How to know if an email is legitimate or a scam. | Schweb Design, LLC

How to know if an email is legitimate or a scam.


Phishing Scams put CC info at Risk

We are seeing more and more people fall victim to phishing scam emails, so we wanted to share some red flags to watch out for and review a couple examples.  

 

Don't trust links in emails... you could allow hackers access to your money, your accounts, or worse... your website.

Think of all the information you have connections to from your computer or phone which you trust daily to log in to or use services like: PayPal, Facebook, Google, your bank account, your credit card, Amazon.com,  eBay, and more.  That last thing you want is a malicious party stealing that information and using it to steal your money or even your identity.   This is only one way individuals can "get hacked" and certainly this is important to watch for, but it could be worse ...

 

Phishing emails could also give 'hackers' access to your website.  This extends beyond the individual because...

1)  If you have a small business website, your website could be used to propagate spam across the internet.   Your website could break or run slowly, be used to host spam & advertisements for  other websites, or even start delivering malicious payloads to website's visitors.  This could not only ruin your business' reputation and tank conversion rates, but could result in your visitors', clients', or customers' money, information, or identities to ALSO be stolen.   Not to mention this all could happen without you even noticing it, unless you have a close eye on your website or active monitoring. (Shameless plug: Schweb Design can do that for you!)

2) Your website could be held ransom by the 'hackers' , costing you more $$ than you have to investigate or pay out. 

3) If you're website is an ecommerce website, your customer's sensitive information could be stolen, such as names, email addresses, physically addresses, etc (not passwords or credit card numbers, because we never store that on the websites or databases we build).

 

What is Phishing?

Phishing is when someone poses as a someone else (such as a trusted website or company) to try to steal your information or money (such as usernames, passwords, bank or credit card information).

This usually manifests itself as an email where the email looks to be legitimate from a company or person you trust, where really its from a malicious party masquerading.  It could also be a website (often linked to in an email)  that looks completely legitimate.
    
See Wikipedia's definition of "phishing" for a thorough explanation.   
    
  

How to know if an email or website is real or fake

Here are some red flags and rules of thumb to keep in mind every time you open an email on your computer, your phone, your tablet. Every time.

 

Red flags that indicate an email is a phishing scam

The email's "From" address or domain doesn't match the actual company it claims to be from.  

In the GoDaddy example below,  the email said it was from "GoDaddy" however the email it claimed to be from was something like "[email protected]".  Definitely a red flag.

GoDaddy Phishing Email from address

 


Misspellings or bad Grammar. 

In the GoDaddy example below,  they start with a sentence fragment simply stating "Due to recent upgrade in our server."   Their grammar could've been improved with "Due to a recent upgrade on..." or  "Due to recent upgrades on..." not to mention using a comma instead of a period.   They also forgot a period in the last sentence.

Misspellings certainly often are worse, for example in Microsoft's Phishing example here "...please follow the link in the email bellow."

GoDaddy Phishing Email button

 

Threats

Many emails threaten you to upgrade immediately, log in now to prevent your service from being terminated, review changes in their system or policy, or even give threats that your security has been compromised and they're trying to help... so you must act! 

 

Emails from big companies… e.g.. PayPal, GoDaddy, Facebook, Amazon.

These are popular companies or services used by millions of people, so they are the best bet for scammers to focus on.  Beware:The email or websites will look like they are from the real company down to the logo, colors, and styling of the content (buttons, white space, layout, etc).

 

Emails requiring your action.

Phishing emails often asking you to take some form of action.  Most often this is to log in and do something such as pay, upgrade, read a message, learn about important updates, etc.  Beware: Sometimes this is very subtle.  For example... the email asks you read an important message and has a simple link to read the message.  You click that and it takes you to their homepage.  They didn't ask you to log in, but naturally you think that if you log in you'll probably then see whatever message they're referring to.  In this example, you'd be on their phishing website, not the real one, and if you attempted to log in you'd simple be giving them your login credentials.

 

Emails that are overly technical

One technique scammers use is to try to blind you with technical jargon and information, hoping to overwhelm you and push you to just act and forego trying to wrap your mind around what exactly the email is talking about (See PayPal email example below).

 

Emails that are unexpected, out of the blue.

See the GoDaddy example below.  All is well; You know you're just paying for hosting. You know when your bill is due annually and you're all paid up.  What's this... suddenly they're requiring you to upgrade?  That's unexpected.

 

Emails that have links.

This is an unfortunate red flag, because lots of perfectly legitimate emails have links.  

 

Even if you see a link that appears to say exactly where it will take you to, it could take you elsewhere.

Here's an example:  http://www.paypal.com

This link very clearly looks like it will take you to paypal.com right?  Go ahead and click on it... it actually takes you to www.google.com.

