Charles Dissects a Fake Email

Hi Everyone!

Classic phishing email scam. Let’s look at the clues:

1. From “JPMorgan, N.A”.

It looks important, but look at the return email address, “watergardensigiriya.com.” As big as JP Morgan is, they wouldn't use some off-the-wall domain name like watergardensigiriya.com.

2. To “info@orthodontics.com”

Any type of official banking will never go to an “info” account. Important banking should go to your personal account, never an “info” account. Since info@orthodontics.com is a generic catch-all account and is listed on your website, this is most likely someone is skimming the internet for email addresses that are listed on websites and they found yours to probe.

3. “Dear "______" ,

If you are really getting an important email from JP Morgan they would definitely take the time to add your name to “Dear”. It’s obvious that this is a template that the spammer is using to send out to its victims. Since the “info@wiseorthodontics.com” email account’s first and last name was left blank in GoDaddy, it could not populate the name after the “Dear”. This is a huge give away that this email was fake.

4. As with all phishing emails, the sender wants you to open the attachment.

In all cases, this attachment is either a Word document files (.DOC) or a Zip file (.ZIP). Since most people are taught to NEVER open a ZIP files and most email providers block ZIP files, the next choice is a Word Document file (.DOC). Spammers have a way of encoding hacking code within a DOC file so once you open it, your computer is toast! Of course, if there is an email demanding money, outstanding invoices, free airline tickets, UPS verification, one would open it just to make sure….and then your PC is toast!

5. Now, if it’s a PDF file, then “it should be” safe right?

Anytime you receive an invoice from any vender (like me), it will always be a PDF file attachment because you can never encode a virus to a PDF file. Well, in this case, the sender conveniently put a link right smack in the middle of the email inviting you to just click on it. Under that “so called” “JPMorgan_Payment_Remittance_Advice_10245866.pdf” link was a website link to the spammers server. Once you click on that, you just verified to the spammer that you are real, you do check your emails, and now you are a prime target for more spam emails. Hey, if you did it once, you will most likely do it again. In this email, there was never a physical PDF attachment, but only a “PDF link”. Big give away here.

6. Seriously?

“Head of Bus Banking Customer Support”??? So is that an actual bus or did they mean “business”? If I send you an email for a $1 Million dollar invoice, I would never sign it as “Big IT Dude Customer Support and Head of CEO Department”. With any official email, there should always be a proper closing with someone’s name, title, phone number, email address, etc.