Spammers are getting very creative these days, and unfortunately, people are falling victim to them. The problem is the general public is not knowledgeable enough to know the difference between real mail and spam mail because they do not know what to look for. Take this email I just received today. Here is a screen shot:
Spam email made to look like it came from Apple
Looks legit right? At first glance, it does, and this is where most people get caught, well, those with Apple accounts of course. I mean the easiest way to know its spam is when a company you never heard of, asks you to verify your account with them… Especially with Banks, I get Bank of America emails all the time asking me to log into their system… as a Canadian, why would I have a Bank of America account? But if that email hit someone who did have a Bank of America Account, and they do not check more in-depth to verify that it is a valid email, they fall victim.
So back to my email this morning, first thing I checked, where does the link go? I don’t just click it, it could be a link to a virus or a downloadable file, no, I just hover my mouse over it to verify if it goes to Apple.com or not… This is what my status bar showed me as the true URL (link):
Yup, looks Legit… Not!
Ok, so I see that its a link to a regualar site, nothing too dangerous about it, so for educational purposes (DO NOT TRY THIS AT HOME, I am what you consider an expert [Go Mythbusters!]), I decided to check if it has been caught yet. If it has been caught, browsers like Firefox and Chrome will tell you the site has been reported as a suspicious site, and will try and block you. This is a tell tail sign that its a scam, but they are not always reported by the time you get the email. In my case, it has yet to be reported. Here is what I was forwarded to:
Apple Scam login form
At first glance again, it looks legit, it looks exactly like the Apple site and all links save for the submit button go to the Apple site, but did you notice the URL at the top? If not take another look at the picture, You will notice you are not at Apple.com. Always check the URLs to make sure you are at the official site.
Another tidbit of info: scammers are lazy. If you do not enter a name and password, normally a legit site will kick back an error saying something didn’t match, in most cases (not all) on a scam site, this does not happen, and is true in this case. Without entering any information at all, (normally I would use a fake email like “haha@fuckyou.com” with a password like “Imnotstupid”) I clicked Submit and was forwarded to the most dangerous page for those who have, at this point, not figured out its a scam. The verification of all your information including credit card info:
Scam verification page
Once filled out, and you click submit, the scammers will have all the information they need to commit identity theft and use your credit card to make purchases in your name. Also once clicked, you are forwarded off to the official Apple website, the first and only time you will be on the official site.
So to recap, here are some pointers to avoid being scammed:
1. If you do not have an account with the company emailing you, chances are its a scam, especially if the next tip hold true. Note: If the following steps are legit, call the company to verify.
2. Check the URLs, most browsers and email programs have a status bar, if its disabled, enable it. Mouse over the links to verify if they go to the official site. If they go to a domain that is not the offical site or to a domain that looks a little off (ex. www.apple.com.some.stupid.name.com instead of just www.apple.com) DO NOT CLICK THE LINK!
3. Never EVER open attachments from scam emails. Especially .exe and .zip. Most servers scan .exe files but archives such as .zip and .rar are not scanned properly and may still contain a virus within.
4. DO NOT do what I did, I clicked for Educational purposes only, it can be dangerous to click on links blindly.
I Hope this article has been helpful on what to look for, Spammer seem to always be one step a head of the game, so as long as you now what to look for, you should be able to prevent yourself from falling victim the the scams.
[UPDATE] To see another example of a Spam Mail Scam, See the next article Why you need to check your emails carefully! (Part 2) [UPDATE]