On Monday, Jared Kushner’s lawyer Abbe Lowell fell for one of the oldest email tricks in the book.
Lowell exchanged sensitive emails with someone he thought was Kushner, but wasn’t.
The exchange – which was masterminded by amateur Trump-Russia sleuth Jeff Jetton and executed by a prankster who tweets as @SINON_REBORN – involved emails the prankster said he received from a White House official that contained adult content.
But it didn’t take much to fool Lowell – all it took was an email account that displayed Kushner’s name.
The prankster wrote to Lowell from the address [email protected].
Most people would look at that address and assume it isn't legitimate. But chances are, Lowell never even saw the address - most email services display a person's first and last name, not their actual address. And if Lowell emails with Kushner frequently, he wouldn't be surprised to see the name "Jared Kushner" pop up in his inbox.
But Lowell isn't the only one to fall victim to this prank: It recently happened to UK home secretary Amber Rudd, ousted communications director Anthony Scaramucci, homeland Security adviser Tom Bosser (who was fooled by a fake Kushner), and former governor of Utah Jon Hunstman Jr., who was targeted by a fake Eric Trump.
So how can you avoid this trap and make sure your emails are coming from the people you think they're coming from? Here are a few tips:
The first and most obvious step is to find out the person's email address. In most popular email clients, there's an easy way to do that, but it's super-simple in Gmail: Just hover your cursor over the sender's name, and a box will pop up that reveals their full email address. This works both in your inbox and once you've opened a message.
To find out more information, click on the small arrow under the display name. There, you'll see the full address along with the domain it originated from.
If you're not convinced the message is legitimate, it's worth comparing it against previous messages from the same sender. Look for changes to the display name or the email signature.
If anything looks fishy to you, don't respond - just mark as spam or delete the message entirely.
Finding out the sender can be slightly trickier on mobile: Open the message, click on the sender's name, and you'll be taken to their contact card. There, you'll be able to see the entire email address.
Note: I use an email app called Email by Edison Mail, so it won't look the same on every app. But the process should be approximately the same on all major smartphone email clients.
It's also worth taking a closer look at the email address. Sometimes scammers can subtly change one or two characters in an address that will trick the eye into thinking it looks correct. Swapping an "m" with an "rn," for instance, is hard to notice at a quick glance.
Source: FRSecure
As an extra level of precaution, add important people to your contacts. It's not foolproof — in Gmail at least, people you email with often get automatically added — but it's another quick way to tell if it's someone you know. If the sender is already in your contacts, you'll be able to view their contact info by hovering over their name.
There are plenty more ways to keep your email secure, but this is a good start. For more on preventing scams and hacking, read these seven tips to keep yourself from getting hacked.