A few days ago, someone sent us this example of a phishing email, which she correctly identified as a scam. It’s a good example of how scammers will try to disguise a fraudulent link using words you might recognize:
From: Stanford University© <email@example.com> [Would a Stanford email come from NYU?]
Date: July 21, 2014 at 9:00:33 AM PDT
Subject: Re-Notification Update!!!
Your two incoming mail has been placed on hold, click on the link http://secure-weblogin-stanford-edu.yolasite.com/ to reactivate it,
Copyright © 2001-2014,© Stanford University. All Rights Reserved..
© Stanford University. Stanford, California 94305. Copyright Complaints Trademark Notice
Now, the rest of the email already makes it pretty clear that it’s a scam. But if we just had the URL to consider, we can see what it’s using as a disguise. It has some of the words you should look for — “secure,” “weblogin,” “Stanford,” — BUT there’s more between the first set of slashes that’s a dead giveaway: the real domain is yolasite.com, which means it’s definitely not a real Stanford address. A real Stanford address may have a variety of words between the first set of slashes, but will always end the address with stanford.edu, so that the format looks like this: http://xxxxxxxxxx.stanford.edu/
And even if the link text seems to be formatted correctly, the true link, revealed by mousing over the text, will show you where it’s really leading you. Always check and make sure you know where you’re going, before clicking on a link; stay safe out there!