I received an interesting email earlier this week that was almost consigned to digital oblivion when it showed up in my inbox. Throwing it in the trash was reflexive and it was only after my subconscious had a few minutes to chew on it that it occurred to me why it was different: it was in my inbox, not my spam folder. Even though I very clearly knew it was fake, Gmail’s usually reliable filtering had failed to detect anything wrong with the email. Not one to pass up an opportunity to teach vigilance, I’m sharing this little “gem” as a bite-sized lesson in spotting fake emails.
Here’s the culprit:
- Clue #1: I do have an digital fax account, but I can count on one hand the number of digital faxes I have received ever. I also didn’t recognize the area code, which a quick Google search reveals to be a Mexican area code. Seeing as receiving a fax is out of the ordinary, I knew this was probably fake, but I did look at it because it was in my inbox. Lesson: Anything out of the ordinary should be treated with a large helping of caution.
- Clue #2a: The use of “eFax®” to refer to digital faxes is like the corrupted use of “Xerox®” and “Kleenex®”. Officially, I’m pretty sure that eFax® isn’t using “omnesys[.]com” as a mail server, and if it was instead that company sending me a fax, a quick search reveals they are in New York, not Mexico. The footer of the email implies this is an official eFax® email, so why isn’t this email from “eFax[.]com”? Here’s where it gets interesting: Google didn’t flag this email as spam because it looks like it was actually sent by Omnesys’s authorized email server “secureserver[.]net” which happens to be a GoDaddy email server. Which means someone’s email account has been compromised. Lesson: Based upon the content of the email, does who sent the email make sense? Even the slightest inconsistency should be a red flag.
- Clue #2b: The fax was sent to info@. My digital fax account is not linked to that email address. Info@ is our website catch-all account, so anything sent to it is already held at arms length it not immediately marked as spam. Lesson: Look carefully at who the email was sent to, especially if you consolidate your email from multiple addresses.
- Clue #3: Rolling over (NOT CLICKING) the link shows me that the “fax” they want me to view goes to “1camper1tree[.]com”. I’m pretty sure that’s not a digital fax service website. Conclusion: totally fake email. Lesson: Checking the URL before clicking will save you from a world of heartache. Learn how to check URLs in whatever program you use to view your email. This is a critical skill you must learn if you want to be safe.
What’s likely to happen in the above situation if you clicked that link is the page you would be taken to would have a very legitimate-looking login prompt asking your email address and password. Entering of such would result in (a) those credentials being stolen and (b) a blank page or possibly a redirect to another website which will then attempt to install malware on your machine.
As I find more of these types of emails that readily illustrate other “tells” I’ll be sure to share them with you in future blog entries.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Chris,
Thank you. Always good stuff.
Best,
Jerry Simon
Like you, I love deciphering this stuff. Thanks for the info.
[…] How to spot fake emails (2017) – TLDR: I dissect a fake email that almost fooled me. Fast forward to now – fake emails are still around and trickier than ever, but the basic spotting concepts still apply. […]
Happy New Year Chris—
You sent this email talking about issues with email….do you know of anything now or on horizon that can work the same way, without all the described issues?
You’re very much appreciated.
Barry Greenfield
Not yet, which is unfortunate, as keeping it safe and useful is becoming increasingly difficult.