5/20/15
5:37 am

Recognizing Email Phishing Scams

Chances are you regularly get fake email claiming to be from companies that you do business with. However, these scam emails are trying to trick you into giving up your passwords and other information. It is important to be skeptical of every email message you receive and to learn to recognize the signs of phishing scams. Even email messages that seem to come from friends and relatives can be scams.

Video Transcript (Click to Expand)
Hi, this is Gary with MacMost.com. On today's episode let's take a look at email phishing scams.

I have a new book out called The Practical Guide to Mac Security. In it I talk about a lot of different things. One of them is avoiding things like phishing scams.

Here is an example of a phishing scam. I found this email in my junk email folder. It could have very easily ended up in my inbox had the message been slightly different. It looks like it comes from PayPal. I've got a PayPal logo here that looks real. The email address I can't really tell if it is real or not but it doesn't matter because that can totally be faked as to where an email comes from just as easily as you can fake a return address on an envelope in the physical world.

So I've got the message here that seems like, well, if I use PayPal a lot it is going to cause me to panic. It is telling me that there is a problem with my account and I've got to confirm information within 24 hours.

The problem with this email is that it is completely fake. It is not from PayPal at all. There is no problem with my account. It was created to trick me into giving my PayPal password to someone who wanted to break into my account.

The important thing is to always be skeptical of emails that you get especially when it is asking for you to do something like log into your account or if there is a problem, or anything like that. If you look here and move your cursor over this link here that it wants you to click on you can see that the URL is not PayPal at all. It is some very strange URL that clearly is not from PayPal.

So now right away I know that this is a phishing scam and I should just ignore this email. Just delete it.

But if something were to come up and you were not sure whether it was PayPal or not and it looks legitimate then you want to go to the next step which is NOT to click on the link at all but to go to the site on your own either using a bookmark or typing in the URL that you know to be the real one like PayPal.com or eBay.com or Amazon.com. Whatever the email says it is from and then look in the messages area for that account.

Don't be surprised if you don't find any mention of this problem because this email is a scam and the real site, of course, doesn't have any problem shown.

You see here is the thing about domain names. They have different parts to them. At the right all the way over you see the part that is usually .com or .net or something. That is called the top level domain or TLD. That basically says what type of domain it is.

The very next part, to the left of .com, is the most important part because that is really saying where this domain is located. In this case eBay. So eBay.com is eBay. However it is so easy for somebody to create a domain that looks like this. If you start to read it, like you would see a link in an email message, you would look at it and see www.ebay.com and think, ahh it is the real thing.

But you read domain names from the right to the left. So this part of .net, and .net and .com are both fine and doesn't really mean anything. But the next part, and you see these strange characters there, that is the real location of the server. Everything to the left of that, in this case www.ebay.com, is anything they want to put there. They can make up anything they want. It is their server and they can put any words they want there.

So they are trying to trick you to thinking you are going to eBay.com but actually you are going to this weird xyz123qwe.net site which is, of course, the site that is trying to steal your eBay ID and password by tricking you with a phishing scam.

Phishing scams come in all shapes and sizes. So, for instance, here is one I got and it's from Navy Federal Credit Union, or pretends to be. I don't have an account at Navy Federal Credit Union so right away of course I'm suspicious. But I would be suspicious even if it was from my bank because what these types of scams do is they find a bank that has hundreds or thousands or millions of people and they just send these out. Most people are going to say I don't have an account there.

But if you did happen to have an account there you may immediately just fall for this thinking well why would I get a piece of junk mail. How would they know that I have an account here. So you read this and you see there is a problem and they have attempted to contact you. All that. It sounds very urgent and I need to do something. There may be a link here, just like before, that links to a fake Navy Federal Credit Union site that even looks the same because they have stolen all the graphics from it.

In this case they have imbedded a HTML page. If I double click on that it opens this up. It is actually an attachment and it looks like it is from the regular website. The problem is that if I fill all this stuff out here, look at it, it is asking for all this stuff that is going to just basically allow them to completely steal my account and my identity. If I hit submit it is going to send that to someplace where they can then steal everything.

So this is a particularly dangerous one here and it comes in just as a regular email. I'm sure if they send out millions of these a few people fall for it and that's all they need. Just a few people to fall for it to make a killing at this scam.

Now in addition to just being skeptical and looking for problems and not actually using links in the email messages at all to look into things you can also go to snopes.com. They report a lot of these different things. Here is a variation on a phishing scam that has been around for a long time.

