Trump officials and lawyers keep falling for a basic email prank — here's how to avoid getting scammed by a stranger
Getty Images
On Monday, Jared Kushner's lawyer Abbe Lowell fell for one of the oldest email tricks in the book.
Lowell exchanged sensitive emails with someone he thought was Kushner, but wasn't.
The exchange — which was masterminded by amateur Trump-Russia sleuth Jeff Jetton and executed by a prankster who tweets as @SINON_REBORN — involved emails the prankster said he received from a White House official that contained adult content.
But it didn't take much to fool Lowell — all it took was an email account that displayed Kushner's name.
The prankster wrote to Lowell from the address kushner.jared@mail.com.
Most people would look at that address and assume it isn't legitimate. But chances are, Lowell never even saw the address — most email services display a person's first and last name, not their actual address. And if Lowell emails with Kushner frequently, he wouldn't be surprised to see the name "Jared Kushner" pop up in his inbox.
But Lowell isn't the only one to fall victim to this prank: It recently happened to UK home secretary Amber Rudd, ousted communications director Anthony Scaramucci, homeland Security adviser Tom Bosser (who was fooled by a fake Kushner), and former governor of Utah Jon Hunstman Jr., who was targeted by a fake Eric Trump.
So how can you avoid this trap and make sure your emails are coming from the people you think they're coming from? Here are a few tips:
The first and most obvious step is to find out the person's email address. In most popular email clients, there's an easy way to do that, but it's super-simple in Gmail: Just hover your cursor over the sender's name, and a box will pop up that reveals their full email address. This works both in your inbox and once you've opened a message.
To find out more information, click on the small arrow under the display name. There, you'll see the full address along with the domain it originated from.
If you're not convinced the message is legitimate, it's worth comparing it against previous messages from the same sender. Look for changes to the display name or the email signature.
If anything looks fishy to you, don't respond — just mark as spam or delete the message entirely.
Finding out the sender can be slightly trickier on mobile: Open the message, click on the sender's name, and you'll be taken to their contact card. There, you'll be able to see the entire email address.
Note: I use an email app called Email by Edison Mail, so it won't look the same on every app. But the process should be approximately the same on all major smartphone email clients.
See the rest of the story at Business Insider
No comments: