Do you have questions about a Phishing Email? Check the sections below to see if you can spot the fake email before you submit to Advantage. While we are always happy to confirm suspicious messages, we believe over 90% of phishing and spam can be identified by our clients on their own. What do you do when you spot a fake – report as spam and delete!
Is the sender legitimate?
The first thing you should look at is the email address of the sender. Does the name match the email? Does the name match the “Display Name” of the email address?
As you can see above – this email claims to be from “Amazon Service Team .” Sadly, the email is from the display name “Customer Center” and email address <firstname.lastname@example.org> which is not anything related to Amazon. This is a fake email and should be ignored, marked as junk, and deleted.
Legitimate Sender but inconsistent information
Scammers bread and butter is getting a hold of someone’s account and using it to contact people in that persons contact list to try and trick people into clicking on links in an email. When the above question about the authenticity of who the person is doesn’t immediately confirm your suspicion, the next step is to look at the message in question and the type of links/attachments they are sending.
The following email example has had the legitimate information removed but the message sent to Erik had a number of obvious problems:
- The “Hello eriks,” is not even properly extracting the persons first name and it’s not capitalized as it’s just pulling from the email address username. Red flag.
- You can see even in my screen shot as my mouse was hovering over what looks like text, it’s actually one large image file with a link to https://www.canva.com. Canva is not the domain name of the company sending the message. Another Red Flag.
- If you copied and pasted the link in the email (even though it’s not a link but an image file) into your favorite web-browser – you’d see it wasn’t taking you where you wanted to go. Instead, it launched you to a fake Microsoft Login Page (see below):
The above is called a Proxy Website – it’s displaying content from Microsoft while stealing your information. If you look at the URL, it is NOT microsoft.com and as soon as I put in an email address – it properly branded the client’s login page making it look legitimate. Always look at the URL that starts with “https://” and make sure it’s going where you think it should. This domain has been hacked and is being used to steal people’s credentials.
Links, QR Codes, Text Messages
Emails are much easier when the content automatically takes you where you want to go fast, easily and conveniently. Both legitimate businesses and scammers love to use links in their emails to track what you are doing and bounce you around to different sites. This is why we say “NEVER CLICK ON LINKS IN EMAILS”. This goes to Text Messages now too. Even QR codes can be dangerous so never scan something you do not know is coming from a legitimate source.
But I want to go to the link! This is where hovering over the link and copying the link are your friend. Yes, it’s slower but sadly it’s the only way to make sure you are not being tricked. Try the two examples below to see what we mean:
Hopefully you understand how easy it is to hide information behind a link. Just like enabling 2-factor authentication, it may seem burdensome but it really will reduce your risk level drastically if you simply choose to copy and paste links instead of clicking on them. If it doesn’t seem right – pickup the phone and call the person who sent you the message. Any legitimate link can be confirmed by the sender.
How do I avoid looking like a scammer?
Don’t include tracking links. These are links that don’t take you directly to the website in question but instead bounce the user through a 3rd party link to track clicks or gather telemetry data on the person who clicked on the link. We recommend DNS filters that block known trackers, advertisers and malicious links which typically block the URL making your click fail anyway.
Try not to send Word, Excel or PowerPoint Documents directly to people. These are great pieces of Malware for scammers and if you are sharing files with someone – you should be using your own internal network share, your NAS or OneDrive/Sharepoint instead of sending the file directly through email.
Avoid hyper-links if possible and just include the whole URL in the message. For example:
Bad: Come visit Advantage Computing
Good: Come visit https://www.oraces.com
Still are not sure – open a ticket and send us the email in question and we’ll happily test it for you.