Emails with a weird gut feeling

Written by:
Leo Hoogma, 13 December 2021

Sometimes you get an email where you immediately have a strange feeling. You can't really place that gut feeling, it's written businesslike, sometimes in English. But hey, the company it seems to come from is American, right? So it's not that crazy. Here we cite an example that we received from one of our customers: A request for payment for the provision of Microsoft 365 Business. It seems real, but is it?

Examples of phishing mails

You check some links, without clicking on them of course! Only by hovering over it with your mouse. Red flag alert! At the bottom of your screen you always see a preview of the destination of the link that you hover over with your mouse. As you can see here, this doesn't start with Microsoft or microsoft.com, which is of course quite strange in itself.

If we look more closely at the email, we see some unusual things.
1. A period in the title
This is highly unusual and is actually never used by official bodies and larger companies.
2. Space before period
Where your grandfather probably used to follow the words with a space before typing an exclamation or question mark, we now know that this is not the intention. The official spelling dictates that we put the punctuation right after the word, with no space in between.
3. OverCapitalization
Somewhere in the digital age, someone thought that if you want to appear weighty, you should capitalize each word. Take, for example, the YouTube vloggers who use this spelling for the vlogs they want to be seen with, or the many juicy articles that appear when you visit a sensational website. Don't be tempted to believe it. This email is absolutely fake.

Example 2
But what if the sender of the email appears legitimate, as in the case of another customer. This customer received an e-mail from a recognized PostNL e-mail address. The email address was even marked on their own website as safe and therefore legit. However, this message was also incorrect. You already feel it in everything, but still that doubt. What if there really is a package waiting for you, you don't want to miss it?

Redirection via SPF records

Behind every website are SPF records. These ensure that an e-mail ends up in your spam box, when the code in the e-mail cannot be verified with the website of the 'sender`, and is therefore not legitimate. But sometimes these settings are not right. Or has a technical Harry figured out how to deceive him after all. Then it may happen that the phishing email ends up in your inbox. Which gives you even stronger doubts. After all, it wasn't stopped by your spam filter?

The smart guys can also make sure that the URL (which you see when you mouse-over) still contains the company name. They have then created a subdomain, or the company itself has been hacked.
We always say: When in doubt, don't click. Not on the link, and certainly not on a payment link. We`ve blogged about it before. Phishers and internet scammers are becoming more and more savvy but still have only one goal: to take your money from you. Don't fall for it.

What can you do when in doubt about the authenticity of an email?

The advice is always to go to the official website of the company. So in this case surf to Microsoft.com or PostNL yourself and log in with your own details. Check here in your own environment whether there is a notification, and whether action on your part is necessary. And can't you figure it out? Then you can always call us. We are Hoogma Webdesign in Beerta, and we are happy to help you.

You can also send us a sample of the suspicious email. But never just click on a link.

Would you like to read more blog posts? Go to the page Blog.