Phishing emails are extremely common, and most email services are very good at blocking them, but some still get through. I received one today telling me that my IP had been blocked from a service called LogMeIn, but the trouble was that the email was addressed to ‘Chris’ at some website I’ve never heard of. That was the first clue that it was a phishing email.
What’s a phishing email? A phishing email is an email that’s designed to steal your login or personal information. They usually prey upon someone by presenting some problem or crisis and hoping that the person isn’t paying enough attention to notice that something isn’t right. It could say that your credit card has been charged some stupid-huge amount of money and if you DON’T log into your account (by clicking their link) the charge will go through. Or, I’ve even seen them that say that a large purchase has been made on the iTunes store and unless you cancel it (by clicking their link) the charge will be accepted. They want to create enough sense of urgency and panic to distract from something not being quite right with the email. I can’t emphasize this enough — never, ever click links in an email to log into something! Go to your browser and type in the address instead.
Why type in the address instead of clicking a link? I think most of you who read my blog are very well-versed with how code works and why links aren’t always what you expect. The reason is that you can make the text of a link say whatever you want, but the actual link will open something else. This is done in the code. Let’s look at an example of how someone might trick you by making the text of a link look legit when it’s not. First I’ll explain a little about the anatomy of a link.
A link on the web or in an email is coded in what’s known HTML, which stands for Hyper Text Markup Language. HTML is the language presented on the front-end (viewable) web. There are other programming languages that do things behind the scene, but what comes to your browser to make Facebook and cat pictures show up is HTML. HTML allows for stylization and positioning of everything you see on the web, and it does so by doing more than you see on a webpage. For example, a link on the web is coded like this: <a href=”https://www.seomike.com/”>SEOMike Is Awesome</a> I’ve broken this code down for you by numbers in the image below.
- The “<” indicates to your browser that a statement has begun. The “a” tells the browser that this bit of code is an anchor, also knows as a link and to make the text defined a clickable link.
- The “href=” tells the browser you are about to define the hypertext reference which is where the user will be sent when they click the link.
- The URL (Uniform Resource Locator) of the hypertext reference is defined here. This is the site where the user will be sent if they click the link.
- The “>” indicates that the hypertext reference portion of the anchor is done. This is all the programmer wants the browser to know about the target website.
- This is the actual text that shows up on the screen for the link. (Note that it is NOT what is defined in block three. A programmer can make whatever they want show up on the screen.)
- The “/” indicates to the browser that we are ending a statement, and the “a” tells the browser that it is the anchor statement we’re closing. This tells the browser that we’re done with this particular link and this is how we want it to display (for the most part, excluding other nerdy things that can and do impact how it displays).
Now that you understand how an anchor works, let me show you the phishing email I received and how the phisher tried to trick me. I’ll break it down below:
- OK, this part looks pretty legit but it can be faked, so I looked farther.
- To: Chris? I don’t know this person or the website.
- I know from past failed logins that my IP doesn’t get blocked, my account gets locked.
- There’s that account holder name again, who isn’t me.
- Ah, here’s the biggie. I hovered over the email’s link with my cursor and Outlook presented me with a little box that had the link’s actual target. celf [dot] jp??? Who is that? Also, note that after the “/” the link says “wp-content” and I know that is for a site run by WordPress. WordPress? Logmein.com doesn’t run on WordPress. This is NOT who they say they are.
How did they make their email look so official? It’s all in the coding. Remember the anatomy of a link I discussed earlier? It’s possible for a coder to make an email or a webpage look any way they want, and unfortunately there are a lot of nefarious people out there who try their hardest to trick people. The moral of the story is to always give emails about account activity a second look, especially if you’re distracted. If you’re distracted, set it aside and get back to it; it’ll wait five minutes. Never, ever log into your account using a link in an email, even if you know that the email is legit. This will ensure you don’t get used to clicking links in emails and then do it when you’re not paying attention.