Award-winning web development since 1995
Written: August 22, 2019
Hackers often send me phishing email messages in order to trick me into clicking a link, then trying to login to their fake web page, stealing my login credentials in the process. So how do I keep safe from such attempts?
Just this morning I received an official-looking email, claiming to be from Navy Federal Credit Union.
This email has a beautiful layout, official logo, pleasant stock photo, even nice fonts, so at first glance it looks legitimate, but being suspicious I begin to notice the telltale signs of a phishing scam:
Clicking on the sender’s email address is always the defining identity test.
OK, so even the sender’s email address is bogus, because shuttleplanet.com is not navyfederal.org. The final determination that this is a phishing scam is that pretty, Orange button that they really want me to click, so just hovering my cursor over it reveals that the link has nothing to do with navyfederal.org:
There you have it, I know with 100% certainty that this is a phishing email, not a legitimate one, however the sender was clever in making this email appear to be real with use of a beautiful layout, nice fonts and official logo. So be wary of email messages that invite you to click a button or click a link, because it just may send you to a hacker site that steals your login credentials instead.
Tags: phishingI receive dozens of emails daily, yet I approach anything that reaches my In Box with some skepticism because there are hackers out there that want me to click an email link, then trick me into entering my login credentials on a bogus web site. Today the follow message popped into my In Box, reportedly from American Express:
The subject line looked ominous: Ticket ID #1501K7505F0. My first clue was that I don’t have an American Express account.
Secondly the opening line in the message is: Dear valued member
A real email from American Express would have:
Looking at the from address it shows:
So I know that the sender is not legitimate, because the real address would be something like info@americanexpress.com, not web@online.de
Finally, just hovering my cursor over the Click Here link reveals that this phishing link has nothing to do with www.americanexpress.com :
So I know with 100% certainty that this email is not legitimate, rather it is a phishing attempt to lure me into clicking the link. Don’t be fooled by every email that comes into the In Box, instead, do some of this quick checks to verify that the email is legitimate before clicking any link. This is how to stay safe and yes, it does take away from your product work day.
Tags: phishingMy web site is hosted at 1&1, recently renamed to IONOS after a merger, so I pay attention to email that comes from that trusted vendor in case there’s an issue with web hosting services. Today in my Junk mail folder there was a message that had the proper blue logo colors from IONOS:
Apple mail is pretty good when it comes to filtering out unwanted email, but maybe 1 in 100 Junk messages are actually real messages that I need to pay attention to. The first two words of the email message are “Dear Customer“, however I know from experience that IONOS does know my first and last name, plus they know my account number, so a legitimate email message would have those listed to verify authenticity.
The first paragraph starts out with the word “we”, which is supposed to be capitalized, so I’m already 100% certain that this is a phishing email designed to trick me into clicking a link, then stealing my login identity. As I continue to read the message their are typos and misspellings, so yeah, this is not a very bright phishing scheme.
Finally, the link that the malicious schemers want me to click is revealed to be bogus as I hover my cursor over it, revealing the true destination:
So, I wasn’t fooled by this phishing email and hopefully you too can become more vigilant when looking at email messages that arrive either in your Inbox or Junk mail folders. The bad guys are getting more sophisticated in impersonating legitimate vendors by copying their colors, logo and fonts.
A real vendor always identifies your account number, first and last name, plus their links are at a trusted site that you already have used before.
Tags: IONOS, phishingSeveral times per week I receive official-looking emails from what appears to be a trusted company or email sender, so today I just received an email using a From Name of “DocuSign Signature”, which is a little odd because most email messages have an actual person’s name in the from field.
On first glance this email appears to be legitimate because of the logo, header, grammar and fonts used. Being suspicious the first step that I take is to click on the From Address to see who was sending the email, or at least pretending to be:
Bingo, the From Address is not coming from @docusign.com, instead it is coming from @srcpro.com, so I am 99% assured that this is yet another Phishing scam to entice me to click a link and end up at a site to steal my login credentials.
A second, but more subtle indicator that this is a scam email is that the message isn’t centered on the page, or left-justified. It’s centered off to the right, which a real corporation like DocuSign would never allow to be sent out.
A third point, if I just hover my cursor over the enticing button, Sign Invoice, it reveals a totally bogus and very unsafe web address:
Finally, the content of the email starts out with, “Dear Recipient” which is always a symptom of a phishing scam. A real invoice from DocuSign would have my complete First and Last Name, plus a known Account Number. This email has none of my account details, so it’s a scam, and I should never click the Sign Invoice.
So, stay safe with your email, be on the guard for clever phishing scams like this one that can at first glance appear to be legitimate, but with a few seconds of double-checking turns out to be unsafe.
