Tech Support Guy banner
Status
Not open for further replies.

A perfect scam...?

955 views 6 replies 4 participants last post by  Tabvla 
#1 ·
I received an email from "Microsoft" about an Outlook.com email of mine. The contents of the email raised my suspicions as the wording was not typical Microsoft and what "they" were reporting could not have happened. I spent some time looking at key points in the email and could not find fault. Sender address seemed correct; no spelling mistakes; no grammatical errors.... nothing that would indicate a scam except for the tone of the wording and the actual content.

An almost perfect scam....?

T.
 
#2 ·
I've read recently that some of them are using AI to improve the grammar and spelling that was a dead giveaway in the past. Scary ...
 
#6 ·
As Couriant states, if in doubt just delete it - its better to be safe that sorry.

But for future reference if you wanted to have a bit more insight into if and email is genuine or not, have a look at the message headers (accessable in different ways depending on your email client).

Specifically this section:
Code:
Authentication-Results:
spf=pass (sender IP is 52.236.28.243)
smtp.mailfrom=microsoft.com;
dkim=pass (signature was verified)
header.d=microsoft.com;
dmarc=pass
action=none
header.from=microsoft.com;
compauth=pass
reason=100
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates
52.236.28.243 as permitted sender)
This can help you identifiy if the email is genuine or not. The three most important ones to check are:

if "spf" passes, it means the originating domain has a DNS entry stating the originating IP address is allowed to send email on their behalf.
if "dkim" passes, it means the email was signed using a certificate linked to that domain.
if "dmarc" passes, the originiating email is most likely trustworthy, it basically combines spf and dkim and tells recieving smtp servers what they should do with any untrustworthy emails purportadly originating from them as well as collecting reports from recieving smtp servers of attempts to spoof the domain.

all three of these secure against the domain in the header (header.d/header.from) so make sure that is typed correctly and is from the domain you are expecting.
 
  • Like
Reactions: xrobwx71
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top