Gmail is generally solid at detecting spam and phishing scams, routing the offending message straight to the spam folder, where users can always take a quick look to make sure nothing important ended up there by accident — it does happen sometimes. However, occasionally email messages succeed in slipping past the filters and find their way to your inbox.
Google has built-in protection for your email in case a message slithers by its traps, and that is one method that customers can use to verify things, but there are other telltale clues that can be spotted as well.
The above image is of a PayPal fraud email that found its way past Google filters. First, I can assure you that the online payment service will send you no such message. Second, though this one is well written, containing good English (something lacking in many of these messages), there is a tattling beginning — “Dear valued customer” is a bad start.
Going beyond this, a user can click the down arrow to the right of the email address (which also appears legitimate) to reveal the address from which the message actually originated. This is important because the “from” field is easily spoofed using any email program.
Below this, in the email example above, you spot a PayPal logo, as well as a link which appears completely legitimate — after all, it claims it will whisk you away to a secure PayPal login. What could go wrong? Well, try to hover your mouse over the URL (be sure not to click it) and check the bottom bar in your browser. To the left (in Chrome) you will spy the real destination, which in this case leads to a drug web site.
Finally, Gmail provides one more fail-safe. To the right of the (fake) email address is a “via” link. Spotting this is a dead giveaway that something is amiss. Click it and you will be lead to a Google site (a real one) that explains the potential problems afoot.
“Gmail believes that by adding more information about the origin of a message, you can be better informed about who sent the message and can avoid confusion. For example, if someone fakes a message from a sender that you trust, like your bank, you can use this information to see that the message is not really from your trusted sender. The information that we use to display this information is included in themessage headers but these headers can be hard to understand. Gmail analyzes this information and displays it in a simple to read format”.
Google provides the tools for customers to understand these messages and be alerted when something is not quite right. However, it is up to the user to pay attention and take precautions.