BITS & BYTES: Is that email safe to open?

2014-06-18T08:03:00Z 2014-06-18T17:37:17Z BITS & BYTES: Is that email safe to open?April Miller Cripliver Times Business Columnist

Q: How do I know whether an email message is safe to open?

A: Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how can you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no single technique that works in every situation, but here are 10 that might help:

1. The message contains a mismatched URL: Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the URL, you will see the actual hyperlinked address (at least that’s how it works in Outlook). If the hyperlinked address is different from the address that is displayed, then the message is probably malicious.

2. URLs contain a misleading domain name: The bad guys depend on victims not knowing how the DNS naming structure for domains works. It is the last part of a domain name that is the most telling. For example, the domain name would be a child domain of because appears at the end of the full domain name (on the right hand side of it). Conversely, it is clear that would not have originated from because is on the left side of the domain name, not on the right.

I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple or whatever. The resulting domain name looks something like this:

3. The message contains poor spelling and grammar: Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, legality and a myriad of other quality control topics. As such, if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

4. The message asks for personal information: No matter how official an email message might look, it is always a bad sign if the message asks for personal information. Your bank doesn’t need you to send them your account number; they already know what it is. Similarly, a reputable company would never send an email asking for your password, credit card number or the answer to a security question.

5. The offer seems too good to be true: There is an old saying that if something seems too good to be true, it probably is. That saying holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, then the message is probably a scam. After all, why would a Nigerian prince you don’t know contact you to help him smuggle money out of his country?

Intrigued? Read my next column for 5 more tips that an email isn’t worth your trust.

Opinions are solely the writer's. April Miller Cripliver of Chesterton holds a doctorate in management information systems and is a computer hardware and software consultant. E-mail your computer questions to, and specify your operating system and other pertinent PC information.

Copyright 2014 All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Follow The Times

Featured Businesses

In This Issue

Professionals on the Move Banner
Get weekly ads via e-mail



Who do you support for the U.S. House of Representatives in District 1?

View Results