Is this fake?

Is this fake? A reader asks…

I’ve been getting some suspicious-looking emails lately, and I’m not sure if they’re fakes or real emails. Is there a quick way to tell? I’ve included an example.

In the example you provided, the biggest indicator that it’s a scam is in the From: address. You will see that it says “Bank of America” followed by an email address that is definitely not B of A. You don’t need to look any deeper – it’s a fake.

From the example you provided I can see that you’re using Microsoft Outlook, which has a handy junk email filter you can use (and add to the Quick Access Toolbar, look for the command “Block Sender” and select it). There is also a “Junk Email” folder where you can put emails like this. When you look at the email in the Junk Email folder, hyperlinks and such are disabled, so that same email now shows all the actual hyperlinks (see the example image).

Advertisement

You can see that the link to “Restore your account” does not take you to a bankofamerica.com address but to an obfuscated address. If you went to that link you would not be going to B of A, but to a scammer’s website (that probably looks just like the B of A site).

Depending on what app people use to look at email, the From address may not show the actual email address, but you can hover over it to see what the actual address is. You can also hover over hyperlinks embedded in the email. When you hover over these, the actual URL should appear in a small popup (called a “tooltip”) or at the bottom of the browser/app window. If the link is not the website you expect, then by all means do not click that link!

For that matter, you also need to be wary about hyperlinks embedded in a website. Here’s my handy example of how easy it is for a webmaster to obfuscate things. Here are two URL’s, one pointing to Google.com and one pointing to PosiTek.net. I’ve swapped the actual URL so if you click on one, you open a new tab to the other and vice versa:

  1. https://google.com
  2. https://positek.net

That’s how easy it is to fake things.

Looks like Google, but doesn't take you to Google!
Click me and see where I take you

My advice is pretty simple, don’t assume any email is legitimate unless you check it out first by hovering over links to see where they point. Same for websites, don’t click on links without first hovering over them to see where they really point to. That also goes for clickable images.

2 Comments

  1. How about when my husband received an email from me that I didn’t send (It didnt come from my email acct.)

    • Hi Terry, exactly yes! It’s easy to put someone else’s name on your email account, and some email apps hide the real email address. But hover over the name and the real address shows up.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.