It turns out the email was legit, but it reminded me of how difficult it can be at times to tell when you’ve received a phishing email. So, I’ve got a few suggestions for how to identify fake email addresses and web links within an email that you receive.
Phishing is when someone tries to get personal information, like usernames and passwords, credit card numbers, and banking data through email. The email will usually have links to fake websites or even include forms for you to fill out that include a virus. Clicking links and opening attachments from “phishers” could result in the download of malicious software, opening security holes for someone to access your computer, and the theft of your personal information.
Oftentimes, phishers (or hackers) will try to reel you in (pardon the pun) with news that your account may be compromised, or you may have one something or been invited to participate in some event. One email I received was to join a beta test for a game. It looked nearly identical to one I had received a week prior, so I almost fell for it.
Hackers will use popular businesses and services to trick you. For example, Ebay and PayPal are often used as the mask for fake emails. You may receive a message from PayPal asking you to update your password. Apple has also been used to trick users into offering up personal information. The email might read something like, “Your Apple ID was recently used to update your credit card information. If you didn’t make these changes, please reset your password by going to the following link [link].”
It sounds legitimate, right? Here are a few red flags to warn you that an email is not real. First, check the sender’s address. In the picture above, I received an email from the social networking service, WhatsApp. However, the email address came from “cofa.biz.” If the email address does not match the sender’s name (email@example.com or firstname.lastname@example.org, for example), it is most likely fraudulent.
Also, I have never signed up for WhatsApp, so there is no way I would have messages from the service. Another red flag.
Another tell-tale sign that an email is fake is by hovering over the link included in the message to see the actual URL. Different email clients show the URL in different ways. Airmail, which I use on my MacBook Pro, shows the URL at the bottom of the page. Some email clients will display the URL in a pop-out window right next to the link.
In one phishing email I received, I was supposedly receiving an iBooks credit for Apple’s e-books settlement. When I hovered over the link that was supposed to be linked to Apple’s support page, I noticed that the URL was actually for a website that began with “smtr.qgemall.” Obviously, that was not a link to an official Apple website.
Scammers have gotten better at tricking victims into clicking on links or opening attachments that are malicious. Emails used to be rife with grammatical errors, but that doesn’t seem to be as prevalent anymore. Sender addresses used to look obviously foreign (most phishing attempts come from outside the U.S.), but these days I regularly receive emails from .com addresses, which have no distinguishable origin. It is important to have a discerning eye.
Most email clients will redirect emails that look like they could be a scam to your junk folder, but not always. If you receive a message from some company that says you’ve won something from a contest that you never entered, assume it is fake. If you receive an email from a business you are familiar with, asking for updated account information, don’t click on the links in the email. Instead, go directly to the site (PayPal, for example) through your web browser and sign in from there.
Hopefully, you are already familiar with how to spot a phishing email, but if not, keep these tips in mind the next time your red flag goes up.