Anatomy of a spam scam

We often get calls from clients in a panic asking about strange emails they’ve received and whether or not they are legit. We can usually answer just from a description of the email if it’s a fake scam or something real. Our years of computing in the trenches helps us identify a good number of the scams out there, but some can come close to fooling us too. Despite our best efforts, some people still get hit when they receive official looking emails and in a panic, open themselves up to more risk.

So how can one identify scams and questionable emails? I wish I could say there was a tried and true email filter that could catch them all, but that just isn’t out there. While there isn’t also a universal set of rules to follow when looking at emails, there are some guidelines you can keep in mind that will help you avoid the scams. As an example, we have taken a very tricky spam email that was recently sent to several of our techs at

A common fake Apple invoice scam

A common fake Apple invoice scam

This “invoice” came in recently and is specifically designed to elicit a panic response that will make users click the link at the bottom to stop what appears to be very odd charges to their account. If you look closely, however, there are a number of lines that are should put up red flags for how fake it is.

1> It would be very odd for an admin account to email you with just an invoice. The other flag here is the Display name beside the email address – 2015 iTunes Store. Having the year in the name seems more designed to try to bypass spam filters than an official email address.

2> I’ve included my email that was in this and not blurred it out because it is commonly and publicly available. The trick to this one is that I know I’ve never used that email to register for iTunes account. Be aware of what you have and haven’t used an email address for. If it doesn’t make sense that you’d receive an invoice or a delivery notice (ie. Canada Post package notices) at that email address, be careful.

3> $87 dollar to rent Hot Tub Time Machine 2? That’s not exactly an Oscar calibre sequel and the rates are WAY out of line for what iTunes charges. The charges here are meant to cause a person to have a panic reaction, thinking they’ve been charged something that makes no sense and send you looking for a means to revoke those charges. This is where the kicker of the scam comes next.

4> Here is the real giveaway. See the close up of the end of the email below.

spam closeup

This invoice oddly states immediately, “Issues with this transaction?”. That is a call to action, as it is referred to in marketing speak. It should immediately make you look at the next line which has a convenient link to click to get help. It looks like an link, so why not go ahead and click it? Don’t even think about it, because it ISN’T an Apple link. Links to website require code that activates them when clicked on, and the location it goes to doesn’t have to be same as what is shown to you. It could just have easily said, “Click HERE for help” with the HERE being the link.

The dead give away is if you just hover your mouse over the link without clicking on it, you should get small overlay that shows you the real link. You can see this highlighted with the red arrow below the link. The link actually sends you to a server for a company called hedlundarchitects. Now I don’t know who they are or what they do, but that isn’t Apple. Now this isn’t universal, as some companies use obscure shortened links to redirect people legitimately, but if the link shows a name that has nothing to do with the company you think sent the invoice, chances are its fake.

In this particular case, I suspect this Hedlund Architects company isn’t even aware they’ve been hijacked for a spam campaign (if they exist). This is one of the reasons we have stopped recommending local hosting of email servers in small businesses. The risks are just too high anymore.

So what do you do if you aren’t sure? First, go to the real website of whatever company you think it is from. Be it Apple, or your Bank, or Canada Post, they all have links for support dealing with possible abuse. Either call or email them at their appropriate abuse links and check with them about the email. It will take a bit of time, but will give you piece of mind and also help the company itself fight against another scam in their name.

Spam scams are getting more sophisticated as time goes by. There are some that won’t set off these obvious alarms when you see them, but there are almost always something to give it away (spelling mistakes, for example). If you aren’t expecting a delivery or an invoice, question it before you click any links in the email itself.

As ever, if you have questions or get an email you aren’t sure of, feel free to contact us.

This entry was posted in Opinion, Reboot Articles and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s