contact us

Use the form on the right to contact us.

 


Naperville, IL 60565
USA

630-639-7372

iPhone-XS-photo.jpg

Blog

A Practical Guide to Identifying Phishing Emails

Rowena

A Practical Guide to Identifying Phishing Emails

Phishing is becoming an ever more common way for people to get in trouble when using the Internet. A phishing attack is some communication, usually an email, that tries to lure you into revealing login credentials, financial information, or other confidential details.

A State of Phishing report from security firm SlashNext claims that there were more than 255 million phishing attacks in 2022, a 61% increase from the year before. Luckily, according to the Verizon Data Breach Investigations Report for 2022, only 2.9% of employees click through from phishing emails, but with hundreds of millions of email addresses targeted, the raw numbers are still high. We’ve been noticing—and hearing from clients—that phishing emails are also slipping through spam filters more than in the past.

To help you avoid falling prey to phishing tricks, check out our example screenshots below from real phishing emails, complete with annotations calling out the parts of a message that give it away. All phishing emails are trying to lure you into clicking a link or button to a website that will encourage you to enter your password or other confidential information. Once you realize that a message is a phishing attack, you won’t get suckered into clicking a link or revealing your personal information.

Fake Password Expiration Scam

Our first example is a password expiration scam—it’s trying to get you to click a button to keep your password from expiring. What’s ironic about this scam is that passwords should never expire—forcing users to change them regularly is terrible security practice. If a password is strong and unique, there is no reason to change it unless the site suffers a breach. Let’s look at what identifies this message as a phishing attack.

1.    Note that the Reply-To address is generic and doesn’t match either the email domain used throughout the message or even a major email service provider, which would never send such a message.

2.    Using your email address instead of your name is something scammers do to make the message seem personalized. If this email really came from your IT support staff, they’d be more likely to use your name or leave the email address out. And they’d never send such a message either.

3.    The body of the message uses likely words, but they don’t quite sound like a native English speaker wrote them. The phrasing is slightly off, and quoting words like “send and receive” while not quoting the button name feels strange.

4.    Be careful of things that look like buttons—we’re trained to click them without thinking. In many email apps, you can hover the pointer over a button or link to see where it will go. If you look at the URL at the bottom of the window, you can see that it’s completely different from any other domain listed—a clear sign that this is a phishing message.

5.    “See full terms and conditions” is a strange thing to say in a password-expiration message. What terms and conditions could possibly apply? This is an example of someone who’s not a native English speaker throwing in random phrases they’ve seen elsewhere.

6.    The copyright line is a similar tell. No organization would go to the effort of claiming copyright on a simple support message, and even if it did, it would use its name, not “Email server.”

Spurious Account Access Scam

Our second example pretends to be alerting you to a sign-in to your email account, with the goal of trying to scare you into resetting your password. Frankly, this phishing email stands a good chance of fooling people. You have no way of knowing if your account has been compromised, and if it were compromised, resetting your password is the right thing to do. However, never click through from an email to change a password! You can’t tell if you’re on the right site. Instead, navigate to the site manually, log in, and then change the password. Persuasive though this message is, it does make some mistakes.

1.    The capitalization of “Mail” in the Subject and this line should give you pause. Most people wouldn’t capitalize the word, or they’d refer to something more specific, like your “Gmail” or “Outlook” account.

2.    Another slight strike against this message is the specificity in the timestamp. There’s no reason to include the seconds or the time zone, and most normal people wouldn’t.

3.    There are three mistakes in this line that could tip off a savvy Internet user. It claims to provide the IP address from which the sign-in occurred, but real IP addresses are four sets of numbers from 0 to 255. This one has five sets of numbers, the first of which is way too high at 719. The missing space before the parenthetical makes it look wrong, and finally, the parenthetical claim that the IP address is located in Moscow is overdoing it by invoking scary Russian hackers.

4.    Note that the “reset your password” link doesn’t have an underline, unlike the other two links. Again, that could happen in a legitimate message, but it’s another slight tell. Hovering over the link reveals the fleek.ipfs.io URL at the bottom—clearly nothing associated with your email account and a dead giveaway.

5.    A line saying “Please do not reply to this message” is commonplace in transactional messages, so it makes the message seem more real, but a real warning from an IT department would want to make sure you could contact the support staff.

Fraudulent DocuSign Confirmation

Our final example pretends to be confirmation of a document that you’ve already signed in DocuSign. That’s more clever than trying to get you to sign a document (which we’ve seen in other phishing messages) because most people won’t sign something without looking at it carefully. But you might want to see what document this message is talking about and be suckered into clicking through. What’s trickiest about this message is that it has merely changed some of the text in a real DocuSign message, so someone familiar with DocuSign might think it was real. But there are always giveaways.

1.    The Subject line of this message is a tell because its grammar is atrocious.

2.    The Reply-To address should also ring warning bells because it’s so generic that it couldn’t possibly go with an organization with which you were signing documents.

3.    The yellow line claiming that the email has been scanned for viruses will likely seem unusual to you—even if an email app presented such a message, it likely wouldn’t do so in the body of the message.

