Detecting and handling suspicious email

I also received the fake billing for premium membership but I get around 15 spam emails per day, so I'm used to the problem. Usually my spam filter (Apple Email built-in) catches 99% of them. Occasionally, one gets through to my regular in-box. This one slipped through. However, I verified it and then tagged it as spam. Now, any new mail from that address will go directly to my spam folder.

I get spam all the time that is trying to lure me into paying money to someone or giving up personal information that could allow identity theft. They appear to be from Apple, PayPal, various banks (most of which I have never done business with) and many senders who pretend I have purchased something and need to pay the bill. I even get some pretending to be from Canada Post that say a parcel is waiting for me and I must click on a link to get delivery instructions.

What should you do if you receive suspicious email?

1. NEVER EVER click on any link.

2. NEVER EVER click on any attachment from anyone you do not know and from whom you are not already expecting something.

Embedded spam links are usually presented in one of two ways.

1. Descriptive links, like "click here" or the name of a legitimate service (Go to Paypal).

2. What appears to be the actual URL of the fake destination (your_bankDOTcom). THE LINK NAME YOU SEE MAY NOT BE THE ACTUAL LINK DESTINATION. Embedded links have TWO parts--a visible name that can be anything and the actual URL to which that name points.

Here's a simple, safe way to identify the actual destination of a suspicious link.

DO NOT CLICK ON THE LINK, but move your cursor arrow to hover over it. A popup will show you the actual destination. Most of the time, it will be very obvious that the email is not authentic. Often, the domain will be in a foreign country (.ru or .br or a multitude of others). The domain may be .com, .org, .net, etc. but the name of the destination site will NOT be Apple, Bank of America, etc.

This morning, like many of you, it appeared that I had received email from PhotoNet telling me that I would be billed for a premium membership that I had not ordered. That was immediately suspicious and suggested to me that it was not really from PN.

1. It is unusual for a forum membership signup to be automatic or even real but two-step. You go to a page, check a box, give info and then are immediately able to enter your payment info for a credit card of go to PayPal.

2. Scammers make millions every year by computer or even by snail mail. They send fake accounts payable invoices to small companies whose accounting practices are shoddy. A secretary or receptionist receives the message, writes a check (without verifying anything), takes it to the boss who always signs every thing put before him. Modern email scams are based on the same method: make the recipient nervous about an unpaid bill and lure him to go somewhere and make a payment (or give up personal information).

I hovered my cursor (WITHOUT CLICKING) over the link I was told to use. If the email was real, I would have probably seen photonetDOTnet. Businesses do not use obscure site names. In fact, the URL was udethDOTcom. That was enough for me to stay far, far away. If the actual address had seemed perhaps a real (but not regular) PN address, I would NOT have clicked on it. In this case, even if the address had been the regular PN address, I would have gone to the PN site and used the contact form and verified the situation.

If you have access to an internet checking tool, you can use the whois command to find out about the URL. in the case of udeth, the site's registrar is a .cn (Chinese) service provider. PhotoNet could have registered with a Chinese company but since its owners are not in China and site is not aimed at Chinese users, that's highly unlikely.

We have trash cans and filters. USE THEM.

If you have a spam filter, learn how to use it. If the one supplied with your email app is not sufficient, there are several commercial apps that will do a better job (but require more effort at the beginning to configure).

NEVER EVER CLICK ON LINKS IN SUSPICIOUS EMAILS. Just trash them. The real thieves will steal enough of your info to get your money without ever sending you any emails. The scammers send out thousands or even millions of fake emails in the hopes that a few naive people will take the bait and click on the link.