Email and healthy skepticism

For a moment, disregard the message at the top of this email, the one that says “You marked this message as Junk Mail.” (I did that before realizing I could craft a blog post from this email.)

Does this message look legitimate to you? How would you handle it? (If you find this image difficult to read, double-click it to get a larger version.)

junk_mail

The answer might not be obvious from the message as presented. I found out it was spam using two tactics (though I could have used just the first one).

Check the email address

On the face of it, the email address seems legitimate. However, every email program lets you check the address behind the “mask” it shows you. That’s what you need to do with EVERY message that looks even the least bit suspicious, particularly if it mentions money.

Here’s how I checked the email address:

junk_mail_fake_address

 

In the image above, there’s a down arrow symbol partially hidden by the pop-up menu it triggers. At the top of the menu, I circled the actual email address. The “pobox.com” domain in the email address doesn’t match the “paypal.com” domain in the mask. Whenever the two don’t match, I automatically write off the message as spam.

Chances are the criminals behind this phishing attempt simply wanted to use an anonymous email that couldn’t easily be traced to them, but I don’t know and don’t have the time to research further.

Anyway, that’s strike one – or more like a weak fly ball to first base. This spammer is out.

Preview the website without opening it

Strike two came from a web page preview feature built into Mac Mail. This feature doesn’t exist in all email clients, but it ought to.

junk_mail_previewed

The word “login” in the email is a link to the website. If you click it, your computer opens the website. But if you do that, you risk having malware from the website you visit do bad things to your computer.

In Mac Mail, you can hover over a link to make a translucent drop list appear. Open the list (NOT the link) and you can preview the page WITHOUT exposing your computer to malware.

The page looks legitimate, but if you look at the title bar at the top of the preview window, you’ll see the actual website where this page lives. This website (a string of consonants spelling nothing in this case) does not match the one the email says it’s from (paypal.com), so I know the site is a fake.

The criminals behind this page would love nothing more than for me to enter my login credentials and click the blue “Log in” button, which ought to be labeled “give your PayPal account to crooks.”

Remember, this “website preview” option doesn’t work in every email client, so if you don’t use Mac Mail and aren’t sure how to preview links, check the sender’s email address instead. That’s much safer. If you accidentally click the link, you risk allowing the page (and any malware a visit to this page triggers) access to your computer.

Check out this great video. It’s worth the six minutes or so the narrator takes to explain how to keep yourself safe from the clutches of phishers. It’s from a website that caters to Mac users, but everything explained applies to users of other operating systems too.

 

2 Comments
  1. Excellent article and excellent advice!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.