Strange email: Am I being phished?

[kaylasdad99]

First of all, I have only a vague notion of what phishing is, which makes me perhaps a very dangerous person to be allowed to own a computer and email account. I do understand that it involves using a false identity to lure a person into making personal information available via email; information that can later be used in identity theft scams.

The point is, I’m not really interested in learning all of the details of what phishing is and is not; I’m interested in finding out if it’s safe for me to respond to this email I received.

This morning (or last night; its stamped at precisely midnight, another discussion we don’t need to have right here), I received an email, with the subject line: Contact Info, and the following text:

Mysterious email:

Hi Everyone,

I decided to attach a copy of what I put together so you would have a chance to review it before Sunday. Please let me know if there are any changes to your information. I will also have hard copies available on Sunday.

Donna

The recipient list included a handful of other names I didn’t recognize, such as lunarpatronusgirlXXXXX, thebaseballkidXX, PurplegirlsXX (email names slightly modified to guard against problematic content in this post).

Now, I do have plans for Sunday, and there is a woman named Donna associated with the place those plans are to be carried out. Everything else about the email is entirely opaque to me. Contrary to the text, there is no attachment,

I prepared the following reply, but I have not yet sent it:

Potential reply:

Hello, Donna,

The email you sent me doesn’t have the attachment. Also, based on the fact that I don’t recognize the email addresses of anyone else on the list of receivers, I’m not even sure of which Donna of my acquaintance you yourself are. It appears that this is the first time I’ve gotten an email from you, so the LightWvrs name isn’t much help.

I wonder if you would be good enough to re-send the attachment; and in the text portion of the email, some information that will put your name into context for me.

Thanks for the help.

As I was about to send it, my nasty suspicious mind told me to move cautiously. What if the email was really an innocuous probe? In the format it is in, it got safely past all of my ISP’s spam filtering. If I were to respond to it, would it give the sender essentially a passport to send unwanted and possibly dangerous stuff past my spam filters in the future?

On the other hand, I could have just been inadvertently placed into the mailing list for a girl’s soccer team in Omaha, due to an errant keystroke. If this is the case, “Sorry, jazman3, you’re going to miss the big games and pizza parties this year, and I feel somehow responsible.”

That 12:00 timestamp, though, is troubling to me. Anyone have any opinions? Thanks in advance.

[Musicat]

It may not be a phish, but by all means don’t reply. If you do, you will be put on the list with the other suckers since the sender has just confirmed that your email address exists and you read your mail. You will then enter the realm of those lucky enough to receive more spam that you ever though existed.

A phish is a particular kind of fraud that attempts to get information like bank account numbers and passwords so your account can be raided. Usually a phish masquerades as coming from the bank, ebay, paypal, or whatever, and tries to fool you into giving up information that you would never give to a crook on the street.

If it really is the Donna you know, she’ll have to learn to do email the right way, and I’m sure the other recipients will tell her. If you can call her by phone, do so and ask about the meeting. Or, if you have her email address, send a new message (not a reply) to her.

The time is suspicious, but it is possible to send an innocent email at exactly midnight. It is also a frequent error to forget to attach an attachment, so these clues are ambiguous.

Always be suspicious. The crooks outnumber the nice guys.

[Duck_Duck_Goose]

I would second the motion not to reply. You never know who’s at the other end. Even if it’s just a spammer cruising randomly selected e-mail addy combinations looking to snag a live one, why risk it?

If it is “your” Donna, it serves her right for forgetting to include the attachment. She will go ahead and make the plans for the Sunday afternoon Family Soccer Tournament And Nude Mud Wrestling Blowout without anybody else’s input, and it will be All Her Fault when people grouse at her for not including karaoke in the day’s festivities.

“Why didn’t we have karaoke, Donna?”
“You didn’t say you wanted karaoke! You should have said something! I sent you an e-mail!”
“You left off the attachment! How are we supposed to know you wouldn’t have karaoke? We’re not mind-readers!”

[tomndebb]

If there is a Donna involved with your Sunday event, could you reach her by phone to see whether she sent the e-mail? That takes your electronic address out of the loop while confirming that it was or was not intended for you.

[kaylasdad99]

Thanks for the responses. I’ll go delete my drafts folder.

[hajario]

Don’t reply. If it is legitimate, someone who was supposed to get the email will tell her about the missing attachment. If you get a second, “oops, here is the attachment” note, then you can reply.

[spingears]

kaylasdad99:

First of all, I have only a vague notion of what phishing is, which makes me perhaps a very dangerous person to be allowed to own a computer and email account.

Good general rules of thumb and keyboard!
If you don’t know the sender of an email, send it directly to the trash!
If an offer sounds too good to be true it probably is. Ignore it.