Have you received an email with the subject "important", "invoice" , or "new" from a friend? Think about it, does it make sense that your friend is sending you an invoice or an "important" document?
Did the email just have a link, especially one ending with the letters "php." Despite what you might think, it is not your friend sending you that link.
Here is an example. This was received from gmail (Google) and trapped by the anti-virus filter at User Friendly IS (identifying info removed and links made unclickable):
Received: from mail-io0-f193.google.com (209.85.223.193)
by mail.userfriendlyis.com with RC4-SHA encrypted SMTP; 16 Apr 2016 20:39:25 -0400
Received-SPF: pass (mail.userfriendlyis.com: SPF record at _netblocks.google.com designates 209.85.223.193 as permitted sender)
Received: by mail-io0-f193.google.com with SMTP id g185so19422595ioa.0
for <removed>; Sat, 16 Apr 2016 17:39:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to;
bh=AE+jgtYVsd23TpgTNPH38w0RQ1Tz/HBNSwZBpcHnIV8=;
b=HhYhCKmPhGzxlPxgKMJwOOM7uK6kJrAMxXLM0tezdEZvMM2XNJjkt0sFaypKqTy2MK
gvZpPEj+uY9xdzP4LIBIXFQk63chSK0GDFmFwDWLjfsXoj9WgnNQ70XW25J/PgSRaQig
vWKivVH7N+fx9QOgam1/T7zJbQCCFcW+UDpqg5zw0iOPYUp7UJGnZjkGeFwDMmDAWqwy
YSAry41NHjDnw+3tdr5AlUuuNBkyRKv1EgGhbpRx9/R7FB6GzEDurECTbVBujyAAxC58
RsQnkG9Y4RP4oxzRIj/g8+udpqYeysj7oVqmAxa4w8R8QtNVuURD9tosAxVioMA+rI2m
FhpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to;
bh=AE+jgtYVsd23TpgTNPH38w0RQ1Tz/HBNSwZBpcHnIV8=;
b=bmR/vRcMOJcz2AHNbR17RTKNpfqPfKXGp35nfqHxIl/uq6cjUijrscz9Z1zHmOXG81
BNUpHfpqvzYUByXCKMw+cM2418LWeUWOEfJORNoRRCcS5FeEIyoeZx22aThbg4a8RwOJ
vNKZ+YO2Yy8MROg5gFqCbWx8ti1/BJWL9LVb/mzbmMMb33WxGwrLvlo9oqTvyOUObX3H
cWW6EH3YgSX92dlY7phltkl0vxShgJf/3SzzszwxRPuvfaXdtiZazK6zL1+GqTZrO0zm
StmLNZ3AGJMYCqgxebTSTEBCTh3t9iGIGO1jbfs9XRVNUS6iksNk0qEyk6E7XRVOOsXN
8JDA==
X-Gm-Message-State: AOPr4FVPLg22j+DVZIKiIKTCXTPSf3LCQC1IstTJ9R6CoQKBAooMqd1fkGdvW3sgvWRVL73XpJp1KIB7NTuqFA==
MIME-Version: 1.0
X-Received: by 10.107.15.141 with SMTP id 13mr23962486iop.193.1460742653497;
Fri, 15 Apr 2016 10:50:53 -0700 (PDT)
Received: by 10.107.184.134 with HTTP; Fri, 15 Apr 2016 10:50:53 -0700 (PDT)
Date: Fri, 15 Apr 2016 18:50:53 +0100
Message-ID: <CADkb5G7YYPaMJ_t1Z0pEFSo0cDrh6PGk4ceB15B6s-MhRd+Gyw@mail.gmail.com>
Subject: April Update
From: <removed>
To: <removed>
Content-Type: multipart/alternative; boundary=001a113e9000f880a5053089a6f0--001a113e9000f880a5053089a6f0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printableElaine shared this important document (April-Approval.pdf) with you.
This document is securely stored using GoogleDocs Online PDF.
Click Here
<h__p://irprpro.com/clients/SouthernHomeMed.com/components/com_user/views/r=
egister/tmpl/new/index.php> <--- The LINK -- DON'T CLICK IT
Thank you.
The above email was sent via a gmail server to a large list of users by someone who probably clicked on link in a similar email.
Can you tell by looking at that link what it is? No, and neither can I. Using some tools, I "clicked" on the link (actually just downloaded the content outside of a normal web browser) and what did I find? An email phising scheme. It was a web page trying to get you to enter your email credentials so you could get that important document.
DON'T DO IT. DON'T CLICK THAT LINK.
If you believed the email, clicked the link and entered your email username password than the person behind the email that you received now has your email account and password. I'm guessing that the important document contains a trojan Microsoft Word Document/PDF/flash file that will execute code on your system that will encrypt your files and make you pay to un-encrypt them or it could just grab you address book and spam all your friends. Who knows what these miscreants will do.
If you think an email is suspicious, it probably is.
BTW, the software at the link was Joomla, but the interesting thing, it was embedded in a Wordpress install.
REMEMBER DON'T CLICK THAT LINK
Now here are some links you can click
What did I just say? LOL. Checkout our google safe browsing report. https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.... and the report for our network https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en...