You get an email. It appears to be from a friend or relative. It is actually somebody who has had their email account compromised. Somebody broke into their AOL account or gmail account with a weak password and they just send an email to everybody saying that they are in trouble. They are traveling somewhere and they need some money. I've seen all sorts of different things. There is people having their wallet stolen. People just claiming they have been thrown into jail in some country outside the United States or whatever. They need some money and they give you a way to send the money via some sort of money sending company like Moneygram or Western Union or something like that.

They send this out to hundreds of people on their contact list. Somebody will usually fall for this and send some money, untraceable, wire it and of course that person is not in distress at all. They are just at home and they have no idea that their email account has been compromised.

So you want to just be skeptical of everything. Even if it seems to come from somebody you know. Just make sure you don't fall for one of these scams.

Comments: 14 Responses to “Recognizing Email Phishing Scams”

    Dave N
    5/20/15 @ 7:23 am

    Gary, How can Contacts be accessed, giving these scammers my email address from a friend’s system, so I then get an email from my friend who does not know their contact DB was compromised ? In the past I have received msgs from friends advertising all sorts of stuff … It is clear that my address was gotten from the friend’s address book. Great info, thanks

      5/20/15 @ 7:33 am

      They aren’t accessing the contacts in their Mac Contacts app. They are accessing the contacts list that many email systems (Yahoo, Gmail, Hotmail, etc) allow users to store online. Alternatively, they could simply be reading the To and From email addresses from their email archive stored in the server’s system, not the contacts at all.

    Siobhan
    5/21/15 @ 8:14 am

    The big no no for me is when I am addressed as Client, etc. in the message part of the email.
    I have also asked Paypay directly and they wanted me to send it to them

    Harry Marks
    5/21/15 @ 9:34 am

    I love getting the “distress” scams claiming they’re my grandson and stranded in an Italian jail. I play along with outpourings of sympathy before I tell them that I have no grandchildren. Never have had any.

    Helen
    5/21/15 @ 10:34 am

    I go a step further with paypal scams. I forward the message to spoof@paypal.com . They contact me back letting me know it was indeed a scam and I hope that maybe by having the original it may help them trace the source. I also get messages that say UPS was trying to deliver a package to me and need me to click on a link. Anyone who knows UPS knows how ridiculous this one is.

    Shirley
    5/21/15 @ 10:36 am

    Received emails: one from Apple asking to update my security questions, one from iTunes saying account is to expire in 3 days, and one from iCloud Customer Care telling me my email account had exceeded its limit and to “update here.” All were phony. Sometimes you can copy the email address and paste it into Safari’s address bar and it will tell you it is a “Possible Phishing Site.” All were reported by selecting the message and using the Message Menu to send to spam@icloud.con

    Kevin
    5/21/15 @ 11:01 am

    Also the “contests” on social media sites that allegedy proclaim a trip to be given away. I think most people when they sign up use a commonly used password- that they commonly use and set them selves up for BIG trouble…If it’s too good to be true IT IS A SCAM!

    Robyn
    5/21/15 @ 2:03 pm

    Great video Gary…will pass it on to others.

    James
    5/21/15 @ 2:09 pm

    I can also take a cue from the writing-the punctuation (or lack of it), grammar and sometimes, spelling. Even in the example you showed there is stilted language and poor expression used. Sometimes being an English Major has its rewards. I received one that started with “You account is being close because of problems.”I laughed and deleted it.

    Gary
    5/21/15 @ 2:58 pm

    Gary, very good presentation especially the part about reading the web address from right to left.

    John Stires
    5/22/15 @ 8:08 pm

    Is it typically safe to ‘Unsubscribe’ from email newsletters that come out of nowhere? It seems a logical place for phishers to enter a bogus URL or something that might kick off a malware routine. Thanks.

      5/22/15 @ 8:57 pm

      If it is completely out of nowhere, and you’ve can’t think of any relationship with the sender, like signing up for a site or buying something from a related site, then just delete. Otherwise, if it looks legit, then using the unsubscribe is the proper thing to do.

    Michael Ehrman
    5/23/15 @ 12:42 pm

    The PayPal one also had another great hint within the email body. Verfiy vs verify. While yes, any legitimate company can do a typo, that type of letter/email is a canned response to accuracy as to grammar and spelling is almost guaranteed to be perfect.

    Wilma
    5/26/15 @ 9:49 am

    Great overview, and it’s nice to know I’ve been reacting in the right way to these. Lately had a very authentic-looking phishing message purportedly coming from American Express, which is my primary credit card. A 30-second call to them gave me spoof@americanexpress.com to forward the message, which was a scam they already knew about.

Comments Closed.