4.    There’s nothing wrong with the View Completed Documents button, which looks exactly as it would in a real DocuSign message. However, hovering over it reveals the URL at the bottom, which has nothing to do with docusign.net.

5.    Someone familiar with DocuSign messages might notice that there’s no email address under “Administrator,” as there should be. But that’s a long shot, we know.

6.    As with an earlier example, personalizing with an email address is a definite tell. A real person would have entered your name there, if anything.

7.    Once again, the phrasing isn’t what a native English speaker would say, but even more problematic is how it asks you to sign the enclosed file, whereas the text and button in the blue box say that the document is completed. The mismatch is a complete giveaway.

We didn’t have room to show the rest of this message, which adds to the verisimilitude by continuing to copy text from a real DocuSign message. The two remaining tells further down are links that are empty when you hover over them and an unknown name in the fine print at the bottom, which reads (bold added for emphasis):

This message was sent to you by sefanya maitimoe who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

Overall Advice

Let’s distill what we’ve seen in the examples above into advice you can apply to any message:

●     Pay close attention to emails that are very simple, like our second example above, because there’s less they might get wrong.

●     With legitimate-looking messages copied from large firms like DocuSign or PayPal, pay special attention to unfamiliar names and email addresses.

●     Don’t click anything in an email unless you’ve given it a close-enough look that you’re sure it’s legitimate. It’s too easy to skim and click without thinking, which the scammers count on.

●     Read the text of messages with an eye for capitalization, spelling, and grammatical mistakes. Scammers could write correct English, but if they don’t speak the language natively, they’re likely to make mistakes.

●     Evaluate any claim about something happening within your organization against what you know to be true. It’s always better to ask someone if passwords need to be reset or accounts are being deactivated instead of assuming a random email message is true.

●     Fight the urge to click big, legitimate-looking buttons. They’re easy to make and hard to resist, but if you can preview the URL under one before clicking, it will often reveal the scam.

●     None of our examples fell into this category, but if an email message is just an image that’s being displayed in the body, it’s certainly fake.

Stay safe out there!

(Featured image by iStock.com/Philip Steury)


Social Media: Follow along as we examine three real-world phishing emails and explain how you can tell that they’re fake.


Find Devices and People from Your HomePod

Rowena

Find Devices and People from Your HomePod

This feature evokes one of those “living in the future” moments for us. The recently released HomePod Software 16.3 now supports Find My, which means you can ask Siri to locate one of your devices or a friend or family member who shares their location with you. If you have a HomePod, ask Siri, “Where is my iPhone?” Assuming your HomePod has updated (and if not, update it manually in the Home app), Siri will respond by causing your iPhone to play a sound. Or ask where someone is—Siri will respond with more details for nearby people and city locations for those far away.

(Featured image based on an original by Apple)

FAQs about Apple’s Messages App and What Can Go Wrong When Using It

Rowena

FAQs about Apple’s Messages App and What Can Go Wrong When Using It

Most of us rely on Messages every day to text with family, friends, and colleagues. Not surprisingly, we’ve fielded numerous questions surrounding common confusions with this popular app. We hope our answers here will help you use Messages more effectively and work around problems.

What’s the difference between blue and green bubble conversations?

A common question is why some conversations have blue bubbles and others have green bubbles. The answer is that the color indicates whether the conversation uses iMessage or SMS/MMS. Blue bubble conversations use iMessage and are solely between Apple users, whereas green bubble conversations are with friends using SMS/MMS on Android or other phones.

What are iMessage and SMS/MMS, and how do they differ?

Messages supports two protocols for text messaging: iMessage and SMS/MMS. Although the end result is the same, apart from the color of the conversation bubbles, the two are quite different.

SMS (Short Message Service) and MMS (Multimedia Messaging Service) are cellular technologies that require only a wireless plan from a cellular carrier. SMS is limited to 160 characters of text, though longer messages are usually broken into multiple segments and reassembled upon receipt. MMS enables sending of pictures, audio, video, and more, as long as the message size doesn’t exceed carrier limits, which range from 300 KB to 3 MB). Because SMS uses extremely small amounts of bandwidth, SMS text messages may get through even when cellular service is too weak to place a call, a useful fact to know in emergencies.

In contrast, iMessage is proprietary to Apple and works only in Messages on Apple devices, including the iPhone, iPad, Mac, and Apple Watch. Apple has said the size limit for a message is 100 MB, but people have transferred even larger files. That’s possible in part because iMessage relies on Internet access, which requires either Wi-Fi or a sufficiently strong cellular connection. If an Internet connection isn’t available for either party when you want to send a message using iMessage, Messages tries to fall back on SMS/MMS, which can result in blue and green bubbles in the same conversation.

How does Messages work on Apple devices that lack cellular connectivity?

It’s no problem for all Apple devices to use iMessage when they have Internet connectivity through Wi-Fi, but you can also send and receive SMS/MMS messages on a Mac or iPad that has no native cellular connectivity. Apple extends SMS/MMS support to Messages on such devices by routing through your iPhone. In the iPhone’s Settings > Messages > Text Message Forwarding, you can specify which of your devices can send and receive SMS/MMS messages through your iPhone.

