Spotting Fraudulent Emails

Spotting Fraudulent Emails

Spotting Fraudulent Emails

 

 

SOCIAL ENGINEERING RED FLAGS


Below are signs the email message below are fraudulent. 

 

=====================SAMPLE MESSAGE BELOW=======================

From: "gkoliako" gkoliako@auth.gr>
Date: March 31, 2019 at 11:33:03 PM PDT
To: "gkoliako" gkoliako@auth.gr>
Subject: Dear Customer
Reply-To: webaccount1@live.com>
Dear Customer,

THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM: This message is sent automatically by our web mail team. If you are receiving this message it means that your email address is about to be deactivated; this was as a result of a continuous error script code: 505 receiving from this email address and too many of spam emails in your Account. You are kindly please advised to respond to this email within the next 48 Hours with the necessary information below to keep your account active. All entries to be forwarded directly to Maintenance/Upgrade Team.
First Name: _________________
Last Name: ________________
Phone: ____________________
Username: __________________
Password: __________________
Re-Confirm Password: ________
Any Other Web mail Address: _____
Password/Applicable:____________
Account Deactivation: ____________ (specify yes to deactivate. No to
keep active)

IMPORTANT NOTICE: Please your information is safe and secure with us.

WARNING: Failure to reset your email by ignoring this message or inputting Wrong information will result to deactivation of this email address.

Sincerely,

sdcounty.ca.gov Technical Support Team.
Copyright © 2019 sdcounty.ca.gov Account Service. All rights reserve

 


======================SAMPLE MESSAGE ABOVE========================

 

 

From the Email

Signs and Reasons the Email was Fraudulent 

From: "gkoliako" auth.gr> 

Date: March 31, 2019 at 11:33:03 PM PDT

Business professional email address are typically a combination of the user’s first and last name and what the organization’s name after the-@

ex. Preston Robinson or or … 

To: "gkoliako" 

To/From fields have same person, rather than the receiver's email address.

SubjectDear Customer

The Subject should briefly describe the purpose of the email.

Reply-To: 

Different Reply-To email address than sender. THIS IS A RED FLAG




Dear Customer





Business letter salutation typically should be personally addressed to the receiver. In this case since the email is about your account the sender should know and use your name.

Good Examples of Business Letter Salutation


  • Dear Mr. Smith

  • Dear Mr. and Mrs. Smith

  • Dear Mr. White and Ms. Smith

  • Dear Dr. Smith

  • Dear Judge Smith

  • Dear Ms. Jones

  • Dear Jane Doe

  • Dear Dr. Haven

  • Dear Dr. and Mrs. Haven

  • Dear First Name (if you know the person well)




THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM: This message is sent automatically by our web mail team. If you are receiving this message it means that your email address is about to be deactivated; this was as a result of a continuous error script code: 505 receiving from this email address and too many of spam emails in your Account. You are kindly please advised to respond to this e-mail within the next 48 Hours with the necessary information below to keep your account active. All entries to be forwarded directly to Maintenance/Upgrade Team.




Other than the poor grammar, this message has a few red flags that it is fraudulent (See highlighted). For starts "THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM" is not necessary since the “from” field and the signature will take care of stating who is the email’s sender.

Next is the BIG RED FLAG! The tech support team used jargon that most users would not understand. Techs typically spend extra time trying to limit and remove jargon from communication to the users in order to improve the likelihood the user reads, understands, and complies as needed. Nevertheless, the "script code error: 505" is for a non-email and Internet application. 48 Hours is a sense of urgency, if truly time-sensitive emergency, an email is replaced and or followed up with a phone call from IT.

Did you know that if you copy a unique piece of the message, such as “script code: 505”, into your browser’s search engine the browser would find all signs of that phrase? In the case of “script code: 505”, the first results would have said this is a SCAM. Lastly, "All entries to be forwarded directly to Maintenance/Upgrade Team". The only problem with this is the message came from one group but it is being sent to another. IT groups typically will not do this. The party that needed the information from you would have been on the original email or the group that sent the message to you. 

First Name: _________________

Last Name: ________________

Phone: ____________________

Username: __________________

Password: __________________

Re-Confirm Password: ________

Any Other Web mail Address: _____

Password/Applicable:____________

Account Deactivation: ____________ (specify yes to deactivate. No to keep active)

While it is possible for IT to ask for your name, phone, alternative email and username, IT will never ask for your password. IT will simply reset the password to get in.

As for the Account Deactivation: if you are seeing the message, the likelihood is you want to keep your account. Nevertheless, email accounts and servers get millions of SPAM messages each day. The email administrator and the software they use block most of it from all the user accounts. If there was a problem with SPAM on your account the email server or email admin would have taking care of it before it got to you. 

IMPORTANT NOTICE: Please your information is safe and secure with us.



WARNING: Failure to reset your email by ignoring this message or inputting Wrong information will result to deactivation of this email address.



  • Grammar errors: Attackers will often live in a different country from the one they’re attacking.

  • IT would not send a message stating your information is safe and secure with us. 

Sincerely,



sdcounty.ca.gov Technical Support Team.

Copyright © 2019 sdcounty.ca.govAccount Service. doesn't match sender infoAll rights reserved

  • Missing the signature and/or the company logo.

  • If they are from sdcounty.ca.gov, their email address domain (domain is what is after the @ symbol in the email address or at the beginning of a web address) above, should be the same or close to sdcounty.ca.gov 

  • There is a mention of something being Copyright ©. That is unusual.




Spotting Fraudulent Emails Review:

 

       First thing to look at is the Email address of the sender, if not available try moving your cursor over the name to reveal email address (criminals use two tricks here by using a real company name before the @ and second is to use a web address similar to a genuine one.) It is worth to inspect the underlying links and addresses carefully.

       Be very aware of generic greetings like “Dear Customer”, poor spelling, punctuation or grammar. keep in mind that scammers are getting better each time making their phishing emails as authentic as possible.

       A sense of urgency by setting a time limit, or even a penalty fee if you do not act now, all of this to tap into your fears in order to push you into making a quick decision. If something just does not seem right, be especially careful.

       For Links on email, just roll cursor over it to reveal the underlying address to see where it would take you if you clicked on it. Be very careful not to click on it if using a touch screen by pressing too hard / Never open a .exe file. / txt files are safe. /

       Lastly, look to see whose name is at end of email message. Are you expecting an email from this person, do you know this person?


    • Related Articles

    • Filtering Emails into "Folders"

      Filtering Emails into "Folders" in Gmail 1. Open Settings  2. Create Label (This is the “Folder” in which your mail will be stored) a. After opening settings, select the Labels tab  b. Choose Create new label  c. New Label window will pop-up. Type in ...
    • Saving Emails to Drive

      1. Select an email, once open click the top right "print" button   2. Select the dropdown menu under "destination" and "Save as PDF" 3. Specify a destination upon saving Note: If you are currently using Drive File Stream, there is dropdown option to ...
    • Phishing: Government Refund

      Phishing: Government Refund We’ve heard that people are getting official-looking emails about the Western Union settlement. The thing to know is that you cannot apply for a refund by email. The scam emails we’ve seen ask for information about your ...
    • How to Recognize Phishing

      How to Recognize Phishing Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message. Phishing emails and text messages may look like they’re from a company you know or trust. They may ...
    • Phishing: Fake Invoice

      Phishing: Fake Invoice Think you got an email from a business you know? Scammers sometimes use emails that look legit to trick you into sending money to them. The email might say it’s from a real estate professional you’re working with, telling you ...