TechKnowledge

TechKnowledge

Phishing Scam – newsletter@mokfield.com

by

New phishing email scams appear every day, that is nothing new. My wife originally heard about this one on the radio, and then immediately checked her spam folder, where she found more than a few of these fraudulent messages. These email messages vary in topic, but I saw messages like the ones below:

  1. 1800flowers – You are eligible for a loyalty prize
  2. Amazing Deals – A reward from Lowes
  3. Bryant & Stratton – Complete your medical degree

I’m certain that there are plenty more topics and businesses that these fraudulent emails will represent. These messages seem to be a cut above the average email phishing scam because they look like they could actually come from the business that the email header says it’s from… but these messages all come from the same sender: newsletter@mokfield.com. This reminds me… do you know how to check the sender’s email address to make sure a message is legitimate? If an email message looks good enough to seem legitimate, looking at the sender’s email address should help you identify a fraudulent scam message.

On iPhone or iPad, open the Mail app (blue and white envelope icon), and open any message. Look at the header at the top of the message, which contains the email addresses of both sender (on top), and recipient (below). Note however, that the sender can mask their email address in favor of a company name. You can look behind this company name to see the actual email address that sent the message. Tap the header at the top, and the sender and recipient names should turn from black to blue. Tap again on the sender’s name and a page should appear displaying the sender’s email address. Tap Done to close this page.

On a Mac where you are using Apple’s Mail application (not a web browser), open any email message, and hover your cursor on top of the email senders name. The senders name should highlight and display a tiny down arrow. Click that down arrow, and the sender’s email address will display in a pop up menu. Click anywhere outside the pop up menu to close it.

There are too many email systems and providers to describe how to see the sender’s email address for each, but there is undoubtedly a way to do this for those checking email via web browser, and it’s probably very similar to the methods described above for Apple products. If you’re using a browser to check email, I would start by hovering the cursor over the sender’s name in the header of any email message.

So what’s so important about seeing a sender’s email address? Seeing the full email address can provide a huge red flag to a message that might otherwise look legitimate. Everyone should know how to do this, and it’s good practice before you click a link in any email message, to look at the sender’s email address. A legitimate email will always display the company name somewhere in the email address, usually after the ‘@’ symbol. Addresses like; service@sales.lowes.com, or donotreply@amazon.com have a ring of authenticity to them. An address like: luckystars@.xyz.mnm.ru does not have a ring of authenticity. For starters, no business name appears anywhere in the address, there’s a string of seemingly random characters after the @ symbol, and the address ends with .ru, which means it comes from Russia.

Many of the messages in the email campaign from newsletter@mokfield.com look legitimate, like they might be from known American businesses. Normally, after verifying an email address is legitimate, it’s a good idea to unsubscribe from messages that you don’t wish to receive. Fraudulent messages however, may not display an unsubscribe button (another red flag), or worse, unsubscribing is part of the scam. In the newsletter@mokfield.com examples, the messages look legitimate enough, that I believe part of the scam is that they want you to try to unsubscribe.

It’s hard to know what exactly is the end game of these email scams, but the bottom line is… Don’t click links in these messages, including unsubscribe links, until you have looked at the sender’s email address to make sure it’s legitimate. There are still some other red flags that you can look for to see if messages are legitimate. Here are a few of my top fraud message red flags;

  1. Sender’s email address contains no business name
  2. Poor English grammar and spelling
  3. Contains panic-inducing language – “Your account has or will be deleted, locked, or compromised”
  4. Contains threatening language – “If you don’t respond in 24 hrs, we will shut down your account”
  5. Offers you a loyalty reward or prize
  6. Asks you to “verify” your account
  7. The message is ‘out of the blue’-  You weren’t expecting it and/or have never done business with this company
  8. The message has no name, or signature at the bottom

Did you know that you should always put a signature, or at least your name at the bottom of any email message that you send out? Not doing so could land your message in your recipient’s spam folder!

OK, a couple final things to mention… sometimes a business will legitimately ask you to “verify” your account. This should only occur immediately after you have created the account. If ‘Paypal’ is asking you to verify your account, but it’s been years since you created the account, the message is a scam. It’s also possible that a fraudulent message may display the business name in the sender’s email address, and that’s why it’s good to look for multiple red flags. You may check the sender’s email address on a suspicious message and the header displays the legitimate email address of someone you know! This happens when a scammer gains access to someone’s email account, and then proceeds to send messages to everyone in their contacts list so that the message appears to be legitimate. In this scenario, look for other red flags like poor English, a missing signature, and also ask yourself: “Does this message reflect how my friend normally talks?” By the way, if you get a message like this, you should do your friend the courtesy of letting them know that they should reset their email account password in order to revoke access to the scammer.

As for the mokfield newsletter messages – You don’t want to unsubscribe since the messages are fraudulent. The best thing you can do here is to mark them as junk or spam, and then delete them.

Stay safe everyone. It’s a crazy world out there!