How to Identify a Scam Email

A member of our Edwin community recently received an email, purportedly from Apple, regarding a lock on their account. They wanted to know if it was real or a phishing scam. Let’s dissect the email and discuss how to spot, avoid, and take action on scam emails you might receive.

What is a phishing scam?

A phishing scam is when a person, email, or website tries to trick you into giving up sensitive information like your username, password, or even your credit card number. The scammer puts the line in the water and waits for anyone to take the bait. The “ph” in phishing is hacker-slang likely relating back to “phone phreakers” who could manipulate the dial-tone in payphones to get free long distance calls.

Let’s look at the email in question.

On first glance, the email looks pretty convincing. It’s from ‘AppleID’, it has an official-looking case number, it’s formatted with colors and buttons, and even has a link at the bottom for ‘Legal’.Once we dive a bit deeper though, we can see some classic signs that this is a scam email.

Signs of a Phishing Scam

1. Have you been trying to log in to your Apple account, or is this email out of the blue? It’s possible someone else has been trying to access your account, temporarily locking it, but it’s equally likely that your account is fine and scammers are attempting to steal your AppleID username and password.2. The Sender is AppleID, but the email address, apple@mail2.booking.com.com, looks very suspicious. If the email were really from Apple, it would probably be something much simpler such as support@apple.com.3. It has “Re:” in the subject line. That looks conversational but if you haven't already been corresponding with Apple why would it appear as if you had?4. There are grammatical errors throughout the email. For example, the subject line ends, “...account is temporary locked 21 February 2018!” The correct usage should be 'temporarily'. Also in the subject line, the day is listed before the month something uncommon for American companies. Throughout the email, there is also an inconsistent or confusing use of punctuation. These are all red flags for a multi-billion dollar company like Apple that certainly has the means to hire a few editors.5. On a computer, you can hover over a link with your mouse see a preview of the URL in the lower corner of your browser. In this case, hovering over the Resolution Center button shows a suspicious link beginning with “dracoo.la…” This is a major red flag. If you clicked the link, you wouldn’t be taken to Apple’s website.What action should you take?If you think an email might be a scam, you can take a few actionable steps to be sure. First of all, and this bears repeating, don’t click on any of the links in the email. Copy the subject line or some of the text in the email into a Google search and see if any discussion on similar emails pops up. From the image below, we can see that many people have received this email and have identified it as a scam.

What action should you take?

If you think an email might be a scam, you can take a few actionable steps to be sure. First of all, and this bears repeating, don’t click on any of the links in the email. Copy the subject line or some of the text in the email into a Google search and see if any discussion on similar emails pops up. From the image below, we can see that many people have received this email and have identified it as a scam.If you still aren’t sure if the email is a scam, open your browser and navigate to the website to see if you have issues logging in or have any alerts on your account. You can also contact the company to verify the authenticity of the email, but don’t use any number you find in the suspicious email and don’t reply to the email directly.If you have determined that the email is a scam, mark it as spam or junk and delete it. "Not today, scammers!"