When this email showed up in my Inbox, at first I thought my friend's email account had been hacked. But that didn't seem right - he's careful.This spammer used some tricks to make the email more convincing.
Look at these ways the email appears more credible:
- The From entry includes my friend's professional designations, AIC/CIC
- The To: entry contains the names of a few other professionals I know. If the sender knows their addresses, he must be legitimate, right? Wrong!
- The link to a completely bogus webpage uses my friend's name and designations.
- The signature block contains my friend's name and designations.
The multiple names in the To field had me thinking my friend's email account had been compromised. Actually, the spammer did steal the names and emails from an old discussion group we used to belong to.
So don't be too quick to click on a link in an email when it appears to come from a friend. It is a dead giveaway when an email doesn't show your name in the To: field and isn't signed at the bottom by someone you know. Spammers have caught on to that and are working around those quick-glance tests.
The key flaws to look for in emails like this one are: a) The actual email address in the From field – it's not my friend's!, and b) the oddball address of the webpage they want you to click. This spam is designed to take money for a bogus brain enhancement product.