How many times have we got one of those emails from an African country, promising us a large reward for letting them use our bank account to transfer money?

You might think that in this day and age, people are aware of such fraudulent acts and do not fall into such traps. Wrong! There’s still a  large number of people who fall for such things, as in the case of Sherif, an Indian living in Doha – who happens to hail from the same Indian district that I am from – Kannur.

As per a newspaper report, Sherif paid the Nigerian guy about $80,000 as ‘processing fee’ for transferring $150,000 to his bank account in Kerala, India. He eventually got ‘suspicious’ when the Nigerian kept asking for more money and complained to the Cyber Cell of the Kerala Police.

The cops set a trap for the Nigerian, Shabha Muhammed Razaq, and asked him to come to Bangalore to collect more money. Razaq walked into the police trap and he was caught with counterfeit US currency, fake passports and some chemicals (?!).

Razak was part of a much bigger gang engaged in internet fraud in India and admitted tricking many people living in other Indian states.

A great job done by the Cybercops of Kerala! However, the general public need to be more alert and aware about such scams, that take advantage one basic human instinct – greed!

I like to visualize the BlackBerry server as a ‘black box’ – only because it is often difficult to figure out where the problem is. Perhaps my ignorance is to blame, or it’s just my love for the simplicity/transparency surrounding the inner workings of ActiveSync.

The other day, for instance, I was trying to activate a Blackberry Bold device. The activation kept timing out for no reason. Most of the time when this happens, one of the following usually solves the problem.

• "Wipe" the device
• Delete and re-create the user on the Blackberry server
• Do a failover (we have NeverFail for Blackberry)
• Do a full restart of the server.

But this time it was rather strange. All the above actions were in vain. So I decided to ‘troubleshoot by elimination’.

• Check if same SIM card works on another blackberry enabled device. (yes)
• Check if another user can be activated on same blackberry device with same SIM (yes)

I then deduced that there is nothing wrong with the Black Box .. er.. BlackBerry server, the device or the SIM card. "It must be something on the mailbox", I thought. But what exactly?

A quick call to our service provider, and a long wait for someone to get back to me revealed to me what I was missing — the user’s junk mail filter!

Blackberry activation involves sending an email to the user’s inbox, which would contain some kind of a hash. The user’s junk mail filter mistakenly thought that the emails from blackberry were spam and sent it to the user’s Junk Mail folder in Outlook, before the blackberry server could pick it up (from the Inbox folder) and activate the device!

EHLO!

This is a list of ten bad email habits that I’ve come across. Take a look and see if you find yourself doing some or all of these.

If you’re like me, and you can’t stand the sight of ol’ SMTP being abused, I’ve included some tips on how to teach the abuser a lesson . This is just my list of email habits, feel free to add more by posting comments.

1. Misusing the CC field – Type 1
   Some people think that if they CC somebody’s boss on every email message requesting action, they can get a quicker response. For something that’s really critical or important, this is good. But CCing the boss on every diminutive email request is just too much. Too many such “CC” e-mails to the sender’s manager is annoying for the manager too, and the manager might eventually stop reading emails from you (or even worse, administer a quick issue of the DEL key) every time you send a message. Your email eventually loses importance might get ignored even when it really is urgent. In the IT world, we can even see users doing this for things as trivial as getting access to a shared folder on the file server.

   What can I do?
   If you are the recipient, do not give the sender an impression that you are expediting on the sender’s low-priority request just because your boss is CC’d on it. Give priority to those other low-priority requests that have been directly sent to you by others and action them first (even if they came after the abuser’s email). If you can afford to do it, action this particular email request at the end of the day. When you reply to this sender, do not CC your boss.

2. Misusing the CC field – Type 2
   And there are some other senders, who mark a CC to every son of Adam whenever they send an email message. If the motive of the email is to advertise about an achievement of the sender (often in a subtle way), this is perhaps done to show the world that the sender is worth his salary. If the motive of the email is to point out a fault concerning one of the recipients, then this most likely shows arrogance on part of the sender.

   What can I do?
   If the motive of the email is to communicate something which does not directly concern you – it is best to ignore it – if you can’t take it any longer, pick up the phone, and ask the sender nicely to stop marking you on such emails. If several of the recipients do the same thing, the sender will gradually come to terms with the idea. If the motive of the email is genuine and if you need to respond to it, make sure you remove all the unnecessary recipients after hitting ‘Reply to all’. This will reduce the number of recipients in the remaining part of the thread, and most likely prove a point to the sender.