Keep this setting in mind if you stop receiving SMS/MMS text messages on your Mac or iPad, for instance. It’s not unheard of for it to get turned off after a major operating system upgrade.

How are iMessages addressed, and can that cause problems?

As cellular technologies, SMS and MMS are tied to a phone number. iMessage, however, can send and receive messages from one or more phone numbers and email addresses. The first time someone sets up an iPhone, it registers that iPhone’s number with Apple’s iMessage servers. That’s why, when you type in a phone number to start a new Messages conversation, Messages knows whether to make the conversation blue or green.

Because iMessage also supports email addresses, you can start Messages conversations with a fellow iMessage user when all you know is their email address, as long as they’ve enabled that email address to send and receive messages.

In Settings > Messages > Send & Receive, you can specify which of your email addresses can receive messages and reply to them. If you want to be easily findable, select all of them, in addition to your phone number. Otherwise, turn off the email addresses you don’t want used. You can add an email address or phone number to this list on appleid.apple.com in Personal Information > Reachable At.

You can also specify which of your phone numbers or email addresses is used to start new iMessage conversations. In general, we recommend sticking with your phone number unless you plan to change it soon.

As you can imagine, changing these settings can cause problems. If you disable receiving for an email address used by an existing conversation, people in that conversation won’t be able to send you messages anymore. Even worse would be changing your main Apple ID address, which would break a lot of conversations, all of which would have to be started afresh with the new Apple ID.

Changing phone numbers is also problematic for the same reasons, though that probably happens less often. If you’ve temporarily attached a second phone number to your iPhone using eSIM while traveling, for instance, be careful how you initiate conversations from it because they’ll break as soon as you disable the associated plan.

Finally, switching from an iPhone to a non-Apple phone can cause delivery problems for SMS/MMS messages. To prevent that, either turn off iMessage in Settings > Messages before you switch or deregister iMessage online.

What happens when a message fails to send, and how do I fix it?

Occasionally, when you try to send a message, you may see one or more red exclamation points and an alert that says “Not Delivered.”

Most of the time, the problem is just poor connectivity, either for you or your recipient. First, just click an exclamation point and try again in case it was a one-time problem. If a second try doesn’t succeed, check your Internet connection in Safari, and if it seems to be working, tap Try Again. If you’re using iMessage and it remains stuck, tap Send as Text Message, which switches from iMessage to SMS. If that’s not it, there are a few other possibilities:

●     Make sure iMessage is enabled in Settings > Messages.

●     See if you have another phone number or email address for the recipient. If they disabled message receiving for the one you were using, that could cause failures.

●     If the problem occurs when sending to an SMS recipient while using a device without cellular connectivity, make sure the device is enabled in Settings> Messages > Text Forwarding.

●     If the problem occurs with an image or other file sent via MMS, it might be too large. If so, you may have to resort to email.

●     To ensure the iPhone isn’t temporarily confused, restart it (which is best done using Siri if you’re running iOS 16—just say, “Hey Siri, reboot.”) and try again.

Why do I see slightly different conversations on my iPhone and Mac?

With text message forwarding turned on for all your devices and each device logged into the same Apple ID, Messages should have the same conversations everywhere. In practice, that’s not always true, so Apple introduced Messages in iCloud, which uses iCloud as a centralized location for all messages. When it’s turned on, everything (other than failed SMS messages) should stay in sync.

Turn on Messages in iCloud in Messages > Settings/Preferences > iMessage on the Mac and in Settings > Your Name > iCloud > Apps Using iCloud > Show All > Messages on the iPhone or iPad. Make sure to enable it for every device.

Can someone eavesdrop on my Messages conversations?

SMS isn’t at all secure, so don’t use it for truly sensitive information (and whenever possible, use an authentication app instead of SMS for two-factor authentication codes). In contrast, Apple encrypts all iMessage conversations, so there’s no worry about someone listening in when you’re using a public Wi-Fi network at a hotel. However, iMessage conversations are not end-to-end encrypted by default, which means that law enforcement could compel Apple to turn over your data stored in its data centers. To provide full end-to-end encryption, Apple lets you turn on Advanced Data Protection for iCloud; the downside is that Apple can no longer help you recover your account if you forget your Apple ID password.

Other messaging apps also focus on security, most notably the free Signal, which is open source, provides end-to-end encryption, and lets you secure the app with an additional password. Messages can be set to self-destruct after a certain amount of time. The only downside is that you have to convince the people you want to message to use it. WhatsApp also provides end-to-end encryption, but you have to enable encryption for backups. It also shares a boatload of other information with Facebook to help it personalize ads, including your phone number, contacts, location information, device information, and more.

Don’t get the wrong impression—Messages usually works well. But on those rare occasions when you have problems, we hope this information explains more of what’s happening and helps you work around your issues.

(Featured image based on an original by iStock.com/fizkes)


Social Media: You probably use Messages every day to send texts from your iPhone, but do you know the answers to these frequently asked questions about Messages?