The world of spam seems to be getting increasingly sophisticated these days. Emails have been found to be using unicode to place a checkmark in the subject line in order to elicit confidence from potential victims.

Spammers

Unicode being used to help you give up those precious details

Official emails can often times have a symbol that the content of the email is trustworthy. The checkmark is a DKIM (DomainKeys Identified Mail)/SPF (Sender Policy Framework) symbol meaning that the sender and its content has been authenticated against a series of checks. SPF ensures the sender is on a list of authorized senders for that specific domain (in this case, PayPal), while DKIM checks the message content for changes. The checkmark indicates it’s all good, and that you can seriously trust anything inside. The problem is that this checkmark is clearly a trap. A clever trap nonetheless, for those that aren’t keen on checking other aspects of a message.

It’s not necessarily difficult to protect against a spammers attempts, though a good spearphishing campaign will be very enticing indeed. First, and always, think if you’re expecting such an email or whether it’s logical for you to be receiving the information within. Was there a suspect purchase, or perhaps a larger purchase than normal? Also to protect against phishing and spammers attempts to get your precious info, always check the sender’s email address through looking at the entire header. If it matches a known domain, then consider it. Though if it doesn’t then dismiss it outright. The header includes quite a bit of information that can be used to check the authenticity of an email, such as where it came from, when and the like. It’s always a good place to start if you’re curious or seriously doubting an email. Happy browsing, and stay safe.