All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Capacities up to 56TB and speeds up to 1527MB/s

Don’t Get Scammed / Phished by Look-Alike Emails (UPS Example)

See Apple Mail Security: Viewing Mail Headers for how to configure Apple Mail to make most phishing emails obvious. See also the Amazon phishing example and the security topics page.

Back in June MPG showed an example of a PayPal phishing email. This one shows one for UPS.com.

...

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Clicking on email links or attached files is risky: merely clicking on a link to go to the claimed site can result in compromising the computer for some users. While Mac users are generally better off, a Mac is no guarantee of safety, and all sorts of nasty tricks can be played on the desgination sites.

Phishing relies on “social engineering”, particularly an emotional reasponse (greed, fear, loyalty, irritation, friendship, authority, desire for help, etc). Often the phishing emails are difficult to distinguish from a legitmate email from the company being imitated and frequently even use the company’s own images from a legitimate server. If a link is clicked on, the destination web site may be a clone of the real one, which makes it even more “real” for the victim.

What you may lose: username and password, security codes, credit card numbers—anything you can be tricked into entering on a phishing site. Or you may have your computer encrypted and subjected to ransom-ware. No fun at all.

  • NEVER click on links in emails that you are not 100% certain of from a trusted party beforehand. Particularly on a Windows PC, though Mac users are at risk too.
  • Did I mention NEVER CLICK ON LINKS in EMAILS, NO MATTER WHAT? It’s just not worth it.
  • Configure your email program so that images do not automatically load in your mail program. If Mail loads images automatically, you’re essentially telling the sender (the criminal sending the email) that s/he’s got a “live one”: you. Ditto for mail on the iPhone or iPad.
  • Pay attention to spelling and grammar errors. This example below is unusually good; it has only two obvioius errors in grammar/spelling (but “Valnecia” is another).
  • Configure the mail program to show Return-Path and X-Mailer message headers; these sometimes show obvious scammer information.
  • Check the "To" address. In this case, the "To" is not an email I use for PayPal—a very common red flag.

Example — phishing email pretending to be UPS

Below, a dangerous phishing email with all the headers showing. In this case, it should be obvious that UPS.com would not be sending email from beyondthebedd.com. Note also the capitalization errors and non-professional terminology in the footer.

Apple Mail: customizing which items are in the mail window toolbar

World of Panasonic
B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 17 hours unless noted. Certain deals may last longer.

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__