Hi. This is Ben from Grassroots IT. I just wanted to take a minute and walk you through the anatomy of a dodgy email. There’s a lot of risk these days with emails arriving in your inbox, spam that’s essentially carrying some sort of a malicious payload. It’s dangerous in the sense that it will potentially risk installing some bad software or virus or malware … something like that on your computer.
What I’ve got here in my inbox as you can see is an email purporting to be from PayPal with a subject line which is really demanding my attention. I’m going to double click on that email so that we can see what’s inside it.
Now, the first thing we’ll notice here … Now, my Outlook has blocked these images loading. That’s not such a bad thing by any means. I just want to step through a couple of the giveaways that this is not a legitimate email from PayPal.
If you have a look up at the top here, you can see the address that the email has come from ‘Service@PayPal.cc’. Now, you need to use a little bit of common sense here. ‘PayPal.com’ is actually PayPal’s full domain name.
If you received these emails purporting to be from Australia Post for example, which is one of the other common ones, you just need to use a bit of common sense. Maybe have a look and see what that supplier’s legitimate domain name is, and you’ll probably find that it is not going to be ‘PayPal.cc’. That’s the first giveaway.
The next thing is I’m going to do is to scroll down my email a little bit here. In fact, what I might do is let it download the images so that we can see a bit more about what this is going to look like. You can see as it loads here, we’ve got some very legitimate looking graphics and layout in this email.
“Your account PayPal has been limited”. Now, let’s just think about the actual grammar that’s going into that sentence there, “Your account PayPal has been limited”. It doesn’t make a lot of sense, does it? It probably should be, “Your PayPal account has been limited”.
The next thing that I really want to focus on is if we have a look at the ‘Log On To Your Account’ button. You can see that right there. Now, if I hover my cursor over that … I’m not going to click. I’m just going to hover. We can see a little window has popped up with the address … the internet address that I would be taken to if I click on that button. You can see the address is actually ‘www.Michaelamaru.com’ I think it is.
Now, that has nothing whatsoever to do with PayPal. Okay? What that is, is it’s obviously somebody’s website that has been hacked and some malicious code installed there in order to capture people who click on this link.
As you can see, you hover your cursor over the button or the link, and it will show you in a little pop up window where that button will take you. Again, we’re coming back to what the legitimate domain name or URL or internet address is for, in this case PayPal, and it is not ‘Michaelamaru.com’. That’s the really big giveaway there too, but you do just need to think about hovering your mouse there and checking out those things.
Scrolling down a little bit, we’re looking at some more strange grammar. Let’s have a look. “Thanks for using PayPal. We sent you an email some time ago. We ask for your help to resolve an issue …” etcetera.
Now, there’s some very strange grammar going on here. PayPal themselves … a large company, with a lot of quality control would not be sending out an email that’s written like that. These are the other clues that can give it away that this is not going to be a legitimate email.
I’m sure we could find other examples further down here of why this is not a legitimate email, but that’s enough for me. What would happen if you were to click on these links? You would probably find that your web browser would open to a webpage somewhere else. Certainly not PayPal … somewhere else that would install some malicious software on your computer … a virus for example, something to that effect, and you would then find your computer compromised.
Keep an eye out for emails like this. Use a bit of common sense. The big giveaway here is what the legitimate domain name of the sender should be, and in this case with PayPal, it is certainly not ‘PayPal.cc’.