“Is this site safe?” or “is this email legit?” are two of the most common questions I get asked on a daily basis. The conversation usually begins something like this, Client: “So, I received this email from [legit company] saying that my account has a problem and I need to do something about it. What should I do?” Sometimes the person has already clicked on a link or contacted the company in the email. Huge mistake. Merely clicking a link can send you to a virus laden site. Giving out information to these sites puts your accounts in danger.
This is what is known as a “phishing” attempt, because they are fishing for information by spamming these emails to millions of people. Here are some of the signs of a phishing email:
- The sender’s address is some long string of words rather than a short name (instead of firstname.lastname@example.org , it may be email@example.com)
- The email contains spelling errors and incorrect grammar
- Links in the email go to a strange domain
The first two things are easy enough to spot. The link can be a little more difficult to determine if it’s legit. There are several site checkers online. After testing five checkers with a known bad site, I found that Sucuri site checker seemed to be most reliable. If you want to test a link an email NEVER left click on the link and go to the site. RIGHT click the link and choose to “copy link address.” You can then safely paste it into the site checker search page and test it.
Below is an email I received today. I have circled some of the many spelling and grammatical errors that should stand out as you read though it. Also notice the senders address.. it’s very long! All of the links on the page pointed to the same URL which I tested with Sucuri and found to contain malicious scripts. I guess the Federal Communications Commission really didn’t care about protecting my Apple ID after all 🙂