Someone I know just got this email. Can you spot the first problem? (Click the image to enlarge).

Scam Screenshot

It’s a missing period

The reason I called this insidious is because it almost looks legitimate when you take a look at the sender—something you should always do. It’s from someone at “supportcox.com.” Legitimate sites often have a support site, and often it is something called a subdomain. Apple support is at “support.apple.com”, Zoom support is at “support.zoom.com.” A subdomain is a name, followed by a period, followed by the website address (name).

Our fake email sender address above lacks a period. There is no such thing as “support.cox.com”, but it’s easy to miss that there is no period between “support” and “cox” in the sender address. In fact, the crappy criminal that designed this is hoping recipients won’t notice that at all.

Screenshot of the incorrect email address

So, this is a fake email, from someone who simply paid a few dollars for an email address that will, unfortunately, fool lots of people into thinking it actually came from Cox—because “cox.com” is a part of the address.

Slight changes, including misspellings of valid URLs, are a common trick

How many times have you mis-typed a website address (URL)? Maybe something like “wallmart” instead of “walmart?” Anyone can buy the website address “wallmart” for a few bucks a year. And they can also add “online” to a valid bank website and look legitimate. Would you recognize the difference between “yourbank.com” and “yourbankonline.com” if something lands in your inbox? A fake website can easily be designed to look like the real thing. But being on the wrong banking website means that you send your username and password to a criminal, not to the bank.

URLs can be hard to explain, and difficult for many people to recognize

I find that explaining website addresses is probably the hardest part of teaching cybercrime prevention. A legitimate site is like your street address; there is only one house with your complete address. But any change to that address is significant. Like 123 N 7th Street is a completely different location than 123 N 7th Avenue. Scammers work the long odds. Send enough emails and let human nature take its course. To err is human, right?

Know your website addresses

I know that the website for Chase bank is “chase.com.” It isn’t “chaseonline.com” or “chasebank.com” or any other variation. But as I write this, I can buy the domain “chaseonline.support” for $20 for a year. With that URL, I can create a fake website designed to download malware to your computer or to steal your password. And if I send out a million emails, which cost me almost nothing to do, I can trick some people into clicking a link that leads to my fake website.

It is that easy

Lest you think I’ve revealed the secret sauce, I haven’t. There are millions of fake websites and billions of fake emails and texts and spam phone calls every year. And millions of victims loose billions of dollars, much of it unrecoverable. We have lots of articles and videos here at Oasis Connections that can help you recognize and avoid cybercrime. Please take the time to learn how to protect yourself. It’s worth the effort.

Amy and Ken - We want to hear from you

Has this happened to you?

Have you received phishing emails or been targeted by an email scam?

Tell us about your experience in the comments below.