Anatomy of a Scam

I received an email from a client this morning:

Subject: Fw: EarthLink Notice: You have 1 important alert!
Client message: Is this real or a scam ?? help!!

I thought I would share my reply here, for those of you out there who would appreciate some guidance.

My Reply: Scam!

Here are some ways to tell (see highlights in screenshot below):

–The message is not sent “To” you specifically (see where “To” address is mail@mail.com, not your address).
–The message doesn’t address you by name, only as “Dear EarthLink Member”
–There is a sense of urgency created by the “Link will expire in 12hours” text to make you panic and click the link
–There are numerous grammatical mistakes:
–“We detected an error activity”
–confusing/inarticulate wording in the next two sentences
–no space in “12hours”
–statement that “services will be fully restored” implies services are currently interrupted (but you’re receiving mail just fine)

–And the biggest but most subtle sign, the “Click here to Restore Account Access” link points to a bogus address (which you can generally see when you hover [without clicking!] over the link. See picture below. My email program reveals the web address in the bottom of the window; yours may vary. Draw your eyes past the earthlink-looking part of the address, and find the “.com” part of the address highlighted and circled in red below:

email-scam

So there you have it, folks. A few pointers on how to recognize scams in your email. Please let me know if you have questions or suggestions!