Spotting fake emails

Posted on Tags , , , Leave a comment

Spam emails are a fact of modern day life. Here I will go through an email that I recently received that claims to be from Santander.

As expected, the email is written in such a way as to cause panic and fear. The goal is to get you to act immediately before their website is shut down and the opportunity to get your banking login details is lost.

fake-email

The more you examine the email, the more obvious it becomes that it is fake. The spammer is hoping that you will simply skim read the message and click the link in that email where the next stage of their con can continue.

At first glance the email address looks legitimate and the web address shown is indeed for Santander.

fake-email-inbox-preview

However, not all is as it seems. Let’s read the email and see what it says.

It’s safe to open an email to read, just don’t open any attachments or click any links within the email until you’re sure it’s legitimate.

Starting at the top…

fake-email-header

The first thing that raises suspicions is the grammatical mistake in the subject: ‘3 Times Login Attempts’. It’s highly unlikely that a banking giant would make such an error.

Next is the header image. It’s clearly not in the correct proportions, and if you look carefully you can see there is a mismatch of colour between the red in the logo and the red strip of colour running behind it. A big name brand would never allow their logo to be displayed in such a way.

Moving on to the text below:

fake-email-notification

Why is there an accent above the ‘e’? There is also a grammatical error in the form of an erroneous comma and a lack of full stop at the end of the paragraph.

The lower section of the email again features an improperly proportioned image, spelling mistakes and grammatical errors.

fake-email-bottom

So, after all that we’re pretty sure that is message is fake. There is one final check that will put this to bed, and that is to check the headers of the email.

What are headers?

Header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some headers are mandatory, such as the FROM, TO and DATE headers. Others are optional, but very commonly used, such as SUBJECT and CC. http://whatismyipaddress.com/email-header

The process of checking a header varies in email clients, but in the case of Microsoft Outlook you need to open the email in question and then click the arrow to the right of reply and select ‘View message source’.

A box will pop up with lots of text to scroll through. Here we looking for an email address that is different to that of the one we saw earlier. In the following image I have highlighted the email address in question.

 

fake-email-address

The email address is not legitimate.

Checking the links

If by now your still not sure you can also check the links within the email. If a spam email does not have an attachment then it is likely they are wanting to direct you to a website where they can extract your personal information. By putting your cursor over a link, in this case the ‘Confirm’ link. we can see where we are being taken by looking in the bottom left of the browser window.

dodgy-link

This is obviously not a Santander address.

For the sake of research, lets visit the site (please don’t do this yourself) and see what we find…

Immediately we are redirected to a clone of the Santander login screen which appears almost identical to the original.

fake-real

But look at the address bar.

subtle-spelling

A subtle addition of an ‘i’ to the spelling of Santander. This is not the real website. Cheeky monkeys even have an SSL certificate!

 

So, after all of this we can agree that this is a fraudulent email. They did make it easy for us this time but be aware that some emails are much more polished. I hope that with the above information you will now be able to analyse emails and pick out the frauds.

Email Deliverability

Posted on Tags , , , , , Leave a comment

Email Deliverability

Email Deliverability

How many times have you sent an email and received a cryptic bounce back message that makes little sense?

Have people mentioned that they have been unable to email you and you’ve had to resort to alternative an means of communication?

The reasons for email problems are numerous but in our experience the number one problem… Mistyped email addresses!

Once the above has been discounted we turn to more technical issues that can cause sending problems.

Spam Lists

To help prevent spam there are worldwide spam lists that email servers use to check the validity of an email sender.

There are a number of reasons why a domain may end up on one of these lists. These include:

  • An email account has had unauthorised access and has been used to send out spam
  • Another email account hosted on the same server as you has been flagged and an IP range (that includes your mail server) has been blocked

You can check to see if a sender’s domain has been blacklisted by using MXToolBox

SPF Record

Another reason why an email may be rejected is that no SPF record has been setup for the domain.

An SPF record identifies which mail servers are permitted to send email on behalf of your domain. The purpose of this is to prevent spammers from sending a message with a forged From address at your domain.

Occasionally, implementing SPF records are overlooked when setting up a domain name but it should be the first place to check.

If you have access to a domain control panel you can usually set a SPF record here. If, however you have a managed domain name you will need to contact your domain name provider.

rDNS misconfigurations

Having a Reverse Domain Name System setup is very important when it comes to email deliverability.

When a server accepts an incoming message is first takes note of the originating IP and the domain from where the email claims to be from.

Before allowing the message through the receiving server performs a rDNS lookup using the IP address to ensure that the domain name tallies with what it expects. If it does, your message makes it through, if not, it doesn’t.

If the sending server does not have rDNS correctly configured then there is a good chance that the receiving server will not allow the message through.

Old servers

Outdated mail server software can also present problems from reduced functionality to weaker security.

Ensure that your email provider is running an up-to-date email system.

 

While on the face of it email deliverability may seem like a simple process, there are many areas that if not configured correctly can cause problems. It’s important when choosing an email provider that you pick not only a company that can provide the technical expertise but also a reliable point of contact. The cheapest provider is not always the best!

At Convergence we own and fully manage our email servers.

We are a local, independent company and our team is able to provide assistance from help setting up your email on various devices to investigating bounce back messages and failed deliveries.


Copyright © 2018 Convergence. All rights reserved.
^