 

Even if you see a button that looks real, it could take you elsewhere.

Here's an example from GoDaddy's email below.  

GoDaddy Phishing upgrade button

This button is styled like the real buttons from real GoDaddy emails, but it could take you anywhere. 

See How to safely verify where an link will take you below.

 

Email Headers

Besides everything above, the email you receive also contains "headers" which provide more specific, in-depth information about the actual source of the email.  Checking the headers of the email does require technical knowledge and experience.  If you ever need a suspicious email investigated, just forward it to Schweb Design and we can investigate it for you.

 

Rules of Thumb

Be cautious of all links.

Never use an email link to log into your website hosting, PayPal, or other account. If an email appears legitimate, just go log into your account by going directly there (type Paypal.com into a browser).

 

Read thoroughly.

Read an email thoroughly keeping in mind the above red flags. If anything seems suspicious, contact the company directly separate from the email, or ask us first.

 

Verify where a link will take you before clicking it.

Fortunately, verifying where a link will take you in an email is relatively easy.  

On desktop computers, just hover your mouse over the link for a moment and a tooltip will popup showing the actual URL it will take you to (barring any redirects after visiting that URL).

GoDaddy Phishing upgrade button hover

On mobile phones, typically just tap and hold down on the link for a moment for a popup showing similar information.

 

A Couple Examples

GoDaddy "Service Notice" email

This email immediately raises some red flags: bad grammar, urgent and unexpected push to take action, "From" name didn't match "From" email address.

GoDaddy Phishing full email example

 

Hovering the mouse of the button reveals a glaring red flag: the "Upgrade Now" button doesn't link to GoDaddy.

GoDaddy Phishing email button hover

 

 

 

PayPal "Merchant Integration Upgrade Information" email

At first glance at the basic email information, this looks reasonably legitimate, except for the unexpected upgrade and request for action.

 PayPal Apparent phishing email basic info

 

Here is the email in its entirety.  Aside from the fact that 95% of the people who received this email had no ideas what it was saying, this again looks reasonably legitimate.

PayPal Apparent phishing email

 

Hovering over the links in the email, the red flags really start adding up.  Red Flag: ppmts.custhelp.com doesn't look related to PayPal at all.

These links at ppmts.custhelp.com redirected to https://www.paypal-knowledge.com which redirected to www.paypal-techsupport.com, both of which look very suspiciously like phishing websites and aren't on the paypal.com domain.

PayPal Apparent phishing email link hover PayPal Apparent phishing email link 2 hover

 

Hovering over other links reveals that some DO link to PayPal.com.  Perhaps an indication that the email is legitimate or more likely an indication that the scammers are trying to boost our confidence by sprinkling in some legitimate links.

PayPal Apparent phishing email link 3 hover

 

Hovering over yet others reveals other types of links that are not only non-paypal.com links, but are broken.

PayPal Apparent phishing email link 4 hover

 

 

Ironically, despite being a good example of what to look out for with MANY red flags, this PayPal email was actually a legitimate email from PayPal.

The links in the email  redirected to https://www.paypal-knowledge.com which redirected to www.paypal-techsupport.com.  Although the destination website looks dodgy, it is also a legitimate PayPal website.

 

Several things indicate that this PayPal email is actually legitimate…

1. They share an SSL certificate with paypal.com

Both domains paypal-knowledge.com and paypal-techsupport.com share an Extended Validation SSL certificate with PayPal, which you can see if visiting the site by the green indicator in the address bar of the website.

PayPal shared EV SSL Certificate

 

2. They share nameservers with paypal.com

Both domains also share the exact same nameservers as PayPal.com itself. This can be verified by comparing their WhoIs database info on the domain registrations or other DNS methods (e.g.. intodns.com/paypal.com).

NS1.P57.DYNECT.NET
NS2.P57.DYNECT.NET
NS3.P57.DYNECT.NET
NS4.P57.DYNECT.NET

 

3. Enough people investigating it also claim it legitimate.

Because of how widespread this email was (PayPal sent it to a majority clients using related services), it created buzz across the internet as well causing lots of people to speak up about it, investigate together, and post their educated evaluations.  This isn't something you can always count on or something that happens very quickly, but in this case it helped validate this email over time.   You can read more about this confusing PayPal email here.

 

What can we learn from these examples?

This PayPal example goes to show that if you know what to look for you'll be much more protected, but In the end, it's hard to trust any email you receive unless you have the means, knowledge, or experience to do a technical evaluation of the email itself.  

If you have your website hosting, domain registration, and email hosted by Schweb Design, you can rest easy.  We are always just a call or email away and we'll let you know if something looks illegitimate and have the technical knowledge and experience to validate things.  Just ask us if you get a suspicious email.