Last week, MrConsumer received an email seemingly from Amazon saying it was sending along a $100 gift card as a thank you. How nice of them. But on closer inspection, this was a scam.
*MOUSE PRINT:
First, the email was addressed to “abuse@consumerworld.org” which is not a personal email. Secondly, when hovering over the “view details” button with the mouse, you see that clicking it would take you to “woo-brands.com” and not to Amazon. Visiting that site could well have infected my computer with malware, trigger whatever trap the sender intended.
And checking the IP addresses in the header information of this email (under source in most email programs), you see that the email appears to have originated in China and had a lovely journey through Italy on the way to Boston.
*MOUSE PRINT:
So, the lesson here is that no matter how legitimate an email looks, double-check any links or buttons, no matter what they say, before clicking on them.
Wow. The international routing is an eye opener. Good catch, good advice. Thanks for sharing. Enjoy the holidays. Joe.
I wish more people knew how to read email headers and look up an IP address, but I suppose that’s like saying “I wish more people knew how to change their oil and do their own tire rotation.” These gift card scams are picking up in popularity with Christmas approaching, there’s no such thing as a free lunch.
Generally if something looks too good to be true, it isn’t true. And if you’re being offered something for nothing, then you’re being scammed or you are the product.
You don’t need to be able to decode email headers yourself to find out where a suspect email is coming from. You only need to be able to view the header in your email program. (The process differs among email clients. Check your program’s Help section).
Then copy the whole header and go to a site like https://www.iptrackeronline.com/email-header-analysis.php and paste just the header into the analysis box. That site will tell you who is the apparent sender.(The “From” line in the header is often a forgery.)
If you are willing to do a bit more work, you can also help others by forwarding a copy of the complete email to SpamCop.net which will send a copy of the offending email to the Internet Service Provider that was used to send out the Spam. You will need to register at https://www.spamcop.net/anonsignup.shtml Some ISPs will indeed take action against scam emails (though many Spammers will just open accounts under another name–at least it slows them down).
SpamCop can be a bit user unfriendly. There needs to be at least one blank line between the header and the text of the Spam for the decoder to work. If there isn’t, you need to put one in.
Alas, the current administration in Washington has elected to shut down its consumer Spam collection email address which used to collect Spam from users to help regulators decide where to target the federal government’s very limited Spam enforcement activities. This was very easy to use, though it went after only the really big fish.
Edgar replies: Jon, thanks so much for the very helpful additional information.
I get a lot of these “free Amazon gift card” spams, too. The one that Mr. Consumer got is one of the better constructed ones–they range from very authentic looking to terrible. The most common fake email I get is “we’ve found it necessary to shut down your [fill-in-the-blank] account, until you verify your credentials.” Besides the detective advice that he and JonK (above) offered, there are other ways to spot a fake easily. And this applies to not just fake Amazon offers. If there are misspellings, poor English, grammatical errors, punctuation mistakes, and formatting errors, you should be ready to hit the delete key immediately. My wife doesn’t call me her grammar Nazi for nothing!
There’s a little program I’ve been using for years called IPNetInfo. If you do a search, you’ll find that it’s a free download offered by various reputable sites. You can copy the entire email header into it and see the path it came from and all the stops along the way.
Of course, hovering over various links in the suspicious email will also tell you that it’s bogus.