How to smoke out a phishing email

In the last issue of 2021, to lessen the chance of becoming a "phishing" or "smishing" victim (email or text respectively), I suggested a New Year's resolution: to continue building good habits by ignoring unsolicited emails and text messages. I also wrote about a way to help you smoke out a phishing email after opening an unsolicited message. As always you can read that article and more at wbvobserver.com.

We're only one month into 2022 and I've already been asked several times for my opinion on whether a particular email is legit or not. To empower more people, I'm going to share an additional method I use, in conjunction with the first method, to try to smoke out a phishing attempt.

Windows and MacOS both have a feature where if you "hover" – don't "click" but just hover – your mouse pointer over an icon or a button, it will show you what clicking the icon will do or which website will be loaded upon clicking the button or link in the email. Just like computers, smartphones/tablets also give out clues. For smartphones/tablets, "press & hold" – don't tap – your finger on the icon or button for the clue to appear.

Using a real example from today, the email in question was a purported message from AOL that was warning the recipient that he was using an old AOL email service and needed to convert to the newer AOL email service to keep his current AOL email address. The call-to-action was a big green button in the message body – click to start this conversion process.

Paul (not his real name) was very concerned about losing his current AOL email address if he didn't take action but as a practitioner of building good habits while traveling the digital world, he was conflicted even though the message came from a legit email address ending in @aol.com.

Just like Paul, I was able to verify the sender's email address. However, I noted that it was a "personal" AOL email address (johnsmith@aol.com) instead of a typical departmental email address like support@aol.com.

With the above anomaly in mind, I proceeded to hover my mouse pointer to see the clue of where the big green button would take me to. I was expecting that clicking on the button would reveal a website address ending in aol.com. I guessed wrong as it was pointing to a website not even owned by AOL! With that clue, I smoked out a phishing attempt and told Paul to just delete the message.

Also it was sent from a personal email address and not a AOL departmental email address because Paul's friend's email account was compromised. I told Paul to not reply to the phishing email but instead use another communication medium like text or telephone to alert his friend to change the password ASAP so the nefarious cannot continue to send phishing emails from his friend's email account.