I love getting scam emails - I don't love it because getting the messages is fun, it's actually pretty annoying (as I'm sure you all know). I use Qurb to block spam messages in my personal email account, I've found it to be very reliable - which is easy when you build a whitelist product. No false positives when everything is done against a whitelist.
Anyway, a while back I got this really interesting scam message indicating that it was from the IRS offering me access to a bigger refund if I filled out a form. A quick disection of the email showed that it had nothing to do with the IRS (I wasn't fooled for a second, I promise). Yesterday I got the following email:
I truly wonder how many people fall for these types of emails. If you're not technical, you probably think nothing of it and click away. Knowing that I'm the only person at McNelly SoftWorks (it's my home business) it was easy to know that I didn't send the email message. I give the spammer/scammer credit for trying to make a pretty believable email message. If you think about it though, anyone who thinks about it should be able to easily see through the facade, right? What company would identify their support organization by their internet domain? If the message was from McNelly SoftWorks rather than mcnellysoftworks.com it's possible that it's a real message - but any company that sent the message would know to use the company name. So, even though the spammer/scammer appeared smart at the start, it's clear that they didn't think about what they were doing.
I've started making a habit of looking for my first name in any suspect email message. If it's addressed to my email address, I know immediately it's a scam. My bank and other companies I do business with know to address me as John. Any ebay, amazon, facebook email has got to have my name in the salutation (not my email address) in order for me to read it.
Of course, if you look at the code begind the link, at first pass it does seem like a valid URL because it begins with mcnellsoftworks.com. Anyone who was looking but not paying attention would miss the .somescammercomain.com appended to the end of the URL. Most people look at the start of the URL to see if it's valid and as soon as they see what they're expecting, they stop reading and move on. You have to be especially dilligent when investigating these types of spam.