I regularly receive emails forwarded from clients and from my Dad (as per the one pictured) with an email they’ve received asking me "is this a phishing scam email, or a genuine one?". The kinds of emails they receive are:-
- An email from their bank asking to verify their details
- An email from Apple asking them to validate their account
- An email from a whole host of other well known companies, asking for similar things; account validation, password changes, etc
- An email from companies such as DHL, UPS, Companies House or other well known companies/organisations, with a statement attached. The attachment is usually a virus in a file ending in .zip or .exe
- An email from a foreign company telling them that they need to secure their domain name / web address
- You've received a new fax
- You have a new Secure Message
- Voice Message Attached from 01XXXX XXX XXX
In 99.99% of cases *ALL* these emails are scams. However, if you're not 100% sure, here's a quick guide on the "Do's and don'ts" when you receive an email like this, and how to tell the genuine ones apart from the Scams
Do's and don'ts
Well it's a bit more don't than do!
- Never click on a link or web address in any of these emails. Even if the web address looks genuine, and even if you don't do anything on the web page that opens up, by clicking on the link you're telling the scammer that you've received their email as as soon as you click on the link, they can track that you've clicked on it. If they know you're the kind of person that will click on their links, then they may target you even harder and try and trick you out. Read on to find out if the links in an email are genuine or not.
- Never click to view the images in the email. When and if you do, just like above, the scammer also knows that you've opened the email. Tracking like this is why most email programs these days don't show the images in an email until you click to view them.
- If there is an attachment then don't open it! Usually if the attachment ends in .zip or .exe it almost definitely spells trouble. But if you're not sure, just don't open it!
How to tell a genuine email apart from a phishing one
First, always operate a "guilty until proved innocent" approach. As I say, the vast majority of emails like this ARE phishing scams, viruses etc. So presume that it is, unless you can conclusively prove otherwise.
Let's take the example below, which my Dad forwarded to me earlier today to ask if it was a phishing email scam or not. My Dad recently purchased an Apple computer so the scammer was luckily well timed:-
- Check the senders email address
- Usually the senders address will *look* like a genuine email, but it's not actually the genuine email address for the company they claim to be
- Check to see if the last part of the email address they're sending from does actually legitimately belong to that company. A company like Apple will use apple.com for their web address, and not other variations such as this-is-apple.com or account-verification-apple.com, or other things made to look genuine
- In this case, the sender appears to have masked the email to look like Apple's email as the email address does end in apple.com
- Check where the link points
- This really is the most important part
- In this case, the link is the word highlighted in blue, above... "Restore >"
- In most email programs, you should be able to right-click on the link and copy the web address which the link belongs to. I've included an example screenshot above, but each email program is different so it could be along the lines of:-
- "Copy link location"
- "Link Target"
- "Edit Hyperlink"
- Or, if none of those options are available, then try:-
- This:-
- Click Reply/Forward
- Right click on the URL>> Edit Hyperlink
- Copy the link from the Address Textbox.
- Or this:-
- Right click on the link and go to "Properties" to view the link. If you do need to go to properties, you're looking for the text which starts with http://
- In this example, the link was:-
http://www.apple.com-uk-cgi-bin-webscr-cmd.org/restore/account
- Now if this link is genuine, it will go to Apple's website to restore the account, like the email claims. If the link isn't genuine, it will go to a fake phishing website, which may look like Apple's website but is not. This fake website will ask for your personal information in attempt to use it to steal from you or commit identity fraud using your details.
- So how do we tell if the link is fake or not?
- Find the first forward slash / after the http://
- Now, move left from that point, to find the first dot you come across
- Last, make a note of the bit in between.
- The part in between will be the "domain name" that the link is pointing to. This part is the part which will help you tell if this email is genuine or not. In our example, the domain name (as per the above picture) is com-uk-cgi-bin-webscr-cmd.org. Now unless Apple have changed their company name to com-uk-cgi-bin-webscr-cmd.org and nobody's told me about it, then we can be pretty certain that this domain name isn't in fact apple, and is the domain name / web address of a scammer, and it should not be trusted!!
- As you can see, although the part before com-uk-cgi-bin-webscr-cmd.org was www.apple, this isn't the actual domain name itself and because this part is separated by a dot (.), the scammer can make this bit up and call it whatever they like. It's a very clever trick, but hopefully now you've read this you're a little bit wiser!
- If the domain name looks like the company's actual name, but includes a variety of other information, then it's usually because it's a fake domain name, especially if it includes lots of hyphens (-). So it's safe to say anything along these lines would be fake:-
- verification-apple.com
- your-invoice-ups.com
- notification-system.com.cgi-bin-org.com
In Conclusion
Remember.... operate a "guilty until proven innocent" mentality when opening emails like this, and don't click on links unless you're 100% sure they're genuine. Chances are, it will be a phishing scam, trojan or virus!!! If an email is asking for account verification or to restore your account, remember that it is extremely rare that this would ever genuinely happen.
I hope you found all of the above useful, even though it's a lot to take in! The good news is that once you've learnt how to check if an email and a link in an email is valid and done it once or twice, it should be easy to remember and become second nature to you.
Now Dad, I'm hoping you've read this; so please do me a favour and stop forwarding me these damn emails!!!
