Anyone Getting "Realistic" Fake Emails?

  • Thread starter kyphysics
  • Start date
  • #1
202
140
I'm not sure how to word this, so please forgive the title of the thread if it's not the best description.

So...over the last year or so, I've gotten emails that seemed legitimate, but that had something odd/suspicious about them and caused me not to open them. For example, I've gotten an email with "INVOICE" as the sender and then a receipt number in the title.

Another example is getting an email from a known company I've done business with, but having the email come out of the blue and have a weird title (it mentioned a renewal certificate). I actually called that company and they said they wouldn't have sent that and have never heard of the person whose name was listed as the sender.

I change my email passwords regularly, so I doubt someone has hacked my email account and is trying to send me fakes with the intention of getting me to open up some attachment that sends crazy malware or something like that. But, I just find these clever and disturbing. I was close to opening this one described above, but my gut sensed something was wrong. I called and am glad they said it wasn't them who sent it.

I guess my question is how on Earth would someone know to send such an email from someone I'd done business with in the past? Anyone get such "deep fake" emails? If so, how common have you found it to be?
 

Answers and Replies

  • #2
DrClaude
Mentor
7,488
3,758
They send such e-mails to everyone. I've gotten lots of them from companies that I never have done business with (they seem to be often targeting Americans). They just need a couple to land in the right inboxes.

A good tip is to check if the e-mail is personalized. When I get e-mails from, e.g., Amazon or PayPal, they always know my real name.

Also, always check where the e-mail is really coming from. Sometimes, it is obvious,
1602148962912.png

sometimes, you have to look at the message headers to know exactly where the message come from.

A lot could be said about not clicking links in e-mails. I have even noticed that many legitimate e-mails no longer contain links. They simply tell you to go to the company's website.
 
  • Like
Likes davenn
  • #3
12,205
5,900
Best email practices of today’s companies and government organizations is to not provide a directly clickable link but instead direct the user to their site. Clickable links have two parts, the link address and some display text. Often the display text is either the company name or.it’s url.

However, bad actors may instead make the display text say one thing but the url to say something entirely different fooling the recipient. Now they suggest you type in the url and forego the convenience of a link.

Sadly, some companies haven’t gotten the best practices message and their emails look suspicious and should be rightly avoided by the end user. At work we routinely get valid yet suspicious messages that we question and have to verify before we can act. Some parts of our university have yet to adopt best practices.

An enduser best practice is to set your mail client to not render html in messages so you can look at where links really go and thus be less likely fooled by questionable links.
 
  • #4
278
145
That e-mail from the company you had done business with, all i takes is a little malware on one of the corporate machines and then they can access that company's e-mail server. From there its easy to find out who they have been recieving e-mails from and sending them to in order to make an e-mail seem more legitimate.

This is quite often these days, be vigilant to the e-mails themselves, not who they came from. Don't let it freak you out :)
 
  • #5
Janus
Staff Emeritus
Science Advisor
Insights Author
Gold Member
3,576
1,364
Just recently my wife got an email claiming to be our bank. It said that they had stopped a charge to her credit card and asked if it was a valid charge or not.
It immediately set off alarm bells. For one, she had signed up for text alerts, and had not received one on her phone, For another the Red and Green boxes that you were supposed to click for "yes" or "no" had some extra wording in them that I hadn't seen before ( we got an alert once on a valid charge which the bank thought might be iffy).
So we just logged on to our bank account the normal way, checked for alerts, and found none. We forwarded the E-mail to our bank's fraud department.
A few days later my wife got a notice from a company she had bought some stuff from that there had been a data breach, and some info had been leaked. Nothing vital, e-mail addresses, etc. It turned out this happened on the same day as she got the e-mail. So obviously it was an attempt to phish for more information.
 
  • Like
Likes Nik_2213
  • #6
202
140
Here's another example:

Paypal said I donated money to someone and gave me a receipt. I was like WHAT?? I opened that email and it was not anyone I knew (donor). I then opened my Paypal and my latest transactions had no such record. That was the only fake email I've opened (no link in the email itself....it was all text). Hope I didn't get malware from it.

But, yeah, these are actually kind of "decent" fakes. They make you curious. I was dumb to open the Paypal fake email, but thankfully I've resisted all others thus far.
 
  • #7
anorlunda
Staff Emeritus
Insights Author
8,852
5,752
It is called "spear pfishing" It uses your personal information, such as the names of coworkers, or your wife's favorite item, or what your recent purchases were, to seed phony emails to make them appear real to you.

That is one of the reasons why you should try to protect your information online or on your devices. Random true facts about you can be used as a weapon against you. Protecting yourself becomes more difficult every year.
 
  • Like
Likes Klystron and hutchphd
  • #8
DrClaude
Mentor
7,488
3,758
It uses your personal information, such as the names of coworkers, or your wife's favorite item, or what your recent purchases were, to seed phony emails to make them appear real to you.
I don't think that what @kyphysics got is that sophisticated. I know that I never got something like that. The e-mails usually do not contain any specific information.
 
  • #9
1,491
429
Just look at the email address the sender is using. If its hotmail instead of .anz.co.nz (for example - a bank website), then delete it.
 
  • #10
278
145
The sending address is extremely easily faked, I can knock up an e-mail to appear to come from any address I like in about 30 seconds......by all means check it but don't rely on it.
 
