Identifying Phishing Emails: Immediate Red Flags

Now this one is another common one. This is a supposed Netflix email - “Update Subscription Payment, Membership Update.” And “update current billing information. Unfortunately, we cannot authorise your payment for the next billing cycle.” And I need to update it. Well, OK. So again, let’s break this down. One, it went to the wrong email. And I also don’t have Netflix anymore. The two here, we could see a whole bunch of email addresses. And Netflix is never going to send an email to a whole bunch of people. It’s always going to be directly to you, directly to someone else. You’re not going to see anyone else’s email address on there. That’s very suspect.

Matter of fact, a lot of these email addresses had similar iterations. So someone was probably using a programme that generated a bunch of similar emails in order to spam them with this. Netflix. It says Netflix up here. And a matter of fact, they actually put a space here between N-E-T-F and L-I-X for whatever reason. But again, this email address here is wrong. That’s clearly not a Netflix email address.

Also, this is kind of weird how they type this out. I don’t know if they were trying to avoid a spam filter or what. But clearly, that’s not how Netflix will normally type anything, or generally any company will not put a underline between each letter. And using the link hovering technique, we could see it’s going to something that’s really not Netflix, even though they do try a little bit. They say deliveryservicea ccount.netflix10.com. But again, the rest of the email is clearly not Netflix. So don’t click that link.

This is a PayPal one. So news summary from PayPal sent on this date, code number, and whatever reason it says “Numero Del Caso,” which is kind of odd because my language is not Spanish. Yet they sent a partial message in Spanish. And if we look here, it says service@intl.limited.com. And this is the real email address that it was actually using - the jpmail-repdzsfo blah, blah, blah. So again, wrong email address for Netflix - or for PayPal in this case, rather. And we scroll down to here. “Your account’s been limited. Hello, Customer. We’ve limited your account.” And I need to confirm on this link. Well, again, suspicious because this email address is not a Netflix email address.

Matter of fact, this definitely is not a Netflix email address. And any company sending email should not be essentially spoofing their own email address. And again, using the link hovering I can see it’s not going to anything related to PayPal.

Now, this one’s a better one. It looks a lot better. It’s using PayPal logo. It’s using more of a PayPal font. Probably used a actual PayPal email and used that for a template. So this one’s trying to get me again to log in. So essentially, this is going to steal my PayPal credentials. “Transaction Unusual Update. Thank’s for your address update.” So it’s telling me, hey, someone updated your account information. Well, I better log in here. Well, OK, service@intl.paypal.com. Well, that looks legitimate. But the problem is in here. Right here, we can see that this is not the real email address it was sent from. This is the actual email. So it’s actually spoofing that email address.

So we know that it’s not really from PayPal. Matter of fact, if we hover over the link, we can see it’s this really long crazy email address - or link rather. And clearly, that’s not a PayPal link, and we should never click on it. So this is one that I’ve done - Microsoft licence expired. And if you take a quick look at it, you can see it’s from the Microsoft Support Team. So for people I’ve used this on for testing, this part here was enough to fool people. Usually, people will just look at the name. They’re not really going to look too much at the email. They see Microsoft Support Team in big bold letters. They go, “Oh my gosh.

All right, Microsoft sent me an email.” And if they take a quick cursory look at the side here. It’s microsoft.s28. Well, it says Microsoft, so it must be from Microsoft. Problem is the rest of it - @yahoo.com. Well, Microsoft has their own email service. They don’t use Yahoo. That should be a big red flag there. So continuing the rest of the message, “Your MSN licence has expired.” Realistically, the ones I’ve sent I put - “Your Windows licence has expired for your computer. Please contact us.” And with the Contact Us, Get Help - “Get Help app in Windows 10 provides fast, free support for Microsoft products.” And this part is actually legitimate. I actually copied this from a real Microsoft email.

And the “contact support,” sometimes I’ve changed that to a real support page. Other times, I re-linked it to something else. So pretty easy. But again, if someone looks at very quickly, “Microsoft licence expired.” Big bold letters, Microsoft Support Team sent me an email. Quick look on the side - microsoft.s28 - well, Microsoft. But again, you want to look at the whole email address. It’s at this yahoo.com address. That really should be worrying you that it’s really not Microsoft. Here’s another one that I’ve done. Bill Gates. So you look here - hey, Bill Gates sent me an email. And matter of fact, hey, it’s gatesbill@msn.com. Oh wow. Now, the important part here is we look at this via srv62.main-hosting.eu.

So even though we see Bill Gates’ name here, we see gatesbill@msn.com, this via means it’s actually a spoofed email address. This is the real email address that it’s being sent to. This is the email address people are generally seeing initially. So we know that this is a fake email because, again, it’s not msn.com. It’s actually by this main-hosting.eu email address that it’s being sent from. So we do need to be careful about emails being rerouted through something like that, essentially, being spoofed. And this was from a free online program that I used a while back.