Don’t Panic, Don’t (Most of the Time) Click!

One of the easiest ways to misery is being tricked into clicking a link in the wrong email. Many spam messages will have links, that if clicked, will end up installing viruses or malware on your computer. These fall under the "phishing" category. 

There are some legit messages you might receive from companies like PayPal that will have a button or link they want you to click to confirm something or login, but unless you're absolute sure the email is safe (for example, if it arrives right after you did something on a site to trigger it being sent to you) it's always much better to go directly to a website and log in by hand. 

Here's a new species of phish (I don't think anyone really refers to them that way though) that I found in my spam folder today...


There's several red flags to note:

  • The email address in the "from" area at the top is not a matching domain - this doesn't always indicate a dangerous message, as if a business is using a marketing or email service to send messages, it may well be different. But it always pays to be aware of the address a message says it's coming from.
  • The message refers to the domain name instead of a business or service name. A domain name is easily looked up. Hackers use software to scrape this information up by the truck load. The fact that the email isn't very personalized should give pause.
  • The language is broken and poorly formed. Capitalization isn't consistent. 
  • Threatening language is used - the mention of their "not being responsible for loss" is meant to spur you into acting before you think.  
  • The signature makes no sense. This email was likely pasted together from various data sources into a template by software, or a very lowly paid human sitting in a dark cubicle somewhere in Russia. In this case, the first two lines of the signature appear redundant, and the last line would seem to supposed to be a business name, but the business name wouldn't match the notification subject (in this case "undelivered mails"). 

Always trust your gut when you're unsure if an email is legit, and definitely always hesitate before clicking. You don't have to see anything happen after a click to be at risk. 

Share, email, or print this post...


Posted on by Nathan Lyle in Email, Spam Hall of Shame.

About Nathan Lyle

Nathan is a father of four, an amateur musician, and an aspiring photographer. He started programming in 4th grade on an Apple II+ and many years later spent much of his college years freelancing website design for college departments. Nathan is a veteran of the Browser Wars, and will gladly talk at length about the changes he has seen in Web technology if you accidentally ask him.

Leave a comment

Your email address will not be published. Required fields are marked *