So let’s suppose your spam filter lets an email through to your inbox that looks legit on the surface but is really phishing spam. Not all spammers are stupid enough to pose as a Nigerian prince with piles of cash. Often spammers will use menacing or alert type emails to get you to click on a link. One approach the spammers take is to make it look like there is something wrong with your account.
I got this email today and although I know that my mailbox quota was not exceeded, I checked just in case. At first glance, early in the morning on my first cup of coffee, this email looked kind of legit. Upon consuming more coffee and further examination, I thought this spam example might make for a good post.
Here are some simple things to notice:
- Timing: It was sent early in the morning when someone seeing such an alert might click on a link before examining the email very well.
- Look at the From address. (smaller red arrow) This address has nothing to do with my web host or mail server, neither of which is in New Zealand. In the preview window of this email client or on a mobile device the From address is not displayed, so it is important to avoid jumping at the chance to click on a link until you see where the email actually originated from.
- Sneaky branding: They include an image that I use in my branding. This is actually a very poor image to choose because it is a tiny favicon and therefore appears pixelated in this email. But automated scrapers can easily grab these little icons for any page on the web. Spammers will try to make you think their missive is legit by any means they can.
- Urgency in the message: Notice the scare tactic in the copy. This one states that my mail box is full, emails are bouncing, and furthermore this will be communicated to the senders. These senders might be new business or existing clients, but it is a scare tactic to try to increase urgency in my response. Also, when reading the copy in a suspect email, look for poor grammar and sentence structure. This one is written well, but they do make an error in leaving out a space after ‘not delivered’. Sometimes the English is so bad you know it originated from a non-native speaker and this could raise a red flag.
- Appearance of Legitimacy: Notice that at a glance the hyperlink looks legit. Often webmail will use a subdomain for mail functions. However, look closely and you will see the https is followed by a semicolon rather than a colon (circled in red). This makes the automatic linking the email software does inoperable such that the programmed link will be active. They have programmed the link to go somewhere else than that which is shown to you.
- Spam Links: If you mouse over the link (careful not to click on it), you will see the programmed link come up in the lower left of the mail window showing you where the spammer really wants to send you when you click the link. (big red arrow) This URL obviously has nothing to do with my domain or hosting. This URL actually goes to a page of their choosing that will seek to do something nefarious.
- Fake Corporate Structure: This one is easy for me. The email says it comes from my domain support department. I don’t have a support department. In a small business, you know your business structure and you know if you have a support personnel or whatever bogus department they are touting.
If these little tells do not do the trick, there are deeper ways to dive into an email to see if it is spam. But these simple pointers will help you decide if a suspect email can pass a smell test. If you are still in doubt, and a client of mine, just forward them to me and I will dive in and let you know.
But, when in doubt, do not click on anything!
