Phishing Email 101
Something funny occurred to me yesterday. I received an email which said that I signed up for a free trial on Apple App Store. The email said that the trial subscription was free for a week, then it would charge me.
Of course, I was surprised. Why, because I rarely buy apps on my iPad. I thought someone hacked into my account, but again, I didn't register my credit card in my Apple ID.
But I took a deeper look, and find out that it was a...
Phishing EmailYup, that's it. Upon closer inspection into that surprising email, I concluded that my account was safe, and that email was nothing but a bluff. But hey, it looked so real.
|The mail looks so genuine at first.|
So yes, that's an example of what is mostly known as phishing emails. Phishing emails are basically emails that trick you to give away your important personal information, such as credit card numbers, online or bank account credentials, etc. They even go as far as recreating the whole website or email to make you think it was the real deal. In my case, it's Apple's App Store invoice.
Unsuspecting users will just follow the instructions blindly, and that would've been very dangerous. That's why I'm writing this article, to give you some precautionary steps to identify these annoying copycats.
Where is it from?Usually, one dead giveaway of a phishing email is where it is sent from. If it was from an unknown or suspicious-looking domain, then there's a good chance that it is fake. Take a look at the one that I mentioned in the beginning.
Apple invoices certainly come from Apple's domain, and the one above does not. It came from a strange-looking domain, and it's the first and clearest giveaway.
|It's certainly not coming from Apple.|
Is the content relevant?Read the contents of the email once again. Have you made any changes to whatever is mentioned in the email? Is the information relevant to you? If it's not, then I bet it's safe enough for you to disregard it.
In my example, the charge was both in US Dollars and Indian Rupees. That's ridiculous. Why, because not only it is inconsistent, but also because my Apple ID uses Indonesian Rupiah, my local currency.
|How can Apple be as inconsistent as putting two different currencies in a single email?|
Are the links okay?Yes. Check the links before you click on it. If it's coming from a strange or suspicious website, then most likely, it's a fake.
|The given is link is funny. Why would Apple mask its link like this?|
|Most of today's browsers are so smart they know you're being deceived.|
HTTPS and Root DomainIf you have a question about how to identify whether a site is valid or not, let's get a bit more technical.
All reputable companies (and many smaller ones) use something called HTTPS on their websites. HTTPS makes the communication between the server (the website) and the client (your device) secure, or at least much more difficult to intercept. Finding out whether a site uses HTTPS or not is easy. Just look at the padlock symbol on the left of the web address. This applies to both desktop and mobile devices.
|Watch the padlock before the address.|
Generally speaking, a root domain is the top-level directory housing other subdirectories on a website. Confused? Here's an illustration for you:
|A simple illustration for Root Domain.|
Now, it's quite rare for companies to use different root domains for public use (even though there are some, they're usually a completely different address, and announced widely in public). Different root domains, especially the ones that spell funny, mean that it's very likely fake, no matter how close the new site look to the original.
|They look disturbingly similar.|
Vigilance is KeyIt doesn't matter how good you are in computers, the key here is vigilance. Heck, even an expert in computer science and security can still fall into these phishing scams.
If you notice something looks suspicious or dicey, either ask someone with better knowledge, or disregard the email altogether. Or better, contact the customer support directly and ask about the validity of the email. Better safe than sorry, right?
So I guess that's all for now, Folks. This is just a small PSA, since it happened to me, and I don't want you to fall into that trap. Remember, vigilance is key, and if you're uncertain, either disregard or contact customer support. Finally, thanks for reading, and see you in the next article (hopefully soon). Have a nice day! :D