Just got an email that I’m a bit suspicious about, Dave. The subject is “$500 Venmo balance needs confirmation.” Normally I would ignore these, but Gmail is saying this one’s from a trusted sender. So is it legit?
I’ll make this short and sweet: No, the email with the subject “Venmo balance needs confirmation” is not legit, it’s a phishing scam.
But let’s dig into it a bit more, because it’s good to be able to cast a skeptical eye on these sorts of messages and learn about some of the great online tools that can help you stay safe online. To start, any email can be spoofed to appear like it was sent by anyone from any domain. For example, I could send you an email from “email@example.com” without much hassle. There are forensic clues that it’s spoofed, but if you’re not paying attention, you could fall for it.
Same with the notification from Google that “This message was sent from a trusted sender”. Google’s pretty savvy so that’s not an easy one to fake out, but what if the email itself contains that line, mocked up to look like it’s part of Gmail? With over a billion active Gmail accounts, it’s a safe bet that most of their intended victims are on that platform too.
Let’s start by looking closely at the email itself. Since it’s a popular spam message, it’s no surprise that I too have a copy in my own inbox.
“VENMO BALANCE NEEDS CONFIRMATION” SPAM EMAIL
Mine looks like this:
One thing they’ve gotten right is to offer a small amount of money. We’re more likely to follow a trail offering a small and rational amount of winnings than millions or tens of millions. $500? Maybe, just maybe, it’s legit!
Look closely and you can see the green bar along the top saying “This message was sent from a trusted sender.” Digging into the email message reveals that it’s actually part of the message, not a confirmation from Google. For fun, here’s that same code embedded into this page:
-This message was sent from a trusted sender.
Seems legit, right? Nope.
What’s better to search for on these email messages are typos. Since most spam comes from overseas, it’s common for there to be odd spelling errors or grammatical hiccups. Here there are at least three. Can you spot ’em?
IDENTIFYING THE TARGET URL DESTINATION LINK
Most modern email programs will give you a preview of the URL you’d visit if you click on a link, and hovering the cursor over that big blue “Confirm” button offers just that in Gmail:
It’s a bit small, but the URL starts with https://bit.ly/3Bs1Dg7…
This is your second red flag: Any real email from a legit company like Venmo isn’t going to be hiding the destination URL with the bit.ly URL shortener. I know, this isn’t purporting to be “from” Venmo, but keep reading…
Can you expand it without actually clicking on the link? Yes, you can!
I’ve written about how to expand shortened URLs before, but we’ll just do it again here. Copy the URL without clicking on it with a right-click on the button:
Now we’re ready to find out more about that destination…
HOW TO EXPAND A SHORTENED URL WITHOUT CLICKING ON IT
There are a number of different services, and any bit.ly URL can be expanded automatically by appending “+” to it. I like the site ExpandURL. It prompts for a shortened URL:
Don’t worry about the explanatory text here, just notice that there’s an input box and an “EXPAND URL” button. Paste in that URL you copied off the button and click.
A ha! So this shortened URL expands to “newslettersoff.me”.
Okay, so what’s that domain all about? You can find that out too…
HOW TO IDENTIFY REPUTATION OF AN INTERNET DOMAIN
One easy tool is to just use your favorite search engine. I’ll do that with Bing, searching for “whois newslettersoff.me”:
A report on Norton Safe Web is ominous. You can jump to the Norton Safe Web site directly, if you want to sidestep this search step, by going to safeweb.norton.com. Here’s what it reports:
“This is a known dangerous web page. It is highly recommended that you do NOT visit this page.”
I’m pretty sure that’s enough to convince you that this isn’t anything legitimate or trustworthy. You’re not getting $500 via Venmo or any other channel. Sorry.
WHAT IF YOU CLICKED?
Turns out that most of the modern Web browsers would protect you if you did get suckered and click…
And if you had a browser that didn’t offer up any protection (probably time to switch, if so), here’s where you’d ultimately end up:
So what’s going on here? Well, surprisingly, it’s not asking you to “log in to your Venmo account to confirm your winnings”, as I expected, but it’s still scammy; you share your email address, they then sell it to list harvesters and you get MORE spam and scams. After all, this one worked, why wouldn’t others work on you too? Ugh.
The long and short of it is that vigilance and skepticism are your best defense in an age where spammers can be using AI-based software and build intricate paths to protect their identity. You haven’t won a trip, that anonymous beautiful woman doesn’t want to spend the night, and you’re not going to get millions from a disaffected member of the military or foreign widow!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!