Recently, a few phishing*, or scam email, schemes got through Cruzio’s spam filters and landed in customer email boxes.

We catch more than 90% of spam, but sometimes the scammers who run these schemes are clever and manage to fool our filters. It’s a constant arms race as barriers improve but spammers figure out how to bypass them.

We have some tips to help you recognize phishing when you see it, so you can have more confidence in tossing phonies away. We’ll use the recent email imitating Cruzio as an example. It was well crafted, but there were some “tells” we’d like to point out.

(By the way, if you think you know all the tricks and are good at spotting spammy schemes, go ahead and skip these tips and try this Google quiz. How’d you do?)

Check the “From” Address

phishing email showing return address

Here’s a great clue to a phishing email. Click the “From” email address to see the full address written out. Usually it won’t be what you expect. In this case, the return address is someone at “wildblue.net,” not Cruzio.

 

Roll Your Mouse Over the Links

phishing email showing phony link

The best indication of all is to roll your mouse over the links in the email. This is where the sender wants you to go to enter your password or other information. Don’t click on the link. Just put your mouse over the link and wait until the destination is revealed. (If you do click, just back out. Unless you enter information, clicking a link is pretty harmless.)

You’d expect this link to point to an address at cruzio.com. But it’s not. It’s sending you to “jamaioaa.com”. That’s a pretty sure sign that this is fake.

Notice that the text appearing in the email looks like the right website address. That’s a spoof. You have to mouse over the link to see where it will really send you.

Sometimes the scammer will put the word “cruzio” into their link to try to fool you. For example they might name the link http://jamaioaa.com/cruzio/verify. But other parts of the address are just words. It’s the “.com” part which shows the server’s identity.

Read Carefully: Does It Look or Sound Odd?

example of phishing email

The example above is one of the best fakes we’ve ever seen. Still, there are several obvious problems, if you look closely:

  1. The Cruzio logo is squished. We don’t display our logo with an oval cat, it’s a circle. In fact, the whole header, which has been copied off the internet, is compressed and looks wrong side by side with our real logo.
  2. We don’t start emails with “Attention customer:”. If you’ve ever received email from us — and as a customer you certainly have — you know we are friendlier than that. The whole letter has a tone unlike our other communications.
  3. This sentence is so poorly written, it doesn’t seem written by an English speaker.  “Please verify your account with your details click link below” — what? We sometimes make typos or phrase something a bit awkwardly, but this sentence is grammatically wrong in several ways.
  4. Often phishing email will contain easily-spotted typographical errors. In this case there’s an apostrophe in front of “Thank You”. Plus, the email is signed “Cruzio Customer Service” rather than “The folks at Cruzio.” Missing that friendliness again.

Overall, if you take the time to read carefully, this email doesn’t look or sound like us.

If you ever have doubts about an email sent to you by Cruzio or any other company, contact the company directly and ask what’s up.  And if you fear you’ve fallen for a scheme, change the password you think you’ve compromised and contact the company and/or Cruzio. We’re always glad to help you.

Now that you’re familiar with scammers’ “tells,” if you didn’t do it before, take that Google quiz to test your knowledge. How’d you do now?

*”Phishing” is the term email that tries to get users to click on fake links and enter their passwords and other personal information into fake websites. The scammers imitate the look and feel of real companies, sometimes very convincingly. Even professionals can fall for these schemes — a campaign aide who fell for a phishing scheme is what gave Russian operatives access to Hillary Clinton’s campaign emails.