What to do when we get an email about a purchase that we did not made?
The focus on this post is to warn end users it is classified as Daily Questions, because it is useful to everyone. If you interested on technical analysis check the SecOPS posts tags.
We will show an example of a fake email (a phishing) that I got. The email seems to be from Apple and it has a drone purchase receipt. First thing: no purchase was made. First analysis about the email. The question that everyone should do when get an email is: Is this true?
Without technical analysis, let's enumerate some thing that can help.
- Domain @apple.com. OK
- Source e-mail with a weird name: “REDJANG-DANCE959”. Usually we expect to receive some emails like: email@example.com, firstname.lastname@example.org. NO-OK
- The greettins is using the same email address instead of the correct name. Dear ( email@example.com). NO-OK
- The name in the receipt and the name of the email owner are different. NO-OK
- No purchase was made. NO-OK
- The destination address is wrong. NO-OK
- Apple selling Drones. NO-OK
- The email is a reply ("Re:"). NO-OK
- The drone price is apparently right. OK
- A search on internet show another user that got the same email with few differences. Apple community site. NO-OK
Conclusion: We will consider this email as a phishing, so just delete and let's keep life going. The OK/NO-OK questions were created just to help the email classification. From 11 questions only 2 were OK. The best scenario is when all questions results in OK. Two more things to do is check your credit card to confirm that no purchase was made and check your Apple account.
If you get an e-mail like this, don't click in any of the links. If you didn't buy the item that email is talking about, so it is fake.
If you want more detail about e-mail investigation click here.