We sometimes get emails that seem legitimate, and end up getting us in trouble. Here is an example I saw today, along with a few tips for evaluating future emails.
It looks legit, right? Let’s break it down and examine it more carefully.
Second, it would seem quite a strange coincidence for so many people in the same school division to reset their Apple ID passwords on the same day. The people sending the email probably just grabbed a bunch of emails off our websites.
Third, and this is something you would only know if you had been at GCPS a long time, Ms. Sutton has not been Ms. Sutton for a while. Apple would probably have updated records.
So, that is just the header and we have not looked at the email itself. Let’s do that now.
The email starts with “Dear Customer” instead of addressing you by your name. Dead giveaway, always. When you get an email from someone with whom you do business, they will know how to address you. You will have given them that information at some point. This is the equivalent of “Or current resident” in your physical mailbox.
The rest of the content looks just as it would if this were a legit email from Apple. I have reset my password and received messages that look, on the surface, exactly like this one. Still, there are clues that tell us this is a scam.
When I mouse over the email address, this is what I see:
￼You can see that if I click on the link I will go to http://fmais.com.br/uXn1oR2L/index.html instead of the Apple website. Do you see that .br in there? This is some website in Brazil. Apple does have facilities in Brazil, but they would probably route all their traffic through apple.com, right?
Every link in this message links to a non-Apple site. Why would Apple send you an email that would not link back to their own site?
Here are the most important things to keep in mind.
- Always check the email address (not just the name) of the sender.
- Remember nobody in Goochland County Public School ever calls him or herself “email system administrator” or any other title like that. We always include our names in our communications.
- Always look at the URL where the email is linking. The page where you land might look exactly like your Bank of America page, but if the URL looks odd, just leave the page.
Of course, when in doubt, ask someone. It is worth taking a few minutes to check it out than taking hours changing all your passwords and credit cards.