Dave, I got an email from Cricket Wireless saying that they were sending me an iPhone. I don’t want an iPhone, though! What’s going on?
First off, odds are very good that your email didn’t actually come from Cricket Wireless, AT&T Wireless, Sprint, T-Mobile or any other legit company but that instead it’s spam or, worse, a phishing attempt to get your personal information. Even the most confused of companies isn’t about to send someone an $800 device without having an order and clear paperwork trail to ensure that you pay for it.
But there’s a bigger lesson here about being skeptical of what you get in email. There are nefarious folk online, often from foreign lands but even based in your home town, who seek to trick you into various things, whether it’s sharing your account credentials or actually sending them money for something you never received (or will receive).
Curious, I searched my own mail folder and found an email similar to the one you undoubtedly received, “from” Cricket Wireless and about an iPhone I’d asked them to send. Here’s the message:
There’s a lot that they’ve done right here, including a FROM address that certainly seems legit. What I haven’t seen before, however, was a quoted email ostensibly from me asking about the phone: look closely at the last two lines, above. A good strategy to sow confusion and doubt. Did I send that message? Did I want an iPhone?
But then there’s the link. It looks like it’s going to UPS so I can track the package, except it’s bogus, as is revealed by hovering the cursor over the link in Apple Mail:
If you don’t know, the “.VN” domain is for Vietnam, and rather than go to UPS.COM a click will take you to a Vietnamese shipping site, gship.vn. But that’s just a site that the spammers hacked into, though in this case unsuccessfully as the link actually fails to serve up any page at all.
Going to the home page of gship.vn shows that it’s a legit business:
That sentence translates to “PURCHASE AND TRANSPORTATION SERVICES PRODUCTS FROM US, UK ON VIETNAM 24/7”, if you’re curious. But that’s irrelevant. The point is that the email itself is bogus and rather than taking you to the UPS site, it goes somewhere completely different because it was a Web site that they managed to hack, at least temporarily.
This time if you clicked on it, you’re safe. Next time? Who knows. So the rule of thumb remains: be skeptical. Don’t trust or believe any email you get, whether it looks legit or not. And if a company’s promising to send you something you didn’t order? It’s a fake.
Be careful out there!