Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication (Wikipedia).

In my September 3 post, “Avoiding Scams,” I offered some insight on recognizing web-based advertisements with similar intents. It’s important to know how to also catch fraudulent emails that may appear legitimate and may not have even been marked as spam.

Case Study

I received the above email in my inbox last week. Let’s walk through some of the ways it’s obviously a fake.

  1. The sender is “iCloud.” and the subject is “Your Storage Support.” Note the periods. Also, Apple doesn’t send emails from an entity called iCloud.
  2. The actual sending and reply-to email address is support_noreply@cupertino.com. Apple doesn’t own the domain cupertino.com, which I didn’t otherwise recognize. You can find out using whois.com.
  3. The message is not addressed to me by name. If ever Apple sent me an email, it would say “Dear Ben.”
  4. The grammar is atrocious! For example, “…will expire soon if you not filled your billing information.”
  5. Emails are generally not copyrighted. This one is attributed to “One App le Park Way.”

Not Convinced?

If you read the email, were scared by the implications, and didn’t consider the validity, you can take a step further to prevent a misstep.

Don’t click! Just mouse over any links in the email to find out where they lead.

If you’re using Mail, the destination address will appear in a tooltip adjacent to the cursor, as shown above. If you use a web browser for your email, look on the status bar at the bottom of the window.

(Don’t) Head In

Still want more details? You can reveal the full headers of the email for a deeper investigation. In Mail, look in the View > Message submenu or press Shift+Command+H.

In the email in question, this line caught my eye. Notice how the server didn’t think it was spam. Also, it got very low scores for “suspect” and “phishing,” which is probably why it arrived in my inbox. (Most of the scores are out of 100.)

Proofpoint helps companies protect against cyber threats, including analyzing incoming email and identifying phishing attempts.

What to Do Next?

Some companies recommend that you send them the phishing emails you receive so they can investigate further.

For example, for emails related to Apple services, Apple provides this informational page and requests the original message forwarded as an attachment to reportphishing@apple.com. This command is in the Message menu of Mail.

Have you been the unaware but willing participant in a phishing scam? How far did you get and how to did you recover?

Give me a call if you get a message that concerns you or asks you to do something you’re not 100% sure about. I’ll help you validate it or point out why it’s fraudulent.