3. BCC
   The BCC field is a mistake. It shouldn’t have been there in the first place.
   Users, be aware that, upon request of the management, your email administrator can and will be able to determine whom you are marking on BCC.
4. Responding when you are angry/frustrated
   This can make things very ugly. There is no worse feeling than wishing that you had never sent an email – two hours later. Think twice before typing an email. This is going to be a permanent record in the pages of history. Think of email like a gun. Once you pull the trigger (hit Send), there is no turning back.

   What can I do?
   Do not hit ‘Reply’ as soon as you finish reading a provocative e-mail. Sit back, relax, take a deep breath and reply later when you are ‘yourself’ again.

5. Using email instead of the phone
   Using the phone for minor things can be faster than sending an email. Some people tend to think that sending an email increases the priority of the matter. However, in the real world, people are not always glued to their Outlook and may not (or choose not to) see your message till you call them .

   What can I do?
   Accept the fact that email is not a replacement for the telephone. Period.

6. Read receipts
   A read receipt is a cool feature designed with a purpose – it tells the sender when and if you have read the message. So, use it! Some people (usually managers) do not like to send read receipts when they receive email. The justification might be “who is this guy to ask me if read my email?!”. On the other hand, some people configure Outlook to always ask for a read receipt on every email they send. That’s a terrible waste of a good email feature.

   What can I do?
   Respond positively to all read receipts. Avoid configuring Outlook to automatically request read receipts for every email you send. It is annoying!

7. Overdoing the Out-of-Office reply
   Out-of-Office reply messages are really cool too. They let the sender know that you’re not in town so they need not expect an immediate reply. It can also be used to direct the sender to contact someone else. However, some people use the Out-of-Office to write essays to explain at great lengths what they are up to and what’s missing in the organization because they are gone. I guess this is done by some users to show the boss (and everyone else) that they are taking care of a lot of responsibilities – the work of four men, etc. Oh please!

   Example of a good Out-of-Office message:

   Dear Sender,

   I will be out of office from May 27th, 2008 to June 26, 2008 and I will be having limited access to my email during this period. For any urgent matters, please contact Mr. Humpty Dumpty on 050-123-456 or email him on hdumpty@mycompany.com

   Regards,
   Yankee Doodle
   
   Example of a bad Out-of-Office message:

   Dear Sender,

   I will be on vacation at a beach resort in Hawaii from May 27th, 2008 to June 26, 2008. I will be having limited access to my email during this period.
   Please contact the following people during my absence:

   For matters concerning cabbage and cauliflower, please contact Jack Thompson.
   For reporting rotten cauliflower, please contact Charlie Brown.
   For issues related to onions and garlic, please contact John Smith.
   For issues related to onions without leaves, please contact Charlie Brown.
   For issues related to onion skin, please contact Jack Thompson.
   For anything related to vegetables, please contact John Smith.
   For queries related to legumes, please contact Charlie Brown.
   Anything else related to food that grows on plants, please contact Jack Thompson

   Regards,
   Show-Off Jones

   What is this? An IVR system? The sender could have also added one more line – “If you are confused, wait till I come back, because I’m THE MAN“.

8. Empty Meeting Requests
   If you send a meeting request, you are requesting time from other people – which is valuable. Make sure you have a darn good reason for throwing a meeting and mention it in your request. Write a brief note on the meeting – use the OARRs rule: Objective, Agenda, Roles and Responsibilities. There’s nothing more ridiculous than receiving an empty meeting request and you end up reaching the venue wondering what the whole meeting is about. And when you reach there, you find other attendees in your very same, clueless, sorry situation.
9. Using c
   razy shortcuts and too many smileys
   Using abbreviations like ASAP, FYI, FYA are well-accepted and good. Avoid using words like ‘coz’, ‘bcz’, ‘pls’, ‘thx’, ‘thnx’, ‘LOL’, etc. These might be good to use in a chat session, but not in a formal email message. Also make sure your email is well-punctuated and easy to read. Do not use more than one smiley per formal message. Read your mail once to see if it makes sense and run a spell check before hitting ‘Send’.
10. Sending chain mail
    Sending a few impressive emails is good and keeps cheer in the workplace. It also helps build conversation at the water cooler and in the coffee room. But please don’t overdo it. Do not keep sending every trash that you receive from the internet – especially the ones that ask you to ‘send this message to 500 people in 3 days otherwise your momma’s gonna die’.

