Fake Email – How to Spot Phishing

Yesterday I received what looked like an email from Amazon warning me about a password problem. This email message was actually a poorly disguised phishing attempt.

Phishing is the fraudulent practice of sending emails that appear to be from reputable companies or contacts. These fake emails will try to get you to reveal personal information, such as passwords, access codes and credit card numbers. Let’s look at how we can tell this is a fake Amazon email or phishing attempt.

fake email phishing

First, check the greeting and the text of the message. The greeting addresses me as “consumer” rather than by my actual name or user name. Note also the misplaced comma in the greeting, the awkward construction of the sentences and the misspelling. Can you spot all the mistakes? Clearly the sender doesn’t have a good grasp of the English language.
wrong address

Now let’s look for more clues that this email is not legit. If I hover over or reveal the sender’s address, you’ll see this is not from Amazon support. Please note that the address in the From: field can be spoofed or faked to appear as a true account or person. So even though the sender is correct, you should carefully check the rest of the message if you are suspicious. In this email, it was obvious.
account url

When I hover over or reveal the link behind “Your Account” I get a URL at xxx.li which tell us this link is to a website in Lichtenstein. I doubt Amazon is keeping my account on a server in Lichtenstein.
fake url

If we check the Amazon.com URL next to “Your Account” we see it takes us to the same URL. Unlikely that Amazon (the company) and I (a lowly Amazon customer) have the same web address on the Amazon site.

These fakers did manage to get the final Amazon.com address to point to the correct web address. This is another indicator something is wrong. Two identical links in the same email have different web destinations or URLs. Note that every other link is a trap to trick me into connecting to it.

What’s the lesson? Be vigilant regarding emails from friends, family, associates and businesses that contain links. The email may look legit but may not have come from them. Check the writing. Does it sound like the way the sender would address you and structure the content? Don’t panic if the email has scary language concerning your account with a company you recognize. If you suspect phishing, contact the company through another means such as visiting the company website, phone, a new email or chat to verify the concern.

Look behind the links. Check to see what links are pointing to before clicking or tapping to activate them. Hover over the link to reveal it or use the small dropdown arrow that may appear just after the link. If the link is on a browser page, the full URL may appear at the bottom of the window rather than next to the link. On iOS devices such as the iPhone or iPad, touch and hold on the link. You’ll see a window open and the URL destination will be at the top of the window.

If the link is shortened (not a full link) this could indicate a problem with the link destination. If the link URL is supposed to connect to an account, it is much more likely it will be very long rather than very short. It should also begin with https:// rather than the simple http:// found on less secure websites. Consider using an online service to check the link such as Sucuri. I noted this above but I’ll repeat it here again. If you are suspicious of the content, use another method to contact the company or person directly.

Free to share
Want to Learn Much More about using your iPad, iPhone or Mac?

About Andy Brovey

Dr. Andy Brovey, The Portable Prof, teaches about digital tools through his work, websites and social media. In 2007, Apple Inc. recognized his work and named him an Apple Distinguished Educator. He started this iPad Academy website shortly after the first iPad went on sale. On his Freelance Teaching site you'll find the resources you need to teach like a smart entrepreneur.