It's not everyday that I get tripped up by a phishing email, but even after 20+ years in the industry, I do find myself caught off guard on occasion. Today, this email nearly caught me because I was reading it on my phone. 1/10
One of the things about the phone (and tablets) is that the mail apps hide a lot of information from us that would otherwise tip us off immediately -- things like the actual email address of the sender! 2/10
This is a classic case of an email that I wasn't expecting, which should make it suspect -- but since I just bought a bunch of computing stuff for my son, it was possible that I'd accidentally signed up for a "Free" trial of Norton that would automatically renew. 3/10
The email relies on surprise and fear. I was not expecting to get a bill for nearly $300 and my initial reaction was to respond saying, "I'm not your customer. How do I get this rectified?" 4/10
It was only when I started to reply to the email that I noticed the tell tale sign that this was bogus -- It came from a http://gmail.com  address. This would have been a bad call, it would have shown that they'd reached an actual human. 5/10
I decided to look at the email in more details in Google and I've annotated some things that are important to notice. First, it passed all of Google's Spam Checks. 6/10
It passed the SPF check. SPF is the Sender Policy Framework built into mail servers. Basically it relies on records to specify what IP addresses and domains can originate email for a given domain. 7/10
It also passed the DKIM and DMARC checks. DKIM is a cryptographic signature on email. DMARC is another check based on domain names. It passed all the checks because it was sent through Google servers from a http://gmail.com  domain. 8/10
There are some tell tale signs that it's not legitimate in the message. The product key is way too short for it to be real. There are a number of grammar mistakes, and it essentially tells the receiver that no one will answer the number listed and requests PII. 9/10
There are some tell tale signs that it's not legitimate in the message. The product key is way too short for it to be real. There are a number of grammar mistakes, and it essentially tells the receiver that no one will answer the number listed and requests PII. 9/10
There are some tell tale signs that it's not legitimate in the message. The product key is way too short for it to be real. There are a number of grammar mistakes, and it essentially tells the receiver that no one will answer the number listed and requests PII. 9/10
I did go and check all my credit cards and was happy to find no charges for Norton's security suite. I hope that these screenshots are helpful to you to spot malicious email in the future. 10/10
You can follow @MrDamienDeVille.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.