How to Tell if an Email is a Scam

  • Steve Puffenberger
  • Technical Support
  • Share this:

How to Tell if an Email is a Scam

They're @ it again. New attack vector for identity theft

So, a client/friend of ours called up.  He has an iPhone and iPad, but on his PC he had received an email for an iTunes game purchase he had not made.  He thought it sounded phishy, so he called us up, wanting to know if it was at all valid.  It didn't take long to find out it was a scam.  Here's how to track this down.

First, this was proportedly from Apple.  But if we open the email and look at the "From" address.  It's someone named Mary Powell at a domain called "" If this was truly from Apple the last part of that address (after the @ sign) would be  Either Mary's account got hacked, or someone is "spoofing" her email address.*

Second, there is no other text in the mail, only an attached Word document, and that's our next red flag.  If the text had been in broken or misspelled English that would be another. Any legitimate receipt from a company would have the receipt in body text, or as a PDF attachment - with explanatory text in the body. Normally opening an unsolicited Word document can be hazardous because hidden code can plant viruses in your computer, but because Office 365 opens Internet-sourced documents in protected mode we could open it, and here's what we found:  

In this nice-looking Word document, there are a few more tipoffs. First, there's no identification of who made the purchase or the last four of a credit card account. Second, at the footer, "Apple ID Summary, Terms af Service and Privacy Policy should be links.  They're not.  The big threat is the link most likely to be clicked, "Click Here to cancel your purchase." Hovering over that link** shows the real culprit:

It's a convoluted URL, but do you see anything that resembles in there anywhere?  No. That means this will take you to a bogus site that (at best) has a phony iTunes login screen through which they'll get your acocunt password. I said at best, because at worst the page at the end of this link could have a virus or ransomware payload that would completely corrupt your computer. 

If an email appears to be from a company, check the URLs and you can quickly tell whether it is legitimate or not. The next one may not look like this, but if you know what to watch for you can be prepared. See the infographic, below. Bottom line, if you can't understand it, don't click it.

Some scammers are sneaky, and they try to inject the true business name within a long URL so you'll think it's legit.  What matters is WHERE the domain name (in this case, "") would be in that long list of gibberish.  Once you learn the rule of thumb, it's not hard to spot a phony.  I've created an Infographic that you can download, save and print to remind you.  Just remember that you need to THINK BEFORE YOU CLICK! 

Download "How to Read a URL" Infographic

At Advent Media, Inc. we want to help our customers stay safe in their use of the Internet. To learn how we can help you communicate with video, Web or presentations, this is the link to click.



* "Email Spoofing" is when a scammer uses a random person's legitimate email address as the "from" address in a message. They do that to "fly in" under spam filter radar, because their actual address is blacklisted. Spoofed accounts are not hacked, as email addresses are publically available, or addresses are harvested from others who have been hacked. Spoofing or Hacking is the subject for a longer post. 

** "Hovering" is simply moving your mouse over a link without clicking it (something you can't do using touch on a tablet).  In some programs the destination will pop up above the cursor (as seen above). In others the link will appear at the bottom of the program window. Try moving your mouse over this link (don't click, it doesn't go anywhere). Always verify the destination of the link before you click it. 


Theme picker

By using our site, you acknowledge that you have read and understand our Usage Terms, Privacy Policy and Cookie Policy.