phishing

Identify Suspicious Email Messages

by

I have family members who are sharing concerns with me about alarming email messages they receive from time to time. They’ve even admitted interest in messages that congratulate them for winning unexpected prizes.

Oh, boy…

I’m hoping this post can help people examine these messages and avoid negative consequences. Please share or discuss this matter with your friends and loved ones who could be vulnerable to these sorts of exploits.

As a seasoned email user, I can usually spot a suspicious message quickly. Poor grammar. Choppy sentence structure. And poor quality images of company logos.

Recently, I received a phishing message that impressed me with its design. It wasn’t perfect, but it wasn’t the usual mess, either.

Let’s examine impressive parts of the message:

  1. The message begins with a decent PayPal logo image.
  2. The overall design layout looks professional. The white message body and gray footer area are typical of professional designs.
  3. Most of the text reads fairly well, especially if you are skimming because you’re alarmed.
  4. The last paragraph encourages the reader to seek assistance by clicking Contact on PayPal web pages. This is subtle. You might drop your guard if the message clearly states you can seek assistance in a way other than clicking links inside the message.

Let’s look at the suspicious parts of the message:

  1. The “Your Payment Processed Has Been Declined” is the first indication of a bogus message.
  2. I am addressed as “Dear Client”. This is not immediately suspicious, but if you look at the footer, you’ll see that my correct email was used. If PayPal had my email, then they probably know my name and would use in the message greeting.
  3. The first paragraph has odd sentence structure.
  4. The second paragraph includes a capitalized “Please” in the middle of a sentence.
  5. The blue button reads “Review Your’s Accounts”. And it is not properly vertically centered between the paragraphs.
  6. The third and fourth paragraphs do not have white space between them like that between the first and second paragraphs.
  7. The salutation “Sincerely” seems more personal than professional given the message’s subject matter.
  8. Here’s the biggest clue for me: I don’t actually have a PayPal account.

Don’t fall for this stuff. Think twice or even three times before you take an action on a message designed to frighten you.