Recently D&H customers were the target of a fraudulent phishing email scam. In general, phishing emails are designed to appear that they are being sent from a legitimate website (in this case, D&H.com) and include text links that look on the surface to be associated with legitimate site, however code in the link will take the clicker to a third party website that resembles the real site but is being used to gather login or personal information for nefarious purposes.
Here are some screenshots to help you protect yourself from this phishing scam. Screenshot #1 is an example of the fraudulent email. Screenshot #2 is the fraudulent site. Screenshot #3 is the genuine D&H site.
• Note: The fraudulent page does NOT have the green lock up in the browser URL (yellow box at top of image 2).
• Note: The fraudulent page does NOT say https up in the browser URL (yellow box at top of image 2).
• Note: The fraudulent page does not contain the D&H red cube as its icon (favicon) on the tab in a browser.
Apple shared these “dead give aways” that an email is a scam:
- The sender’s email address doesn’t match the name of the company that it claims to be from, you may need to right click on the email address to see what the actual email address is, the text or name can be faked but the email address URL can only be hidden, not faked. For example, in your inbox, the name in the “from” field might say ‘Apple Customer Support’ but if you open the email you will see he from field now says Apple Customer Support<firstname.lastname@example.org> or something equally odd and clearly not from apple.com.
- The message was sent to an email address or phone number that’s different from the one that you gave that company.
- Link text (the text in blue in a phishing email that will say something that might makes sense, such as “click here to reset your account password”) appears to be legitimate but the code behind the blue text takes you to a website whose URL doesn’t match the company’s website URL (you can always right click on the hyperlink and paste it into a word document or text document and it will show you the real URL).
- The message starts with a generic greeting, like “Dear valued customer” — most legitimate companies will include your name in their messages to you.
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.
- There are a lot of spelling or grammatical errors – most big companies proof read.
If you can’t decide if it is a phishing email or if it seems to be fake:
- Don’t click on the link on your PC, it could take you to a website with a virus.
- If you really need to click on the link (curiosity killed the cat) then the ‘safest’ way to do it is on an iphone or android – cell phones are much more immune to viruses than a PC.
- Don’t ever enter personal info, a credit card, or reset a password directly from an email. Instead, go to Apple.com or the company’s website directly from your browser (don’t click on a link!) and send an email to support.
- Don’t call the phone number in the email – call the phone number on the legitimate website and ask for assistance.