How To Tell If An Email Is Bogus

Last week as I was having my morning tea before going to work, I received an email on my smartphone from the “E-ZPass Customer Service Center” informing me that I have not paid an outstanding invoice. The email went on to say that I apparently drove on a toll road and did not pay the toll and they have sent this invoice repeatedly without a response.

I thought that was quite strange since, like everyone else who uses E-ZPass, the tag is fastened to the inside of my windshield so it automatically charges the toll as I pass through the toll booths. I also know that my E-ZPass is current and up-to-date. So, why was I getting this email? I decided to investigate.

In just a few short minutes, I was able to determine that this was a bogus email and in fact a Phishing attack trying to lure me into clicking on a virus-infected link. Here’s what I did to debunk this email:

I pulled the email up to my screen and noticed a number of warning signs. For the purposes of this post, I annotated it to show you what I looked for.

E-Z Pass Annotated Body

  • Most phishing attacks will use an attention-getting, emotional subject line designed to get you to immediately open the email and take action.
  • I then looked at the sender’s email address. As you can see, the email address it came from had nothing to do with E-ZPass. I live in New York, so I would reasonably expect that any communication from this state supported program would either come from a domain containing the words E-ZPass or from a New York State Government source. Now, I need to point out that sender email addresses can also be spoofed so this is not a fail-safe method of identifying bogus emails. In this case, the sender didn’t bother or didn’t have the skill to use a spoofed email address.
  • I then read the body of the email which contained a veiled threat. It also struck me that an official email from an organization and especially from a State Government sponsored program would use that kind of language. It just seems out of line. Besides, if you’re not answering your emails, a legitimate company and certainly a Government agency would send you an old fashioned letter via snail mail. In fact, the Government would almost certainly contact you through the mail first and not even bother with emails since they change often.
  • Look at the meat of the email — the link. Notice how the email gives the reader a chance to immediately view the document in question through a link. Sometimes, cyber-criminals will include an attachment (i.e. PDF, MS Word, Excel, etc.). Attached documents can also be infected. Never click on a link or open any document in a suspicious email. Now, we’ll look at the link.
  • I hovered my mouse pointer over the link and here is what I saw:

EZ Pass Showing Link Address

  • Many email programs, Outlook in particular, allow you to view the actual address if you hover your mouse over the link. Be careful not to click on the link! Look at the address and notice that instead of going to the E-ZPass website, the source is “iranfoodst.ir.” This is the part of the website that cannot be spoofed (at least not yet). Also notice that the Country Code Top-level Domain (ccTLD) is for the country of Iran. Now, why would someone from E-ZPass send you an email from Iran? This is proof-positive that the email is bogus and a phishing attack.
  • I then checked out the official E-ZPass site and compared the logos. Please note that this is not a fail-safe method since cyber-criminals can easily get logos from legitimate sites and use them in emails. But, I was curious. In this case, the logos were close but not close enough. As a matter of fact, comparing the logos was an immediate sign that something wasn’t right.

Even though it was easy to determine that this email was a phishing attack, it fooled a lot of people. It even made the evening news! Unfortunately, millions of bogus emails like this go out on a daily basis and infect multitudes of people because this type of attack plays on a basic human emotion. Most people want to do the right thing and take care of problems (especially with the Government!) right away. Criminals know this and use our emotions against us.

Remember, you can always call the company or Government agency on the phone to make sure everything is alright. I bet they would like to know if someone is impersonating them and perpetrating criminal acts.

In the case of E-ZPass, if they needed to contact you, they would probably put a message on your account, so you’d see it the next time you logged into the site, and follow it up with an official letter.

The point I’m trying to make is please don’t just click on links in email messages without being absolutely sure of the source. In this case, clicking on the link took down those systems requiring extensive work to get them back up and running.

I hope this post gets you in the habit of looking at your emails with a critical eye. Remember, people are the first line of defense in the war on cyber-crime. Always be vigilant.

XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and see how we can help your company.