Tags: phishing
I’ve owned Apple products for over a decade now and so I do pay attention to emails from Apple, and this is what just came into my mailbox this morning:
Email from Apple?
At first blush this appears to be an authentic email from Apple, but then my eye caught the vertical left line in the email body which in Apple mail indicates a Copied section fo text has been Pasted into the message. Apple would never send me a Copy/Pasted piece of text.
Next, Apple would have an account number of display my first and last names, but not so on this email message. So my suspicions were high that this message was a fake, aka phishing message. Clicking on the From name revealed an address that wasn’t from apple.com, so I knew 100% that this was a phishing message:
Not apple.com
The final confirmation that this email was not legitimate was to hover my cursor over the link included:
Bad link
Although an email may look like an official Apple message, I took several steps of precaution and never clicked the link because I knew that something was a bit off with this message. Hopefully you will become more adept at spotting email messages that are instead phishing for details like your real Apple account login credentials, by thieves who want to steal your digital identity.
Tags: Apple, phishingI’ve been using Quicken software for decades now to run my business and personal financial tasks, so today when I received an official-looking email from Intuit Quickbooks I took notice.
Phishing email
On the surface this looks a bit legitimate, yet when I probe to view the email from address it shows something invalid:
Invalid address
The final determination that this is an unsafe phishing email is to hover my cursor over the Green button, View Bill Here:
Bogus address
The bad guys are out there sending us phishing emails to trick us into clicking on their links and then start to steal our login identity. Don’t fall for it, just research the From address, Link addresses and then decide if it’s legitimate or phishing. Back to work for me.
Tags: phishingI have been using Google Docs (aka Google Drive) for several years now, and it’s another easy to use, cloud-based storage where I can keep important documents for my own business or documents to share with clients and other freelance professionals. Today I received the following email message:
At first glance it looks like a legitimate email message, however the subject line includes an email address that doesn’t exist although the domain name is from my own web site.
The big, blue button for View Document links to a phishing web site that has nothing to do with Google:
Phishing Link
S0 now I know for certain that this is yet another phishing scam that wants me to click a bogus link and end up at some web site that will steal my username and password. The second clue that this email is a phishing scam is the From address:
Phishing address
So, be safe today when you receive an email like this one purporting to be from Google Docs, when in fact it is really a phishing scam trying to steal your username and password instead. When in doubt about an email check for these signs:
I do own a few Apple products in my business:
So today when I received the following email it looked legitimate:
Apple ID
The first clue that this email may not be officially from Apple was that it started with Dear Customer, instead of using my first and last name. I next clicked on the From field in the email to see who actually sent the message:
spoof email
OK, so now I knew that this wasn’t an official Apple email because the From address didn’t contain apple.com in it’s name. Furthermore, when I hover over the link for Learn More the address was revealing:
Phishing URL
This is the hacker’s phishing address, not an actual apple.com address.
Even when an email comes from a big name like Apple, do a little checking before clicking any hyperlink, just to ensure your safety and not fall victim to a phishing scheme that is trying to steal your Apple ID and password.
Tags: Apple, phishingIt’s Monday morning, so time to get caught up on my emails for the day. Ah, here’s one from a company that I’ve used before: LogMeIn. They have a neat service to allow remote control of computers, quite the time saver so that I don’t have to hop into my car and drive over to a client location and see what is going on with their computer while browsing a web site that I’ve built.
The actual email looked a bit suspicious to me at first.
What caught my eye first was that there was no corporate logo in the email, or a footer with the typical security language.
Secondly, there was no personal information like my complete first and last name or my account number.
The final determination that this email was a hacking using a phishing scheme was the actual hyperlinks, as I mouse over the hyperlinks they go to some hacked web site in Japan, not logmein.com in any way:
So there you have it, to ensure that an email from a vendor is legitimate look for these good signs:
I just went through my morning list of emails and there was one message from Self Electronics about the shipment of an iPad. It’s a coincidence that I already own an iPad, however I didn’t order any new iPad.
The senders of this email set a subject line as if we had been communicating before, adding a bit to the realism of the message. I was curious if there actually was a company called Self Electronics, so I browsed their web site:
So this company doesn’t even have a valid web site, that’s enough info for me to know that this email really was just another phishing scam where they want me to click the link for UPS tracking. The final test of authenticity is found by hovering over the UPS link:
So the UPS link is really for some bogus web site, telling me that there is no need to be lured into clicking it.
Remember, a real company will know a lot about you and in their legitimate email it will include info like:
If this trusted information is missing from your email message, then it’s very likely that you are being duped by a phishing scheme or just some shady site trying to sell you something that you likely don’t even need. With a little precaution you can make certain that all of your emails are legitimate.
Tags: phishing
©2019 Tualatin Web LLC. All rights reserved. |
Payment |
Web Hosting |
Privacy |
