How to spot a fake email

Back in 2016 I deconstructed a phishing email. Today I received one that on the surface looks genuine but on closer inspection it is clearly fake.

I thought I would outline what caused me to be suspicious.

My Apple email client on my Mac failed to highlight this email as being junk. Overall it was very realistic.

Firstly I had simply no recollection of either being offered a free trial of YouTube Red or clicking on a link in the iTunes store.

As is often the case with fake emails, such as this, it contains a time sensitive deadline. These deadlines an attempt to get the recipient to act quickly and without thinking.  The high price of the purchase could also make you act without care.

The link to “cancel” the subscription looks wrong. There would be no need to have the “ID490zfx” at the end of the link.

When the mouse was hovering over the cancellation link the destination URL was shown in a little box next to the mouse pointer. This link looked very strange and had nothing to do with Apple.

The copyright symbol is missing and replaced with a missing character symbol. This is a sign of a non-UK character set being used. I have seen issues like this in genuine emails, so this may not always be a reliable indicator. But when taken along with all the other indicators it reduces the level of confidence that the email is genuine.

The date of purchase is also rather strange. Why would I get a purchase confirmation for something that I supposedly bought one month ago?

Finally, I simply opened iTunes and looked at my purchase history. I had not made any purchases around that time in the iTunes store.

A second later I deleted the email and no harm was done.

Hopefully this proves useful.

Have you seen similar emails? How did you spot them?

Cyber security resource hub:

Fake email, not from Apple