Case Study – identifying a phishing email

by
Print Friendly, PDF & Email
Play

I recently had a client forward an email to me. The email told her she had to confirm her agreement to the AOL Terms of Service, or she could no longer use her email account. She was concerned that her email would get cut off. She had nothing to worry about.

phishing email scam

The email she got was a typical phishing email. That means it was just trying to trick her into clicking through and giving out her email password, which would give the scammer control over her email account.

I wanted to show you this actual email, and how it was identifiable as a scam.

The email she received supposedly came from AOL. But look at the “From” address:

phishing email

 

If an email comes from the actual AOL, the email address will end with “@aol.com”. This one ends with “prodigy.net.mx” which indicates that the sender is not only NOT with AOL, he’s also somewhere in Mexico, using the ancient Prodigy email service.

The second big giveaway are the links in the email. In the screenshot below, you can see that there are 6 links:

  1. Terms of Service
  2. Privacy Policy
  3. here
  4. FAQs
  5. Click here to start
  6. here

phishing email

Guess what – every one of those links goes to the same place. They don’t care which one you click on, they just want you to click.

That’s the one mistake my client made – she clicked on the link to see where it took her. You should never click on ANY link if you are not sure of where that link goes. Which brings up the question that I get sometimes: “Well how can I know where a link goes if I don’t click on it??”. Great question.

You RIGHT-click on the link, then choose “Copy hyperlink” or something similar.

phishing link

 

Then, you open NotePad on your computer. In the blank area, do a right click and choose “Paste”. That will display the actual website address where that link would have taken you to. In this case, this was the link’s destination:

phishing link

Hmmm…doesn’t really look like an AOL website address, does it? It’s not.

What the scammer did is create a fake form in Excel, and just uploaded it to his OneDrive account. This scammer is really lazy. But guess what – he doesn’t really HAVE to put a lot of effort into concealing the fake nature of this, because people still fall for it. This is what the fake form looked like (anyone can create these, for free):

phishing form

 

You can see it’s pretty basic. When you fill out this form with your email address and password, now he has your login information.

And the irony is right there at the bottom of the form – Microsoft (who owns OneDrive) knows that their forms are often used for this scam, so they put the warning on every one – “Never give out your password.” Not to mention grammatical errors that are a common clue. But some people still type in their password because they just assume it’s real.

Fortunately, my client did not enter her password. Instead, she became suspicious and forwarded the email to me so I could check it out. You are welcome to do the same thing, if you get one you’re not sure about – just forward it to me at pctutor@gmail.com.

Share this post

2 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

Mary McCormick
October 14th, 2019

I get annoying ‘news’ messages, which i quickly unsubscribe to. They are usually full of a lot of nonsense and allo f the same kind. However, they keep coming back, only under different names. I just started deleting them, but I wish they would STOP!

Guy Giordano
October 16th, 2019

Scott:
Thanks very much for your caring information regarding email scams. Your help in this regard is much appreciated.