Hope you enjoyed this post. Let me know if you have come across more email habits by posting a message below.

Here’s one for users and IT support personnel who sometimes have problems understanding what exactly an email non-delivery report (NDR) is trying to convey. Messaging experts, please excuse.

In Exchange Server, all NDRs returned to the sender appear to come from the local Exchange Server of your organization and not from the remote recipient’s mail server – even if the problem is at the receiving end. If the mail is received at the remote server and an error occurs during further re-routing/relaying, then the NDR might not appear to come from your organization’s Exchange Server. The NDR is formatted in an easy-to-read email message by the Exchange server in your organization and is sent back to the sender.

So, how easy is it to understand an NDR?

At first sight of the new, well-designed NDR of Exchange Server 2007, most users and non-email administrators tend to think that the problem is always on the local Exchange Server. To add to the confusion the NDR contains the words “Sent by Microsoft Exchange Server 2007″ and “Generating server: “.

Here are some tips:

• The text marked in blue is not what’s important. It will always show YOUR organizations edge transport server – unless the error occurred at a subsequent mail re-routing operation at the destination.
• Pay attention to the part that I’ve marked in red. The part labeled (1) is more important. It gives you an overview of what’s wrong – but need not always give you the full picture.
• The part labeled (2) is the server on which the error occurred. If this doesn’t look like one of the servers inside your organization, the problem is most likely not at your end.
• The part labeled (3) is the error reported by the server mentioned in (2).
• Part (4) shows the flow of the message between various servers both within and outside your organization. All it takes is a little effort to understand what’s going on.
• Trust your email servers . Don’t always think the problem is at your end, even if it looks like your server is reporting the error. Make an earnest attempt and apply some educated logic to figure out where the problem lies.

The more users you train on how to read NDRs the lesser helpdesk calls you will get. I’ve seen that sometimes very simple NDRs like the following get escalated all the way to the email administrator as an “email problem”:

Your message did not reach some or all of the intended recipients.

Subject: RE: Acquisition of Yahoo Sent: 4/15/2008 11:09 PM
The following recipient(s) could not be reached:
shijaz@2hotmail.com on 4/15/2008 11:09 PM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

The solution? Teach the user how to type an email address correctly .

Talk about security – and Google.

GMail users in Kuwait and some other countries reporting being able to read other GMail users’ email without having to log in.

Full Story:
http://www.news.com/8301-10784_3-9875714-7.html

Google claims that an ‘ISP caching problem’ that allowed users to log in to other users’ mailboxes. This talks volumes about Google’s security, doesn’t it? Does this mean that an ISP can break Gmail security if it really wants? Wait a minute – how can ‘caching’ at the ISP preserve Gmail sessions? Some neat security, huh?

No wonder Gmail is still in Beta.

Thawte gives away free personal email certificates at their website.

A thawte Personal E-mail Certificate in conjunction with the thawte Web of Trust allows you to secure and guarantee authorship of your e-mail communications by digitally signing and encrypting your e-mails.

IN SHORT: A personal email certificate lets you digitally sign all your outgoing email so that the recipient knows that you sent it!

Click here to get a certificate.

A word of caution here, read everything carefully whilst you apply for digital certificate. Remember the password and the question-answer pairs otherwise you will *never* be able to get another certificate for the same email ID. Also keep your password totally secret – a recipient can take you to court for documents that appear to be digitally signed by you, but was in reality signed in your name by an identity thief!

Most of us are already aware of email hoaxes involving Nigerian beneficiaries asking you to help them get their money and offering you a copious sum for the “assistance”. Well, here’s an all-new range of hoaxes. These target job seekers!

Click on image to zoom

Here’s the text of the email message (I’ve marked the ridiculous parts in red , my comments are in red italics: hope you enjoy it!)

JOBREF:CH/21563
DATE: 28/01/07
CLIENT/EMPLOYER:CNL(CHEVRON NIGERIA LIMITED)
LABOUR CONSULTANT: WWW.NAUKRIGULF.COM
RECRUITMENT AGENCY: UNION RECRUITMENT CONSULTANTS
ATTN:ENGR……… , (What a beautiful way to address you!)

At UNION RECRUITMENT CONSULTANTS we specialise in engineering career moves
for professionals engaged in the E&P sector. Interestingly, most of
our clients are not actively looking for a new job, but are keen to
consider the right opportunity.
We listen carefully to what is important to you with regard to
career, family and lifestyle. We then use our connections and
investigative skills (yeah, right) to identify interesting opportunities that meet
your criteria. Some of the moves we engineer are ‘in-country’, but
the vast majority are international placements (world wide) with
some of the best companies in the industry.

