“Our records show that you need to verify your billing information. Please click on the link below…”
Or this one:
“Suspicious activity has been detected on your account. You must confirm your identify or we will have to…”
Take a look at this e-mail message purporting to be from “Amazon”:
Uh-oh! Sounds serious, right? And like just about anyone today, I do have an Amazon account…
But wait. Does anything look suspicious to you?
Yep. Check out that sender address: “firstname.lastname@example.org”. Who’s that? I have no idea, but that address sure isn’t Amazon.com, or Amazon anything!
And then there’s that “AMAZON VERIFICATION” link, the link that the (poorly written) message text is urging me to click. Will clicking it take me to some legitimate billing page belonging to Amazon? Not likely! Fortunately, we can check, without clicking! I just place my cursor (i.e., “pointer”) over the item to be clicked, as if I were going to click it, but I don’t click it. I wait a second or two… and here, my mail app reveals the destination of the link. Look at my image above: although the image doesn’t show my pointer, you can see where the link contained in the button appears right below the suspicious link.
The link says “http://www.mdhouse.com.ua” followed by some more. What is this? I don’t know… but is sure isn’t Amazon.com! This message is faker than a three-dollar coin.
Okay, that was too easy, too obvious. Here’s a slightly trickier example, supposedly a message from Apple:
Let’s see what we have that grabs our attention:
- The email appears to come from “Apple <email@example.com>”. That looks official!
- The email points to a scary problem about someone accessing my account. Oh no!
- In its closing line, the email claims to come from the “Apple Support Team”! Yikes!
- In my case, as a purchaser of Apple products, and as a user of the iTunes Store, the iCloud service, and probably more services, I actually do have one or more accounts registered with Apple. So this email message grabs my attention.
Uh-oh! Is this something I need to act on?
Not so fast. Let’s take a look at what’s fishy here:
- Like the Amazon message above, the message has troubles with English. It starts with “Support Team detect someone has Accessed”, and just lurches downhill from there. (And would Apple really write its own name as “apple”?)
- The email references my “apple account” – but what account? This could certainly fool some people, but as a long-time user, I know that Apple might refer to my Apple ID, or my iCloud account, or my iTunes Store account, and so on, but not simply “apple (or Apple) account”.
- Continuing from the above point, the whole thing is just vague. Generally speaking, companies do not send vague messages like this; any legitimate message should provide very detailed explanations of what is needed and why.
- There’s a button that the senders want you to click… but where does that button lead? As above, you can check without clicking! Place your cursor (i.e., “pointer”) over the item to be clicked, as if you were going to click it, but don’t click it. Just wait a second or two… There, my mail app reveals the destination of the link. Look at my image above: although the image doesn’t show my pointer, you can see where the link contained in the button appears right below the button (it’s http://www.rimbo-enigl.com.gridhosted.co.u…).
What is that link? We don’t need to know and we don’t need to care. The message claims to be from Apple, but that link – http://www.rimbo-enigl.whatever whatever – is not Apple’s web site (apple.com). That means it’s spam, and most likely a scam, and that’s that. Don’t click on that button, Delete the message and forget about it.
Lessons? Take these away with you:
- Remember how the sender address in the second example, “Apple <firstname.lastname@example.org>”, looks like a legitimate address? Well, don’t trust sender addresses. Scammers can easily fake sender addresses (or “spoof” sender addresses, as the experts say). A sender address that appears to be from your employer, or bank, or a big company, or the IRS, etc. does not necessarily mean the email actually came from that sender!
- Likewise, the closing “Apple Support Team” means nothing. Anyone can write such a thing into an email message. You could write “Apple Support Team” or “World Bank” or “Nigerian Prince Benjamin” or whatever fake nonsense you like into an email message, right now. (You won’t, though, of course.)
- Always remember that trick for checking links before clicking: “hover” your pointer over the button or link, and wait for the software to show you the real link under there. (Whether this works for you will depend on the software you’re using. It works for my email software (Apple’s email app “Mail”) and my web browser (Apple’s web browser app “Safari”); give it a try in your own email software and web browser to see whether it works for you. It probably will!)
Have you come across email scams like this? Have you fallen for any, with bad results?