Spotting Spoofed Emails! The most reliable way I do it is

I have written about spoofed e-mails (phishing scam e-mails) on this blog.
Although I have taken various countermeasures, I still receive many suspicious e-mails every day.

Many of them can be recognized as scam e-mails at a glance, but some of them are very cleverly designed, and although I am used to them, I cannot let my guard down.

There are several points to detect spoof/scam e-mails, but I would like to share with you one check method that I often use these days because I think it is the most reliable.

I will write about it first in this article and summarize other checkpoints in the latter half of the article. Please check them so that you will not be fooled by spoofed or fraudulent e-mails!

The most reliable way to detect spoofed e-mails

The method that I think is“ the most reliable (at this point) to detect spoofed e-mails ” and that I am actually doing frequently now is to“ check the URL of the link ,

Check the URL of the link.

Spoofed e-mails always use clever language to get you to click on a button or text link, and then lead you to a fraudulent site where you are asked to write down your account number, PIN, etc. So, if you click on the button or text link, you will be directed to a fraudulent site.

Therefore, I think the most obvious and reliable way is to check the URL of the site to which the button or text link takes you and see if it is legitimate or not.

Here is an email I received this morning pretending to be from Amazon, but it is a scam.

It’s so full of suspicious things at a quick glance that I honestly don’t even need to look up the link (laughs), but I’m going to use it as a sample this time.

Let’s try it out.

1 Finding a link to jump

You can find the link by looking at it rather than looking for it. In this example, it is the yellow button in the middle that says “Amazon Login.
You can see it because before it says, “Please log in to your account below and update your information.” You can also see it because it also says “Please log in to your account below and update your information.

In this email, it is a button, but some have text in the text to skip, or sometimes both.

In the email you receive, find the link to jump to here.

Here we will use this button to find out.

2 Examine the link

If you click or tap here, you will go to that site without checking it out, so never click or tap here. (If you do click on the link, just close it and you will be fine.)

In the case of a Macintosh

• Place the pointer over the button (do not click!)
• Right-click the mouse.
• Select “Copy link” (the link will be copied to your Mac).
• Paste the link into “Memo” and check it.

In the case of Windows

• Place the pointer over the button (do not click!)
• Right mouse click
• Select “Copy Hyperlink” when it appears (it will be copied to your PC).
• Paste the hyperlink into Notepad, etc. and check it.

In case of iPhone

• Touch your finger on the button (do not tap!)
• Wait about 1 second, and you will see the URL of the destination.
• After that, select “Copy Link” to copy the URL and paste it into “Memo” to save it.

In case of Adroid

Sorry, I don’t have an Android phone close at hand, and I don’t know what to look up, but I think it can be done in the same way as iPhone….

3 Check the results of your research!

The result was…?　The URL was https://amaaxa.top/. Only “ama” is correct, but it is not related to amazon at all (laugh).
So, this email is certified as a scam email!

By the way, if you examine the buttons of real emails from Amazon

For example, the button for a regular recommendation newsletter looks like this, and if you check it out as well…

h ttps:// www.amazon.co.jp/gp/r.html?C=2AMVC9HKUN9I5&K=UFVN6WPQSI9C&M=urn:rtn:msg:20231130013445bbdbff7aab554f0a9f6cec159fa0 p0fe&R=Z3SNNFTKQQY1&T=C&U=https://www.amazon.co.jp/gp/product/B0BSGXZYTV/ref=pe_1893652_505836262_em_1p_0_lm&H= MAARGVBKZMXPXMMMX9MG9LCJMAOAA&ref_=pe_1893652_505836262_em_1p_0_lm

Here’s the button on the email that came from another “Amazon Business” service.

If you look up this “Create a Free Account” as well

h ttps:// www.amazonbusiness.jp/e/397452/e-jp-ssr-acq-acq23q4-promo-em6/76t21j/2890870926/h/YQz5fAC4KYNBaxJNdgctf3ACTF0BoPIK1SLwq_ PtFY8.

The first part of the URL is
https://www.amazon.co.jp
https://www.amazonbusiness.jp
and the first part of the URL is ,
Both of these URLs are very long because they include various measurement information in the URL.

This approach works for other mailings as well.

I receive many suspicious e-mails from banks, credit card companies, department stores, transportation companies, shipping companies, and so on.
Spoofed e-mails are always in the form of “click and tap to go to some site,” so those that say “click here to check” or “hurry up and click to correct your information” are suspicious e-mails at first.
At that time, you should check the destination from the “button (or string) to jump to” that is always there.

That one step will tell you for sure if it is a suspicious e-mail or not.

I mentioned earlier that “other elements are suspicious,” and after this I will summarize the “suspicious points” of the e-mail that I habitually look for.

Scam e-mails and other suspicious points

1 Sender’s e-mail address

Not “sender name.” The sender name can use any characters, so it can be “Amazon,” “Rakuten Market,” “JR West Japan,” “Attempted Sumitomo Bank,” or whatever. In this e-mail, it is “Sender Amazon”.
The sender’s name (originator’s name) is not at all trustworthy.

