This morning, a client forwarded an email to me, thinking it might be a fraudulent message (as, indeed, it was):

Attention: PROAXIS.COM Email User

PROAXIS.COM is upgrading database Servers from the
old Servers (Nol06769) to the new Servers (No521766).
You are to fill the details below to enable us upgrade and
verify from the old server.

FILL THE DETAILS BELOW OR ANYWHERE IN THE MAIL

Email Address:
Password:
Address:
City:

Attention:Account owners who do not update his or
her account immediately you receive this Notification
will have problems using our online facilities effectively.

Notification Code:CZX1G13ABJ

The ” PROAXIS.COM ” Upgrade Team
Thanks for your co-operation.
Copyright (c) 2010.All rights reserved.

Of course, this is a fake; responding to it would be dangerous and very probably disastrous. I’m asked questions like this with some frequency, so I thought I’d share some thoughts on the subject. First a few general principles:

1) No legitimate company, service provider or merchant will EVER ask you for this information by email or at a website; you should assume that any request for your identifying information is fraudulent until proven otherwise.

2) Never use the links in an email like this; it’s possible to place a link on the page that states an address but takes you somewhere else. For example clicking on the following link: www.google.com will NOT take you to Google; try it … I’ll wait …

This is a fairly simple use of hyperlink misdirection; I did it with a webpage but it is just as easy in an email. The same principle holds true for email address links in emails and on websites. And if I can do it in 30 seconds using the most primitive of techniques, believe me, there are slicker methods out there.

3) My rule of thumb is that if my bank, internet service provider, credit card company, or anyone else with whom I do business ever wants something that badly, they can call me and authenticate themselves by telling ME information that only they and I would know.

4) If I ever think that a request like this may be legitimate, I call the firm directly, using the number in the phone book, NOT one given in the email (which, in the case of a spam or hoax, might well be fraudulent anyway) and ask them.

Or I go to the firm’s website using their web address, if I already know it, or Googling it to make sure that I’m going to the legitimate site for this firm; then if there’s information on that site that corroborates the information I originally got, I can proceed with some confidence, again, using the website I looked up; as I said above, never use the links in the email, which may be false.

5) I also look for grammar and usage in the email that may betray the sender as someone for whom English is not a native language, which is often a good indicator. The phrases:

You are to fill the details below to enable us upgrade and
verify from the old server.

and:

Account owners who do not update his or
her account immediately you receive this Notification …

as well as the quotes around the company name certainly convey the idea that the writer is not familiar with the grammar, syntax and level of professionalism that a technical writer or content professional would use. You cannot, of course, use this is a primary criterion because there will be hoax-sters with more sophistication and greater grasp of English than others, but this can be a significant piece of corroborating evidence.

You can also look at the email “header”. The header is a section of the email, usually invisible under normal conditions, that contains all kinds of information about the email such as the address it originated at, a list of the servers or computers it passed through on its way to you and various other bits of information. You can usually find an option in your email message’s ‘Edit’ or ‘View’ menu that will display this header information. Here’s part of the header information in the email my client got this morning:

X-Cloudmark-Score:

Today I got to work on a MacBook Pro, Apple’s top-flight laptop. Working on a Mac is a rare experience for me because they very seldom have problems. Of my 450+ clients, between 70 and 90 have Macs but I rarely get to work on more than one or two per year.

This laptop had a broken ‘return’ key; a victim of physical abuse involving a cat who wanted to compute and an anxious owner who didn’t want her to. It is surprising how complex a laptop key is; it usually has a small but complicated scissors-action undercarriage that holds the key up and parallel to the keyboard, so they can be tricky (and in some cases very difficult or even impossible) to install. And MacBook keys are special in that they are backlit in dim light; that’s right, in a dim or dark room, the keys actually light up so that you can more easily see what you’re doing.

Upon examination, I found that the undercarriage of the key in question (the ‘return’ key) had been slightly damaged and would need replacement. Knowing that I was driving to a nearby town where there was a Mac store and thinking that I might just pick up a key while I was there (if I was lucky), I called the local Mac dealer and asked to talk to the technician. I know her and trust her and it’s almost invariably better to go to the source; the sales people may know a good deal but the tech knows just how the process works and what its attendant hazards may be. (Having said that, I should point out, from personal experience, that every minute a tech is on the phone is one less minute they have to work on a client’s computer, so be warned and understand if they don’t want to spend much time on the phone.)

Unfortunately, I got a likely lad who ran interference and told me that I ‘would have to bring it in’ as there were several models of MacBookPro and the key’s availability and the feasibility of replacing it could only be determined by a visual inspection of the particular laptop in question. This may have been well-meant and sincere, but the idea was ridiculous. I have repaired hundreds of laptops, by almost every major manufacturer (including Apple) and I can tell you that, for a given laptop model, keys are either replaceable or not replaceable and the keys are available or not.

Abandoning the idea of trying to push my way through to the technician, I did a quick bit of research and found this excellent site which has service parts for most Apple laptops. At this site, keys for the MacBookPro 15″ (the model I was working with) cost $8.95 each. I ordered the ‘return’ key immediately and will add a postscript to this article to let you know how it turned out.

The need to transfer a user