Email Error message?

 Recently I received an email from a friend with this text:
Unable to display full e-mail.
You will see it when clicking on here (Link removed!)

Gmail error messageID: ca16180 (Tue Aug 23 6:02:36 2016)

That looked very suspicious to me. Notice the stilted grammar. Google (gmail’s provider) can afford to hire people that write better English.

The scariest part was where the link went: A page that looked exactly like Gmail’s login page, with my email address already filled in, and a message saying, “Session expired, please log in again.” Looking at the address bar on my browser (The topmost bar on all web browsers where you’re supposed to type web addresses), the address was not anything like a Gmail address!

Gmail’s web address is Nothing else. But for those who do not pay attention (most of us, at times, especially in the middle of the night!), that would be easy to overlook. If I had entered my password on that page, my email account would have been instantly compromised.

My friend had somehow had his email credentials compromised, and someone (who sent emails at 3:00 AM) was sending these to everyone in his address book. The sad thing is that some of the folks who received it fell for it, and had some of their bank accounts compromised, resulting in a big, expensive mess.

There are a few takeaways from this ugly experience:

  1. Don’t click links in emails unless you absolutely trust the sender! Even then (I trusted my friend who sent this, but I also know how easily email can be spoofed), hover your mouse over the link, and the actual place that link will take you will show up at the very bottom left of your browser window (Try it on the links below to see what I mean). Links in my newsletters, for instance, will go to an address that starts with “thegizmologist,” or they will be links to legit news articles.
  2. When you do the above, very long links with a lot of letters and numbers may be suspect. Sometimes they’re just for tracking purposes (like the links in my newsletters), but they can also lead to dodgy sites. The most important part of the link is the first part. For instance, my last week’s newsletter had this link:  That’s long with a lot of letters and numbers, but the first part is clearly “thegizmologist.” The rest is just for tracking, so I’ll know if they’re getting read.
  3. Your email password is more important than you think! Ponder, for a moment, what happens when you forget your password to a site: When you click “forgot password” (usually), you are directed to enter your email address, and your password reset will be emailed to you! This means that if someone has access to your email, they also have access to many of your other passwords. If it’s someone you know, Like an ex-spouse or angry boyfriend, they probably also know the answers to your security questions!
  4. If you know the web address you want to visit, type it in the address bar, not the search box. Search results can be easily manipulated.
  5. Any unusual or out-of-character message from a friend should be instantly suspect. Call the friend to see if they actually sent it.
  6. Your reaction to any unusual message that purports to come from a site you frequent should be to close your email and visit the site by typing the address, or use your bookmarks (favorites in Internet Explorer and Edge)
  7. Get to know, intimately, the look of your log-in pages. Gmail, for instance, has never given me a message about “session expired.” Look with deep suspicion at anything out of the ordinary. Look at the address bar to be sure you’re actually at the site you think you’re at.
  8. Install the Web of Trust in all browsers you use. It’s not foolproof, but it is helpful.

Visit my store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!