Phishing emails are designed to trick you into giving away information such as login details. They claim to come from Apple, or your bank, or some other business, and often look like the real thing.
Luckily Gmail is very successful at flagging these and warning you to be careful, but how can you check if there’s a message you’re not sure about? The answer is to look carefully at the
original. In this context, the
original is the raw material of the message, the place where you can see information that’s usually hidden from view.
Here’s today’s collection of emails Gmail marked as spam for me, or at least, some of them. And oh, look! There are messages from both Apple and PayPal about
problems with my account with them. There’s also a message from a bank I don’t use.
Let’s take a closer look at that message from Apple, which Gmail kindly added a warning to.
Notice first the nice big check mark in the subject line. I guess that’s meant to inspire confidence and trust.
Then look at the line in bold at the top of the message. Notice how the email address is
secure@. There’s another thing that’s supposed to make me trust the message. But look closely at the end of the email address, and how it’s not actually
apple.com but rather
ap-ple.com. That can’t be right! Then see how it says
via cpanel1.novahost.gr. You may not know what that means — it’s about the server that was used — but that
.gr on the end says it was in Greece. Why would the huge American company Apple use a server in Greece?
Now let’s look at who this message was addressed to:
Customer? Really? The email’s telling me my personal account is at risk, but it doesn’t know my name?
The tell-tale clues that this isn’t really from Apple are starting to mount up.
But let’s go further and look even deeper.
At the top right of the message is a downward pointing arrow. Click the arrow and select
Show original from the menu that appears.
Now we can see the coding and other information that lies behind this message. There are quite a few clues in here, but unless you’re familiar with HTML, the language for coding the web, you might find them hard to spot. Still, let’s give it a try, starting at the top. The first line shows my email address, as it should, since the message was sent to me. But then about 4 lines down we see this:
If this message is being returned, we’d expect it to go back to Apple.com, not
The next clue is harder to find, but the email message as we first read it invited me to click on the words
Verify Now to go to my account and fill in the crucial details. If we scroll way down in the Original email we finally come to this vital part:
href=”https://registringaccount-onhold.com/app/” target=”_blank”<Verify Now></a>. See that bit:
https://registringaccount-onhold.com/app/? If we were really going to end up at Apple when we click the words
Verify Now then that part would have Apple’s web address, including apple.com. This address is nothing like Apple’s.
All the clues have mounted up, even if we ignore Gmail’s yellow warning band. This email includes the wrong address. It tries to trick us into thinking we’ll end up at Apple when we click the link to sort out our account problems. Instead we’ll end up as some scammer’s web page (which probably looks just like Apple’s web page) and we’ll give away our login information. Once they have that they can use our Apple account and also probably try our username and password at other sites such as banks to see if they work.
If you’ve done all that investigation but still believe maybe your Apple account information needs checking then open your web browser and type in Apple’s address for yourself before you log in as you normally would. That way you know you’ll be going to the right place.