Email and Text Safety Tips

Internet/Web / By
Share
Pin
Tweet
Email
0 Shares

Reviewing email and text safety tips, and how to avoid malicious activity, is always a good idea.

As scams become more common and scammers become smarter, a refresher on dos and don’ts is helpful.

Things to Look For – Email Addresses

Question the authenticity of every email and text!

Check the sender’s email address. People can make the display name whatever they want to. So it’s up to us to see if the “Netflix” email we got was sent from s931938j.z.azez@gmail.com or billing@netflix.com.

If Xfinity is spelled as Xfinry (yes, this is a real example) then it’s safe to assume the email/text is fake.

Be sure to check for spelling errors within the message. Although it is possible that official emails/text might contain a typo, they generally don’t.

Fake JG Wentworth email. Spacing between the last few letters makes this a very obvious phishing email.

Things to Look For – Formatting

Sometimes formatting can provide clues too. If it is unprofessionally formatted, it is easy to tell it’s fake. If the body of the message is one large picture, that is a red flag. Unfortunately some scammers copy elements from real emails and use real designs to try to fool you. Below are some actual examples.

Major red flags: Sent to multiple people shown at the top. The payment amount doesn’t match.
Minor red flags: Knowing a brand’s current theme can help. Formatting may be very outdated or incorrect. The sentence structure also does not match how Xfinity addresses customers.
The sender of the fake Xfinity Email.
Fake text pretending to be Fidelity. The URL is clearly not Fidelity.com, and even misspells the name as “Fidilty.”
Poorly formatted
Fake email with a well made stolen format (the top banner is a video as well.)
The “Reply To:” at the top is a giveaway as it is not Amazon.
The address of the sender of the fake Amazon Prime email. Matching the “Reply To:”

Legitimate emails will end with their proper web address in the final two positions after the @ symbol. Such as support@netflix.com or noreply@amazon.com. Though it is possible to spoof a real web address, it isn’t currently very common, and is often more targeted. There is technical information that can tell you if an email is spoofed or not which we will touch on later.

If the message is written to multiple people, and you can see a list of random email addresses, then it’s safe to assume the email is spam or a scam.

If you feel an email may be legitimate, but you are unsure, you should go straight to the website yourself and check on your account. Do not click on ANY links in an email you are unsure about.

Email Spoofing/Impersonation

Though it is possible to spoof email names beyond just changing the display name, it is currently a far less common, but more effective, form of phishing.

Here at SDM we had a fairly convincing spoofed email sent to Kristin. The email appeared to be from an employee’s email address and even displayed as it would if sent from a contact. We figured out ways to tell that this email was fake, apart from simply knowing it was not something that was sent.

This is a reply , which contains the original email that appears to be from Anthony@sdmfoundation.org. It is asking Kristin to change the direct deposit bank account information for a paycheck.

Clues We Missed

At first we suspected the account was hacked. We quickly realized that was not actually the case. But, the email contains red flags that we missed initially.

One of the biggest red flags we can see initially is the “reply to” email at the top reading “Directdepositoffice00@email.com.” This would not appear in a normal email conversation between Kristin and Anthony. It was not obvious until AFTER Kristin had answered the initial email.

A lesser red flag is simply the wording. The entirety of the email is in a very generic formal business like format. Kristin didn’t question whether Anthony would normally say things like “I need your prompt assistance on this matter” or “Blessings”.

How to Check

Because we had not seen this high level of Email spoofing before, we took the time to figure out how it was done. We found it isn’t difficult to do, and with a little bit of playing around we even figured out how to get it past Gmail’s spam filters.

Though we aren’t going to explain that process, we did find a method to determine the legitimacy of the message sent.

Using Gmail as our example, we were able to see some technical information for each message sent. Click on the three dots in the top right of the email, and then select “Show original.” Below is an example of where to find that option.

In the image below we can see the original message information for an email sent from Anthony@sdmfoundation.org and the fake one we saw above.

The first thing we see is the Message ID. We can see the real message ends in gmail.com, whereas the fake message ends in apps.rackspace.com

In the “from” section we can see the same email information, but the fake one has mention of the webmail used.

We will not go over the last 3 settings, but we can see the 3 passes on the real email, and the fails on the fake one.

Other Types of Scams

Support Scams

Unless the information is coming from the antivirus software on your computer, never trust a pop up/text/email that says you have a virus on your device. Never call a support number from a pop up, email or text.

To contact a company, search for the company in a browser and go directly to their official website. Do not use the sponsored links at the top of the search results. The sponsored ads are easily hacked.

Most of the major companies like Google, Microsoft, Amazon etc. don’t even have a number you can call. They often deal with customers exclusively through web tickets. Amazon, for example, has live chat agents accessible on their website or through their phone app.

Never give anyone remote access to your computer based on an email or text.

Never buy gift cards for anyone if asked. No company would ever ask for them. Neither would the Police or the FBI.

Payment and Bank Scams

You may also receive fake emails that look like they are from PayPal, Venmo, your bank, or any other financial institution. This is an attempt to trick you into giving them information.

These messages will often say a large payment was made, or that your account needs to be checked.

If you click the link in the email, it opens a fake website that is a clone of the financial institution’s. You will need to input your account details, card information, SSN, and anything else that they can use to steal your identity.

Cyrillic Character and Other Rare Scams

Scammers can even send fake website links that look real using characters from a different alphabet. For example “Amazon” and “Amаzon” look identical. In reality though, the lowercase a is considered to be two separate characters to the computer, as the second example of Amazon above is with a Cyrillic lowercase a.

Some scammers impersonate family members, claiming to be stranded, or sick. Or an email comes asking if you could help them, or click to see who died. Always verify the phone number and speak directly to a family member. Generally anyone asking for money over the internet needs to be a sure thing. Verify that its legitimate and never send money anywhere you aren’t 100% sure about.

If in doubt, feel free to call or stop by. We help people double check every day.

If you have questions about Email safety tips, or our services, just call or email. We’re happy to assist you! Feel free to use our contact form to send us a message. Thank you!

Share
Pin
Tweet
Email
0 Shares
Scroll to Top