed it.-untitled-1.jpg 
My System SpecsSystem Spec
30 Dec 2015   #10
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

Thunderbird's "anti-spam" (actually "junk mail") controls/filters are separate from the anti-spam/anti-junk features of your AV and other security applications and they are unrelated to "anti-malware" functionality.
Apples - Oranges.
The point is that spammers can bypass security at the server level by spoofing their sender address.
It's then up to the user to exercise caution when viewing and (especially!) opening emails, no matter who the sender appears to be.

The realtime, layered security applications cannot protect the user 100% of the time.
There are many layers to one's personal computer security, including email safety. They all start with safe computing practices and "situational awareness" by the user -- "safe hex".

It would take a month of Sundays to explain the many facets and nuances.
There are many comprehensive, authoritative resources about "best practices" for computing safety at the reputable computer help fora - they explain it all far better than I can.

As for spam-filtering software, I have used Mailwasher for many years with TB, layered with my MBAM, MBAE and Kaspersky applications. There is a free version and a paid version. There are others out there, as well.

Hope this helps,

MM
My System SpecsSystem Spec
Reply

 Suspicious email "from my bank". Malwarebytes and AVG Cloud missed it.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
MBAM Pro settings - how to automatically get "missed updates"?
I've been struggling with this problem (clearly must be a settings issue), but cannot seem to figure out what to do in order to avoid the problem symptom. Either that, or it's a program bug (which I will report on the MBAM forum, but I hate to post there because of "attitude"). I would like...
System Security
"Bank interleaving requested, but not enabled", but Windows boots fine
Hi guys. I changed the RAM on my system recently, as one of the old sticks was giving problems. It would fail to boot intermittently, and according to the LED light on my motherboard, it was supposed to be a memory issue. So I took out the old RAM and put in the new RAM in the other two slots, not...
Hardware & Devices
Does WLM "completely" delete email without "Compact Datadases"?
With XP's Outlook Express- When you'd delete email from their Folders, they weren't "completely deleted..." until you Compacted Databases & Reboot (without CD, OE would Not release from backup..., and Bloat...!). ~~~~ Q1?- I now use WLM 2009 POP3/only (I like 2009's GUI, Much better than...
Browsers & Mail
Suspicious service "ABKR"
Today I was going through my services to check some stuff out and I've noticed this: So I went to that "temp" folder to look for ABKR.exe, and there's nothing there. Looks like it's been deleted or something, I remember having some viruses a couple of months ago, guess I'll scan again with...
System Security
MS Security Essentials, "certain patterns of suspicious activity"
In Microsoft Security Essentials, there is an option to "check for certain patterns of suspicious activity". What are these patterns of suspicious activity? How much does this slow down my system? How likely am I to get a false positive?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App