Partial text of one I got purporting to be from Spectrum, my ISP:

quote:

Your Spectrum.net account is now pending for verification

Your Spectrum Account is now under verification review. Please sign-in again so that we can verify your device!

A green check mark indicates your equipment is communicating with our network and should be working as expected .

Your Spectrum account does not pass the latest security check. Therefore, your account must be updated. To avoid deletion, please use the link below:

It is even from spectrum at customeremailnotifications dot com. If not for the language being slightly "off," the inappropriate capitalization and punctuation (the exclamation point is superfluous) and that I have to be signed into the account to read the e-mail in the first place, it looks quite realistic. I can see someone less "savvy" than myself clicking on that link.

I really hope Trump lets our cyberwarfare people go after them. It'll be good training and it'll benefit all Americans.

Back to reality. A few things to check when receiving e-mail:

Who is the e-mail from? Joe@microsoft.support.com (fake) vs Joe@support.microsoft.com (potentially correct)

Where does the link take you? There will always be a link in Phishing. Same thing with domain name microsoft.support.com (fake) vs support.microsoft.com (potentially correct)

Is it too good to be true? For example, most successful mock phisihing attack at work from Corporate IT was for a large Apple discount.

Is there a claim of urgency or emergency?

As the OP mentioned, spelling or grammar is off

A few tips:

Turn off any mouse settings for autoclicking. This prevents you from hovering over a link to see domain, and automatically clicks the potentially dangerous link

Never click a link in e-mail whether in inbox or spam folder. Instead, use your browser and either type legitimate URL or use your bookmarks.

Don't read e-mail when you're in a rush or stupid tired. More likely to miss the clues and unleash a shitstorm on yourself.

---

Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.

I was told by our IT guys recently that email addresses can look accurate in spelling and format (like tatortodd's example of support.microsoft.com), but have one letter in a nearly imperceptible different font.

That's all it takes apparently.

Call the beekeeper.

My wife got a text today supposedly from PayPal asking her to verify a charge . It told her to report a fraudulent charge by calling " Customer Service " and it gave a phone number . PayPal does everything in their power to avoid dealing with people over the phone so I was suspect right from the start . The account we have that is strictly for PP showed no activity so that clinched it .

quote:

Originally posted by selogic:
My wife got a text today supposedly from PayPal asking her to verify a charge . It told her to report a fraudulent charge by calling " Customer Service " and it gave a phone number . PayPal does everything in their power to avoid dealing with people over the phone so I was suspect right from the start . The account we have that is strictly for PP showed no activity so that clinched it .

I received a similar email. It appeared sufficiently legit that I checked my Paypal account to ensure there wasn't a charge. The scammers are getting more deceptive.

quote:

Originally posted by Gustofer:
I was told by our IT guys recently that email addresses can look accurate in spelling and format (like tatortodd's example of support.microsoft.com), but have one letter in a nearly imperceptible different font.

That's all it takes apparently.

Call the beekeeper.

I fell for just regular font w/ just a slight misspelling*.
Our brain corrects it for us so its important to take our time and be sure.
I don't use links in emails in which I have an account and password. I open my password program and use that link.

*It was an old Blizzard game account so no big deal.

Here's one from "Social Security" from a week ago.

quote:

We have made significant improvements to your Social Security Statement to enhance its clarity.
We encourage you to review it annually for the following purposes:
Verify the accuracy of your earnings record.
Explore your estimated retirement benefits, available between the ages of 62 and 87.
Access additional information through tailored fact sheets that align with your age and earnings history.
<click link>

The sender's e-mail is from zoomcities dot com, a red flag, but not everyone getting one of these will notice.

"Phishing" e-mails getting more sophisticated

quote:

To avoid deletion, please use the link below:

There is nothing sophisticated about that. That is obvious phishing. I take it that it was unsolicited email in the first place? And that shit asking you to click on the link to update this and verify that is the nail on the coffin. Doesn't matter that the email address looks right, because it's meaningless.

The simple way to handle any of these is to delete, then ‘if desired’ to check further, log in through a trusted pathway.

Most of us have a bank app or bookmark we log in with at times. Go that trusted route, check the item in question.

The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

If in doubt, hang up or delete.

quote:

Originally posted by sourdough44:
...The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

None that are legit would ever call and ask for personal info.

quote:

If in doubt, hang up...

Better yet, never even answer these assholes.

quote:

Originally posted by sourdough44:
The simple way to handle any of these is to delete, then ‘if desired’ to check further, log in through a trusted pathway.

Most of us have a bank app or bookmark we log in with at times. Go that trusted route, check the item in question.

The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

If in doubt, hang up or delete.

This, if no, when I get those emails if I want to check the source then it's off to the app or going directly to their web page, not using the email link to validate if there is a problem. Or pull out the cc and call the toll free number on the card.

Basic rule is that you'll never get any unrequested valid email from any financial company asking you to login to fix something, ever... and your best bet is to login to their web page and setup two factor security where your phone gets a text to confirm any change requests with an access code.

Oh I hate those emails! I too just got an email, supposedly an order I placed for > $600 and they even had a screenshot of my supposed invoice with my name, on the PayPal account, for some camera. I did notice PayPal had a space between the pay and pal, so I wondered about that space. And it gave me a ship to address, not mine. I of course checked my account directly and no activity there for any camera. I never click on those emails, or call a number listed in the email.
I always check my balances and accounts after getting emails like that just in case.

Never click a link in an email. Login to the site using a known good URL, like from your bookmarks. Always use a trusted source to verify.