[mckenna float=’right’]Have you received the Barclaycard email? There are several things of note in this email. Here’s a version of one I received.
We are in the process of increasing your credit limit but would like you to confirm you agree with this decision. Please download the document attached and confirm this increase. Please note, this increase will reflect in your account in 24 hours excluding weekends and bank holidays.
Why this one is a problem
This email doesn’t have a logo, which should raise a red flag, but it’s also missing the common typos and grammatical errors. What’s really significant, however, has to do with one of my tips from two weeks ago. In that tip, I recommended checking the return address. In this case, the return address shows as email@example.com. Because the address is being spoofed, the normal test of checking the email address doesn’t work. The real sender, in this case, appears to be from France.
Spoofed email addresses
A spoofed email address is simply an address that has been faked. With the right computer program—something that’s not difficult to build or buy—it’s easy to tell email systems to fake the sender’s address. If, on some wet, cold winter afternoon, you’re feeling very technologically inquisitive and really intent on learning more about the sender of an email, look at the source code. There, you’ll see the return path and the real sender. You could, quite literally, blow off hours just exploring email source code for all that junk in your spam folder.
What to do
The answer is simple. Do not trust emails asking you to provide more information or to open a file. As the Barclaycard website points out here, “We will never contact you by e-mail or via a website, asking you to supply us with any security details relating to you, your credit card details, PIN numbers, or online account servicing.” Most companies have adopted the same policy, which makes dumping these emails straightaway (as the Brits would say) an easy choice.