DETAILS:
union recruitment consultants; with the mandate to recruit expatriate
services employees’ for the fulfillment of the requirements of nlng “GAS FLARING PROJECT (what the hell is that???) in Nigeria, seek to write your consent after recommendation from our labour consultants (http://www.naukrigulf.com/) recent expatriate vacancies with
our client.

CNL intends to invite prime experienced individuals/expatriates
capable of rendering expertise services in fields below:
a) Petroleum Engineering
b) Drilling Services
c) Civil Engineering
d) Computer Engineering
e) Architect Engineering
f) Marine Engeenering (hmmm…)
g)Mechanical Engineering
h)Electrical Engineering
i)Electronics-Telecommunication Engineering
j)Surveying Engineer
k)Aerospace Engineering (all this for a GAS FLARING project!!!)
And others (what was that supposed to mean?)

PROJECT SHALL REQUIRE:
A cooperate project management team, engineering, procurement,
construction, transportation and installation, safety, drawing,
Designs, Geological services,maintenance and commissioning.
Entitlement, Compensation and Benefits packages include:
. A very attractive net salary paid in US$, Sterling or Euros
equivalent depending on employee
home country and currency preference.
. Quality single or family housing accommodation in company
community.

. Free medical care in Nigeria for employee and family.
. Excellent educational assistance benefits with family status
employment.
. Paid airfares allowing full flexibility with holiday travel. (whats that?)
. Personal effects shipment and excess baggage allowances.
. Full access to some of the finest and social recreational
facilities in Nigeria.
CONTRACT DURATION:
Level 1: 12 Months, (One Year) and renewably only on satisfactory
performance by employee.

Level 2: Full time
Interested candidates must have not less than 3 years experience in
any of the above listed fields.
Interested candidates should forward their resumes/CV with
verifiable reference(s) as word attached document to:
EMail:unionrecruitment_consultants@yahoo.com (Why yahoo.com?)
Interested candidates are also required to contact our Nigerian
Local Office strictly for the purpose of this project.

CONTACT: DR.OGBUJA OKEMINI
Head Of Union Recruitment Consultants (Why is the head of Union Recruitment Consultant contacting you directly?)
Nigeria.
TEL: (+234) 80-64438276
FAX : (+234)82-30 856

**ends**

This is the second hoax mail I’ve received in the past two weeks. The earlier one was supposedly from Shell UK. I thought I’d join in the fun and sent my CV across. Immediately after, I get my “employment agreement” with a whopping salary attached to it – with NO interview. The contract shows Shell UK website is at http://www.shelluk.com/ – there is no such web site!! Two days later somebody calls me on my phone – out of the blue – and tells me I need to sign the document and send them back. Then an “attorney” would contact me, to discuss “what I should do to get my work permit”. Oh yeah – and that’s where the money part comes.

So next time you receive anything in your email, be very sure whom you’re dealing with!

Update:

• There is also a new scam going around from Omni Hotel, Canada. It’s fake. More info here.

Today I received a mail, supposedly from Microsoft, regarding a “security vulnerability”:

Click on the image to zoom

It had an EXE attachment “installation689.exe”. The message was written in the kind of language Microsoft uses to communicate with its customers – clear, courteous and concise explaining clearly what the update is for, etc. The first thing a novice (or even an intermediate) user would do, is to download the attachment and install the patch.

It even had the classic Microsoft footer:

Click on the image to zoom

Now, there are a few things that are revealed upon closer examination:

• The “from” address is suspicious: Network Security Center [xclocltwp@confidence.microsoft.net]. (Hmmm…)

• It addresses you as “MS” customer. It also uses terms like “MS Internet Explorer” and “MS Outlook”. Microsoft officially doesnt use “MS” to address itself . (Hmmm Hmmm…)

• Microsoft NEVER (never never ever) sends an update out to its customers as an email attachment.

• Microsoft update files normally have a filename that start with the letters “KB” followed by the KB article number.

What a clever way to outwit the unsuspecting user! So those of you out there, beware of stuff that comes in your e-mail! Think twice before you run an EXE attachment.

From my experience, 9 out of 10 EXE attachments are viruses. Sometimes they appear to come from people you know, because they are actually sent by malicious programs that have already infected their machines.