How do I know if an email is genuine?

Sooner or later you’ll get an email telling you you’ve won the lottery, ordered something you don’t remember ordering, missed a delivery, are due a tax refund, or that you need to “verify your account”. How do you know if you can trust these emails or not?

The first thing to know is that you can’t trust who the email says it’s from. Here’s a message from my spam folder:

It says it’s from someone called “Track My PPI”, whose email address is sigint@app.topica.com. Maybe it is, maybe it isn’t, but I can’t tell from the email address that is shown.  This is no more reliable than the address written at the top of a paper letter – it’s created by the sender. If they are dishonest, it may well be a lie. Just because it’s “the computer” doesn’t make it true.

Let’s look at one that isn’t to be trusted:

This says it’s from “Apple”, but I know not to pay any attention to this. I have two rules of thumb:

1. If the sender claims to know you (as in this case) they will include some information that isn’t in your email address. So if Apple (or my bank, or the tax office, or the Lottery people) were to write to me, I must have told them my email address when I set up the account – and I would also have told them my name and maybe address, credit card details, and so on. So they should and would use my name, or my postal address, or part of my credit card number to prove to me that they do know something about me, and they therefore really are Apple.

This is not foolproof (sometimes criminals have found out more about me) but it’s a good first step. And if your email address starst with (say) emma@example.com then don’t be fooled if the email addresses you as Dear emma or Dear emma@example.com – they are simply using all or part of your email address (which they obviously know because they are writing to you; maybe they just guessed it – if they are sending literally 20 million emails – which does happen – they won’t worry if a few million are incorrect guesses). In this case there’s no evidence they know anything about me other than my email address.

2. Are they trying to get me to click on a link in the email, and does it go somewhere credible? Almost every email system will show you where you will go if you click on a link: try hovering your mouse over the link – does anything show at the bottom of the windows, or pop-up over the mouse pointer?

So clicking on “Click here for Refund” will take me to
teuta-ks.com/xwbns/akspx519.php – that doesn’t seem like the sort of place an email from Apple would take me.

The bit in bold (teuta-ks.com) is the name of the website – that’s going to be dodgy. Don’t go there, and the email is fake.  I have another post on how to spot a fake website. In this case, the link would probably to take me to a website that pretends to be Apple, and will asks me to type in my Apple password (and maybe my Apple username – although maybe the rest of the link – xwbns/akspx519.php – identifies who they sent the email to, so they might already think they know what my Apple username is, because maybe it’s the same as my email address).

Once they have my Apple username and password, of course, they can log in as me and use my account, perhaps to download music or games that I will end up paying for. Even worse, if I use that email address and the the same password for, let’s say, my Amazon account, they could also log in to my Amazon account and order stuff from Amazon that I would have to pay for.  (Never use the same password for two different accounts.)

Finally, let’s compare that fake email with a real one that I get when I actually do buy something from Apple:

Click to enlarge

Once you’ve seen them side-by-side, it’s fairly easy to see how to spot a fake.

If you want to take your skills further, you could read my forthcoming post about how to look up the ownership of a domain name.