Yesterday I checked my Gmail spam folder, and I saw this email:
The contents of the email are a general threat of a typical phishing email with the following:
It threatened to lock your various email accounts and asked for $950 sent to a BTC wallet. This is a pretty obvious scam in many ways, including that I have no actual email client setup, just a forwarding address. One interesting thing is that Gmail showed that it came from my email address.
(in this case, [email protected]). I wanted to see if it’s easy enough to tell how it was spoofed. One way of doing this is viewing the original message, an unprocessed backend version of the email, including the email server logs, when Gmail receives it.
Using that, you can check whether or not the email was spoofed, aka an email coming from an email address but making it look like it’s from your email. You can find out if it’s spoofed or not usually by checking this line in the original message; you can see mine here:
Showing that the original IP does not certify the email because it isn’t allowed. I’m pretty sure Gmail checks for that line and sees if it’s a legitimate email, then throws it into spam if it gives a soft fail. And if you grab the IP location, its somewhere in India:
In general, you never want to click on any links or follow any instructions given by an email that looks suspicious; make sure you check the message by googling it first; I found many forum posts saying they got the same copy-paste email as I got, just a different email.
And also, check that it’s not spoofed, as I mentioned before, or a lookalike email, for example:
From: [email protected]
faking the email with minor changes, it seems like it’s from [email protected].
One more thing I found interesting is that in the original message, the email said it was from [email protected] but right after said: “Using Preegsr tmraipj” not sure what that means, and I can’t find any client called that; I’m guessing its a name, but it’s clumsy for someone to leave that in the “from” section.
Informative posts I found while researching this:
Explanation of each line on an email message
How to check if an email is spoofed (in Gmail)