It was Thursday, it wasn’t scam day, it was nearly three o’clock and I was trying to fix a display issue on the twofishe.com website when I saw this e-mail drop into the inbox on the mac sitting by my side.
It had a sense of urgency, implied by the big writing and the “renew your SSL Certificate” CTA button right in the middle, and it also looked very much like a normal IONOS communication.
But then I looked a little closer and it really wasn’t able to cut the mustard.
On the surface, the information seemed correct. There is a user by the name of fisheOne and the fisheOne email address is correct (fisheOne@twofishe.com).
However, the sending email address was no-reply@notifications.customersupport.com, which seems a bit generic. The real sending address for IONOS is no-reply@ionos.co.uk.
Then I hovered over the “Sign in” button at the top right, and if I needed more proof, the sign in button was a link to a tiny url, which I didn’t follow.
Then there was the inevitably bad English grammar: Renew your SSL certificate to continue encrypting connections to your web projects and informations – without a full stop.
Now it’s sometimes said that the use of poor grammar is not unintentional. Whilst bad grammar will nearly always raise the red flag for the intelligent, there are those amongst us for whom it will not. This means that the use of bad grammar in a phishing e-mail is often used as a mechanism for self-selection. If someone responds to an e-mail that contains bad grammar, they have already positioned themselves at the more gullible end of the scam spectrum.
I was intrigued by the tagline at the bottom:
Everything you need in the palm of your hand
I’m not sure it’s a valid IONOS sentiment – from some of the conversations I have had with them, it could be – but it does display a certain degree of creativity.
Finally, I looked at the office address in the footer, they no longer use 1&1 in correspondence, but I guess they might in the US, and the address on this e-mail is Chesterbrook, PA, rather than Cathedral Walk, Gloucester.
Clearly the scammers are not going anywhere anytime soon, but the signs of scammy e-mails are there. This e-mail gave itself away as an obvious scam e-mail as I read it, but I could have got caught out in my haste to resolve my problem.
Take time to look at the e-mails. Not everyone is your friend.