However, e-mail addresses are not so easy.

It depends on the e-mail software, but sometimes the e-mail address is displayed from the beginning, and this software displays the e-mail address by placing the pointer over the sender’s name “Amazon.

Let’s try it.

It is oi.aeon.co.jp.
Aeon?　Maybe they took the domain “aeon.co.jp” to send out scam mails in the name of Aeon (lol).

The fact that this is coming as an outgoing from Amazon confirms the scam mail! But if it is from Aeon, I might think it is genuine. This is the scary part.
In fact, I have received an obviously fraudulent e-mail from Amazon with the address “amazon.co.jp”.

By the way, be careful about the sender’s name “0000 .cn “. .cn” is a domain that represents China, and many spoofed e-mails have this .cn attached to them. Of course, we do not mean to speak ill of the country or people of China, but we would like to point out that, in fact, .cn is very common in spoofed e-mails.

Unfortunately, we feel that the method of looking at the “sender’s email address” is also becoming more difficult to determine than before.

2 They prompt you to enter personal information or to confirm or correct it.

Scam e-mails always include this kind of language because their purpose is to send you to their website and obtain important information there. This is rarely the case with legitimate emails.

In the sample email

You need to verify your account information.
Please log in to your account below and update your information.”
These are usually scam emails.

3 Rushing, time-limiting, or otherwise making the reader feel rushed or anxious

Spoofed e-mails first make the reader feel anxious, rushed, and encouraged to take action.
In the email to me as an example

Subject line “[Important Notice]” and “Canceled” in the subject line → makes the reader feel nervous.

In the body of the message
If you do not receive a confirmation within 48 hours” → break the time and make you feel anxious and impatient.
We will restrict the use of your account” → to threaten or make the user feel uneasy.

These are common characteristics of spoofed e-mails.

4There are misspellings or unnatural parts in sentences

Scam e-mails often contain unnatural sentences and misspellings.
Often, the sentences have a subtle sense of discomfort, as if a foreigner has used translation software to create them.

Business e-mails, especially those from large companies, are read by many people and there are absolutely no strange parts in them.

Take this email to me, for example…

Contact: Amazon Customer Service. ←The last “. is strange.

Thank you for your continued support. ←I don’t usually see typos like this.

This is a little less than two places, but it is possible to receive a messed-up Japanese email.
These two places are also not likely to be in a large company’s business e-mail.

5 The mail is poorly made or looks lonely.

And of course, if it’s a personal e-mail, it’s often just text.
I think that even scam emails can be elaborately crafted,
I think this is just a reference point,

Scam e-mails often have few images and are very simple.
Most of the fake sites are so elaborate that it is almost impossible to distinguish them from the real ones, but then, I feel that most spoofed e-mails are very simple or lonely, with no logo.

This is somewhat understandable, however, if you imagine the feelings of the culprits.

Since the purpose of the e-mail is to “scare, rush, and hurry” anyway, there is no need to put so much work into the images and decorations. The site you go to must make you think it is real, so you have to make it look exactly like the real thing. That’s probably how it works.

I’ll put the sample Amazon spoof email side by side with the actual email I received from Amazon, and the difference is huge.

I can’t use this as the main source of judgment, as there will be no elaborate scam emails in the future, but it is a good reference for one.

6.It is not a service I use. Or it’s coming to an address that I use but not the email address I’m registered with.

Also, this is a bit out of the question, but if, for example, you get a message from a bank you don’t even have an account with saying “We’re freezing your account,” or from a service you don’t know at all saying “Update your membership information,” you’ll know right away that it’s suspicious.

That happens because the perpetrator knows your e-mail address from some list and is sending you anything and everything.
A little trickier is the case where the message is sent to an address that you use but is not your registered email address.

In my case, I have multiple email addresses, and I use Amazon, but I am receiving emails in Amazon’s name to an address that I am not using to register.

Amazon or anywhere else will not send to an email address that is not registered. So, the fact that they sent it to an email address that I did not register with is a confirmed scam email that they are simply sending randomly.

In summary

• The sender’s email address is not the original sender’s email address.
• The email is asking you to click (or tap) to enter or modify information.
• The email is very hasty in its actions, and it makes you feel anxious or agitated with time limits, etc.
• The text is misspelled or unnatural.
• The email is poorly crafted or looks lonely.
• It is not a service that you use. Or, the email is sent to an address that you use but is not your registered email address.

I feel that these are the characteristics of spoofed or fraudulent e-mails.

One last thing!

Conclusion

What I would like to recommend this time is to “check the URL of the link” and “look at the e-mail address of the recipient.

Spoofed e-mails will not start anything unless you jump from the link.
So there is always a link, and by looking up the destination from there, you can see if it is the correct one.
This is the most reliable method at this point, although it takes a bit of time and effort.

However, there may be cases where the destination also resembles the real one, so please check “other suspicious points” and do not click on such links or enter the other party’s site by mistake.

It is often said that instead of clicking on the link in the e-mail, you should go to the company’s official website from your bookmark or search, and see if they say you need to “change your membership registration” or something like that there.