  • Like
Likes DrClaude
  • #11
DrClaude
Mentor
7,488
3,758
The sending address is extremely easily faked, I can knock up an e-mail to appear to come from any address I like in about 30 seconds......by all means check it but don't rely on it.
Yes. That's why I said that one should check the headers to see where the mail really came from.
 
  • #12
278
145
Checking message headers is a better method but you do need some tech knowledge to decipher them. If your not an IT Tech the message headers are just gibberish.
 
  • #13
1,701
1,030
Anyone get such "deep fake" emails? If so, how common have you found it to be?
Once I got one such email to company mail with company profile matching, referenced to existing people with matching profession and many details.

It could have been a valid RFQ, but the return address was soooooo fake that it was discarded without much bother.
 
  • #14
Stephen Tashi
Science Advisor
7,453
1,404
Before opening email, it's best to disconnect your computer from the internet to keep scammers from knowing that you have opened their messages. Otherwise they can deduce the type of message titles that attract your attention. ( Only setting the computer not to open images in emails isn't sufficient. And I don't know if Thunderbird email's option to "block remote content" is sufficient.)

For example, from https://en.wikipedia.org/wiki/Web_beacon

However, since beacons can be embedded in email as non-pictorial elements, the email need not contain an image or advertisement or anything else related to the identity of the monitoring party. This makes detection of such emails difficult.[7]
 
  • #15
202
140
Dumb Question:
How do you see the sender address w/o opening the email? I get you can see the sender "title," but that's not the same as their email address.

edited to add: For example, I might see something is sent from "Charles Lawn Care" and see the email title as "Receipt of service." But, unless I open the email in my Gmail account, how can I see the way the sender's email is written?
 
  • #16
278
145
If your looking at e-mail through a web page like the gmail web site its unlikely you will get infected as your just being sent web page data. It's really a main problem if you have a dedicated e-mail client like Outlook and actually download e-mail onto your PC before opening it.
 
  • #17
1,828
983
I get emails like this from time to time on my work laptop. They come from our IT group as a test to see if we are smart enough to forward the email on to the "suspicious emails" folder. If we do we get a congrats and if we open the email and click its links we get a scolding.
 
  • Haha
Likes anorlunda
  • #18
278
145
That's pretty standard these days, companies testing their employees for alertness. I have been in a company where if you misclick the test e-mails 3 times you get sacked.
 
  • #19
1,828
983
if you misclick the test e-mails 3 times you get sacked
wow that's pretty severe. on the other hand, an employee that doesn't get it and continues clicking away like that is probably screwing around or making mistakes in other areas.
 
  • #20
278
145
Well, in my case I was working somewhere sensitive that required national security clearence. Severe...yes....but necesary in that environment.
 
  • #21
34,265
5,905
I've been getting a lot of scammer PayPal emails lately. If the sender's email seems flaky, I mark them as junk.
 
  • #22
davenn
Science Advisor
Gold Member
2019 Award
9,337
8,004
So...over the last year or so, I've gotten emails that seemed legitimate, but that had something odd/suspicious about them and caused me not to open them. For example, I've gotten an email with "INVOICE" as the sender and then a receipt number in the title.

Another example is getting an email from a known company I've done business with, but having the email come out of the blue and have a weird title (it mentioned a renewal certificate). I actually called that company and they said they wouldn't have sent that and have never heard of the person whose name was listed as the sender.
I get 1000's of them a year purporting to be from companies I do and dont deal with
Banks, Internet Providers, The classic PAYPAL one that @DrClaude displayed

Phishing emails have been around for years and years. Their "quality" are getting better
as their replication of the invoice etc page gets more and more like an original and even with a reasonable glance
it is difficult to tell them apart.


Dumb Question:
How do you see the sender address w/o opening the email? I get you can see the sender "title," but that's not the same as their email address.

That's easy ( well maybe depending on your email client) my very, very old one Eudora shows the addy in the status bar at the bottom of the screen when I move the mouse over the "reply" "click here to update info" etc words


Dave
 
  • #23
davenn
Science Advisor
Gold Member
2019 Award
9,337
8,004
I guess my question is how on Earth would someone know to send such an email from someone I'd done business with in the past? Anyone get such "deep fake" emails? If so, how common have you found it to be?

Again very easy ... these phishing people are continuously scanning the net picking up your and the business email addy's
then altering them and sending you the fake emails
 
  • #24
davenn
Science Advisor
Gold Member
2019 Award
9,337
8,004
here's a typical example
purporting to be from Woolworths ( a major Australian supermarket chain)

Note: when I hover the mouse over any of the parts in the email look at the addy in the lower left corner
it has nothing to do with a link to Woolworths
Sometimes the company name will appear in the addy, but rarely will it be early on, before the first "/"
Clipboard12.jpg
 
  • #25
Janus
Staff Emeritus
Science Advisor
Insights Author
Gold Member
3,576
1,364
here's a typical example
purporting to be from Woolworths ( a major Australian supermarket chain)
Obviously a different Woolworths than the five and dime that used to exist in the US.
 
  • Like
Likes davenn

Related Threads on Anyone Getting "Realistic" Fake Emails?

  • Last Post
Replies
20
Views
3K
Replies
21
Views
422
  • Last Post
Replies
22
Views
14K
  • Last Post
Replies
1
Views
3K
  • Last Post
Replies
4
Views
2K
  • Last Post
Replies
1
Views
2K
  • Last Post
Replies
1
Views
3K
  • Last Post
Replies
15
Views
3K
  • Last Post
Replies
7
Views
2K
  • Last Post
Replies
2
Views
2K
Top