I get hundreds of emails a day, from users, vendors, network devices, email chains, and jokes. Sometimes it’s hard for us to take a minute to verify the email is real or fake. I’m going to try and explain how to spot a phishing email or fake email.
Let’s use a recent example from Microsoft to an end-user here at work.
The first thing I noticed was the reply address was ms.com. Seems legit, but ms.com is really owned by Morgan Stanley. To check the domain that an email is from you can google “who is ms.com” or you can go to http://www.whois.com/ and search the domain. Sometimes they will use a legit email address and you will have to dig a little deeper.
I notice instead of the sender using the end-users full name, they use the users email address. That is a giveaway that the sender is using a script and has no clue to whom they are sending the email to.
Next I notice a link that says RESOLVE ISSUE NOW. Do not click! Move your mouse over the link and it will show you the links path.
Now that you can see the path, note the url “pje.co.id”. That does not look like a legit path to Microsoft. Again you can do a Whois on that domain and you will see that it does not belong to Microsoft.
Let’s say you clicked on the link. I can see that the link has the users email address included and once the user clicks the link, it will take the user to page that resembles a login page for Microsoft. The user will see that their email address is already entered and the password field is blank. The user will then enter the password and clicks submit. Nothing happened, yes it did! Once you entered your password and hit enter or clicked submit… the sender was able to obtain your username and password to your email.
OK so the sender now has your email password. What do you do? Change your password or call your friendly neighborhood IT Guy.
This type of phishing can be used to steal your Facebook and Bank passwords as well.
Have a nice day,
Your Friendly Neighborhood IT Guy!