I’m not a programmer so I’m just guessing that the two emails below are scams, but whatever they are, any change of pattern deserves caution.
So what are these changes of pattern?
I’ve noticed two, and they both involve the email address of the sender. Before I show you what I mean, it’s worth having a quick look at the standard parts or components of an email address. I’ll use my gmail address [this is my public email only] to illustrate:
The components are as follows:
- the username – i.e. meekasmind
- the @ symbol
- the mail server – i.e. gmail
- the top level doman or extension – i.e. .com
The @ symbol never varies but the username could be just about anything, same with the mail server, however the top level doman is usually restricted to a few familiar extensions. These include:
I’m sure there are more, but those are the main ones, off the top of my head. Outside of the US, these extensions often include the country code – e.g. .com.au for Australia.
Now have a look at the screenshots of emails I received just this week:
This is the first one I received. Note the .stream extension. Now it is possible that new extensions were approved while I wasn’t looking, but when I searched for the ‘concert-tickets‘ mail server from which the email supposedly came, I found nothing. Zip, zero, nada.
The next day I received three more emails with the hypenated mail server name and the .stream extension. Hmm..a pattern emerging here.
Then today a variation on the theme:
Instead of a .stream extension on the email address, we now have a .download. Assuming the .download and .stream extensions are legitimate, just exactly how many of these extensions are there?
Note something else as well. Under ‘Improve Your Vision’ [which is a link to another web location] there is vertical line. That line is not a truncated picture holder [given that Firefox blocked the images embedded in the body of the email*]. Nor is it an error. That line is another link.
Why is that line potentially significant?
Because even people who know to be wary of links in emails might click it just to find out what it is.
For me, another suspicious thing is the lack of ‘other’ information in any of these emails. Now it’s possible that the blocked images contain more information – i.e. text – but as a form of marketing, this doesn’t seem to be very smart. Which leads me to suspect that it’s not really marketing at all.
If anyone knows anything about these ‘new’ extensions – i.e. whether they are legitimate or not – please reply in comments. Until we know for sure, however, please treat these kinds of emails as potentially dangerous.
*The reason Firefox blocks at least some images in emails is that certain images ‘can’ contain malicious code. I’m not sure how that works, and I’m not sure how often it happens, but I know it’s a possibility.