[Security] How to deal with spam mail that faking friend request

Recently, I received several of following mail, and it was a trouble.
Hi, I'm Nita.
Let me explain what I've found and did, and I hope this will help.

I almost got fooled, but this mail is spam. The spam's objective is to increase members of SNS called flipora.com.
The sender addresses are something like info@flipmailer.com and/or info@discovernewwebsites.net, info@info-emailer.com, but when you click on the link on the mail, you will be redirected to a login page of flipora.com.
(It is safe to assume there are several versions of the senders and/or the text.)
If you carelessly click the link on the mail, the same mail you received are sent to addresses on your account's address book.
That is the moment you become the perpetrator as well as the victim.

The following is some of the methods to recover from it when you received the spam.


1. Check the sender's address

Check the sender address is the same as the e-mail addresses on the mail.
If the displayed name and the sender address are different, you should suspect the mail is spam.
Faking the sender is one of common tactics used by spammers.
In this case, the sender will be like a following.
If the sender is like a following, the mail may be a spam.



2. Delete the mail without clicking links on the mail

Do not click any links on the mail including "Accept" and "Decline."
The links on the mail are the same.
Delete the mail immediately.



3. Remove authorizations for apps from your Google Account

If you received a mail like this to your Gmail account and recklessly clicked one of the links, apps are connected to your Gmail account and send the same mail you received to every address on the address book of your Gmail account.

In such case, click on the following link and go to the Google account's management page then, remove any apps' authorizations that not necessary nor not sure what app is for.


Apps connected to your account


4. Delete account from flipora.com

This step only applies to the mail from flipora.com. When you access to flipora.com by web browser, you may already logged in.
If you are not aware of flipora.com account, delete the account by following procedure.
1. Access flipora.com, and then click "FAQ" located in gear button on upper right.
2. Click "Cancel Account" in FAQ page.
3. Enter e-mail address that received invitation from flipora.com, then click "Cancel Flipora."
This concludes account deletion process.
The account deletion may take up to 20 minutes, but just close the browser.

5. Uninstall adware

In Windows PC, flipora adware may have been installed. This is also reported by Symantec.
Adware.Flipora | Symantec.
The adware can be removed by normal uninstalling method.



Incidents like this are increased over spreads of internet, and not new.
When you noticed abnormal and/or suspicious mail or mails, process them wisely, so you do not have to go through these steps.

As I said in the beginning, you may become the perpetrator as well as the victim at the moment you click.
So, please do not become the victim/perpetrator like me.