The KINDLY Method of Appraising Email

Est. Reading Time: 3 minutes

I wanted to discuss a topic that everyone deals with at some point – email.

Specifically, how do I figure out if an email is valid? Have I really won millions of dollars from a  lottery in another country? Does the president of my company really need me to send a purchase order for thousands of dollars right now? Does a foreign diplomat really need my help transferring millions of dollars into my country? Emails that use these approaches seem outlandish and easy to spot as fake, but a surprising number of people fall for these tactics every day.

Fake emails, also known as spam (but this is actually a different kind of email, with a different goal), phishing, spear-phishing, social engineering and other colorful names are sent by the millions every day to people all over the world. Many are far more subtle than the ones listed above. How do you tell what is real and what is fake?

There are all kinds of red flags that I can talk about, and methods of determining the validity of emails have been floated by information security bloggers and writers for years, but I offer this method as a quick reality check. I call it the KINDLY method. It is geared mostly to English speaking recipients, as much of the logic used is based on American spelling, speaking, and writing constructs, but it can be used by non-English speakers as well. Here it is:

K – If the word “kindly” is used in the asking portion of the email, as in “to secure your account, kindly log in with your username and password”, this is the first red flag. No English speaking person routinely uses “kindly” in this fashion in either writing or speech. This same idea holds true for other words and phrases that seem idiosyncratic and out of place, regardless of the language used.

I – Incorrect grammar and spelling. If the emails contains poor grammar or incorrect spelling, especially if purports to be “official correspondence”, it is most likely spam. This is, believe it or not, intentional, and intended to weed out the security aware from the suckers. Regardless of this, it is a major red flag.

N – No association. If an email comes from a company you do not do business with, such as a bank at which you have no account, it is most likely either general spam or an attempt to steal your credentials. If you haven’t ordered a package, don’t click on the link in an email claiming it is from UPS and has your shipping information attached. More than likely, that attachment is full of malware that will install onto your computer and cause mayhem.

D – Desperate timing. Evil emailers all want to create a sense of urgency. If they can rush you into a decision to click on a link or open an attachment, they have succeeded. Our logic breaks down sometimes when presented with urgent, time sensitive issues, even if those issues are fake. If the email states the matter is urgent, or payments are due today, or they have tried multiple times to reach you, more than likely the email is fake.

L – Links/Lottery. The letter L pulls double duty in this process.

  • First, it stands for links. If an email has a link in it, you can almost always hover over the link (don’t click!) and see where it goes. If the email claims to be from Amazon, but the link goes to somewhere other than “amazon.com”, for example “amaz0n.com.ru’, a domain I just made up, but one that has some characteristics that should be pointed out. See how the “o” in the domain is actually a zero? Also, see that the domain seems to contain “amazon.com”, but doesn’t end at “.com”, but actually ends in “.ru”. Spammers, malware spreaders, and phishers all use tactics like this to make links appear to be valid upon first glance.
  • Second, L stands for lottery. The plain fact of the matter is that NO ONE wins a lottery they never entered and you generally can’t be randomly entered into a lottery. Those millions of dollars you (supposedly) won in some lottery in another country are not real, I guarantee it.

Y – Yelling. Common Internet standards suggest that using all capital letters in an email, text, or post of any kind constitutes yelling. If you receive an email that uses all capital letters, especially when referencing large sums of money that you either won, or are available to you, you can rest assured it is fake.

So that’s it. The KINDLY method of appraising the validity of an email.

A NaNoWriMo Update and Other Thoughts

Est. Reading Time: 3 minutes

We’re closing in on halfway through NanoWriMo and my word count is over the 22K mark. I’m a touch ahead of the minimum word count, so that’s OK for now, but I need to get far more ahead, because Thanksgiving is coming…

I found an interesting technology tidbit today. I’m fairly certain that I’ve never mentioned I am a Type I diabetic, at least not in anything published on this site-maybe on a previous site. I’ve been diabetic since I was thirteen years old, so that is creeping up on thirty-five years living with an incurable, but treatable disease.

As with most incurable diseases, especially ones that affect millions of people, there is a sizable support community on the Internet. There are multiple foundations working hard to find a cure, but they are all hampered by the need for any commercial solutions to be approved by the FDA or other regulatory bodies before they are available to the public.

Well, open source technology is trying to make an end-run on this bottleneck. It is succeeding to some degree. Before I dive into how, let me explain the mechanics behind diabetes, particularly Type I diabetes. To simplify this explanation, I will take some shortcuts that medical professionals might feel are inaccurate, but I’m not writing a dissertation, just trying to explain what is broken.

In Type I diabetes, the pancreas, which is responsible for producing insulin (among other things) stops working. This is the root cause of the problem. Without insulin, the body’s cells cannot process sugar, or more accurately, glucose. Levels of glucose build up in the blood, causing a condition called hyperglycemia, or elevated blood sugar. The short-term effects are intense thirst, excessive urination, lethargy, and a craving for sweets or food in general. The long-term effects are damaged organs and bodily systems from dealing with the excessive amount of glucose in the blood.

When a pancreas functions normally, it can react to higher levels of glucose in the blood and produce more insulin to allow the body’s cells to process the glucose. In diabetics, this doesn’t happen. Unless the body gets insulin, a person will eventually slip into a coma and die. There have been dozens of attempts to replace a damaged pancreas – transplants, insulet cell (the part of the pancreas that produces insulin) implantation, and other weirder methods have been tried, all in an attempt to bring the glucose cycle back to normal – a person takes in carbohydrates, the digestive system breaks them down and the pancreas produces insulin to process the resulting glucose.

Insulin therapy, whether shots or pumps, has always been complicated to balance because to properly dose insulin you must know your blood glucose (bg) level. This requires, for most diabetics, pricking their finger and using a test strip and an electronic meter to determine their blood glucose level. They then can use a formula to determine how much insulin to take. Unfortunately, taking insulin after eating, when bg levels are high, has been determined to be less effective at preventing long-term complications of diabetes, which are many, some of which are more dangerous than the disease itself.

It was discovered that the better way to treat with insulin is to determine how much insulin to take prior to eating, to keep bg levels from rising too high. This requires knowing how many carbohydrates are in your current meal, and also knowing how much insulin it takes for your body to process that amount of carbohydrates, which varies from person to person.

The ideal system would eliminate the finger sticking and insulin calculations and coordinate information from a continuous glucose monitor (CGM) and feed that directly into a insulin pump, so that the pump can automatically determine how much insulin to deliver. This would essentially create an artificial pancreas. That’s exactly what two open source projects are doing now. Check out the main website for these amazing projects. They do a much better job than I would in explaining what they are doing.

Here is the Looping website and here is the OpenAPS site, both of which are making strides toward creating an artificial pancreas system. Pretty exciting stuff.

I’ll check back in once I top 30,000 words.