How to Tell if an Email message is Fraudulent

Aug 12, 2008 at 12:53 PM

How to Tell if an Email message is Fraudulent

I almost got caught out by a fraudulent email message today. The message shows it is from "CNN Alerts" and is titled, "CNN Alerts: My Custom Alert". It uses a genuine image header from cnn.com and the footer contains genuine links to CNN. The email is not genuine and clicking on the masked links takes users to a site that downloads a nasty trojan to your computer. I was nearly caught because I do use the CNN service and initially thought that they had simply changed the way they offered custom news alerts.

I saved myself some grief because I checked the email out and didn't just click any links. Do you know how to identify fraudulent, spoofed emails?

Look at what was included in the CNN Alerts spoofed email. Looks genuine doesn't it?

You have agreed to receive this email from CNN.com as a result of your CNN.com preference settings.
To manage your settings click here {genuine link}.
To alter your alert criteria or frequency or to unsubscribe from receiving custom email alerts, click here{genuine link}.

Cable News Network. One CNN Center, Atlanta, Georgia 30303
© 2008 Cable News Network.
A Time Warner Company
All Rights Reserved.
View our privacy policy{genuine link} and terms{genuine link}.

Identifying fraudulent emails is not always easy. Genuine emails should not ask for passwords, login details, or any personal information. Fraudulent emails often do, and often add a sense of urgency to the message, such as "Verify your account", "If you don't respond within 48 hours, your account will be closed", or even the word, "Urgent". Fraudulent emails also usually contain links and a request or invitation for you to click the link. These links are usually "masked," meaning that the link you see does not take you to that address but to a web site that is controlled by the fraudsters. Sometimes, as in the case of the latest spoofed email purporting to come from CNN, genuine links are included just to make you believe the email is from a trusted source.

Most email clients have a function that allows you to view the message headers. Have a look at the header. In the case of the CNN Alerts spoof, it is easy to tell that the email is not genuine (the reply-to address is using a Russian domain name). Within a few days it may not be so easy. Headers can be spoofed by using Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. Look carefully for slight differences in spelling. Also look at the letters themselves. Domain names can be spoofed due to the resemblance between different characters in some fonts. Watch out for replacements such as the numeral "1" being used to represent the lower-case letter "l" or the letter "O" being switched for the numeric zero ("0"). If it looks suspicious then treat is as being suspicious!

You can check where links actually point to by hovering your mouse over the link (careful - do NOT click the link!) The actual web site that the link points to will be shown in the status bar at the bottom of your browser window or as a pop-up.

What to Do If You Receive a Fraudulent Email

If you receive a suspicious email its always wise to delete without opening it. Do not open any attachments or click on any links (including links that appear to be "unsubscribe" links or buttons) in any unsolicited email, and do NOT respond to unsolicited email - doing so simply confirms that your email address is a valid address which can make it a more attractive target for spam and fraudulent messages.

I hope this blog entry saves some of you from being caught out by fraudulent email.