Phishing emails are created to look like emails from financial institutions, government agencies, or ecommerce sites. Scammers design these emails with logos, buttons, and text to trick you into clicking dangerous links. I took one of these emails out of my spam folder and inspected the HTML code behind it. Here are my findings:
Misleading Sender Name
To try circumventing an email provider’s security, this scammer used a sender name “Paypai”, using a capital “i” instead of a lowercase “L”. I suspect this is because Google increases their scrutiny for emails that have “Paypal” in them. In our inbox, it will look like we’re getting an email from Paypal.
This is another circumvention tactic. Since Google screens for terms like “account activity”, the scammer adds invisible characters to break up these words. When I open the message in Outlook, you can see which terms they’re trying to mask.
By opening the HTML behind the email, you can see where the link will take you. In this case, it does not go to a Paypal page like it says. It goes
It links to a site that will give you a trojan virus. Our antivirus software blocked it, which you can see in this screen snip.
Hopefully, this gives you an understanding of how emails aren’t always as they appear. While Google was able to flag this email for spam, it may not be successful every time. It’s important to be skeptical of all communications you have regarding private information.
If you need assistance installing antivirus software or training your team to spot dangerous phishing emails, contact us at [email protected]nistech.com.