Tag Archives: phishing

“Did You Send This?”

On Sunday, I received an email, purportedly sent by my client, “Leigh.” Sometimes friends, family, and even clients will send me friendly email links to online greeting cards, games, or other social networking services. Perhaps this was one of those?

leigh

The email in question.

The message came from interaction@zorpia.com, with the subject “Leigh wrote a message for you.” I had no idea what zorpia.com was, so I went to the site.

zorpia

Zorpia.com’s sign-in page. I didn’t rush to join just yet.

There wasn’t much to it, but it certainly looked real. I dug a little deeper, finding the Wikipedia entry for it.

Zorpia (Chinese: 若比鄰) is a social networking service, popular in India and China. Zorpia is one of the few international social networks with a Chinese Internet Content Provider license.  The social networking site reports 2 million unique users per month and a total worldwide user base of 26 million.

So, good. It’s real. And a bigger deal overseas than here, but okay. But is Leigh a member, and she’s using it to send me messages? Something didn’t smell right.

So I did what I usually do when I get an unexpected email with a link. I don’t click the link. Ever. Instead, I emailed Leigh at her primary address.

Dear Leigh,

I just got an email from Zorpia.com that claims to be from you. Did you send me something there? If so, I’ll go ahead and click the link. If not, you might want to check and see if you have an account with them that is being used without your permission.

She wrote me back promptly: “I did not send this. I receive one from my sister and clicked on it. What should I do?”

As I learned after a little research, clicking the “message” linked in the email automatically accesses your computer’s contacts list and sends this “auto-join” message to everyone you know. Not unlike a virus.

Luckily, since it’s not technically a virus (that is to say, other than spamming your contacts list, it likely won’t do any other harm to your computer), there is a method for stopping it in its tracks.

First, don’t click the link to read the message, naturally. Second, there is a link that’s okay to click. At the bottom of the message, it reads, “Block future emails like this.”

I clicked it, and this is what came up:

optout

And hopefully that will be the last I hear from them!

 

I replied to Leigh that she do the same, and to advise her sister of that step as well. It won’t unring the bell of Leigh’s contacts getting a phony message, but as long as everyone exercises common sense and practices safe internet, no further harm should be done.

A reminder: if you aren’t 100% sure of the origin of an email (and heck, even if you are), go ahead and reach out to the “sender” by phone or an alternate email address. It only takes four words to help keep your computer (and address book, bank data, etc.) safe:

“Did you send this?”

And until you hear back, don’t click the link. I’d even say to go ahead and delete the email. Worst case, your friend did send it, and they are slightly inconvenienced, having to re-send their cute online card or whatnot. Serves them right for not telling you to expect it in the first place. ■

Advertisements