How to Recognize a Phishing Email; This One from Twitter… Again

I received an email from Twitter this morning letting me know that I’d recently changed the email address associated with my account and asking me to click a link to confirm. Only one problem. I didn’t recently change the email address associated with my account. Fortunately, I’m savvy enough to be suspicious about any email I receive, even when they look legit, but how many people get emails like this and automatically click the attached link, exposing themselves to all manner of viruses, providing their passwords to thieves, or setting themselves up for identity theft? The sad truth is it’s lots of people.

Here’s a screen shot showing the exact email I received and at first glance I’m sure the average computer user would assume it was actually from Twitter. After you take a look, I’ll point out a couple obvious and a couple not so obvious ways to tell that this email didn’t really come from Twitter.

Although the first clue seems obvious because it’s glaring in my screen shot, the problem is that many email clients don’t show the full header information and many people would not see this one. Take a look at who the email is from. I’m pretty sure no one from Twitter would be sending an email using JACLYNLANG@hotmail.com as their email address.

The next clue is the subject, “Confirm the password twitter”. Maybe “Confirm your Twitter password” would have made more sense and sounded like it came from Twitter instead of someone with poor English skills? And they do it again after the Hi Hugh part, “Confirm the password twitter, click this link:”

The last obvious clue is pretty funny, but they used a Hotmail account to send the email and Hotmail adds a tagline to the bottom of the email asking me to sign up. Does anyone actually believe that Twitter would send an email using Hotmail?

Finally, the best clue of all, and it’s not immediately obvious, and that’s the URL. It looks legit, doesn’t it? It shows that it indeed came from twitter.com, right? Wrong. Depending on what email client you use, finding out what email address this was actually sent from may or may not be a simple matter. For me, I simply need to mouse over the URL and my program pops up a window alerting me that the actual host is different from the listed host.

Fewer people would be affected by phishing emails if they just took the time to think before they clicked a link out of reflex, but as long as most computer users continue to do things out of habit or remain ignorant to the simple things they need to do to protect themselves, this is going to continue to be a problem.