Q&A: Should I trust this email?

Q I received an email purporting to be from my ISP, telling me that I need to run a tool to ensure that my email keeps working, but stating that this only works on Windows applications like Outlook Express and Windows Mail. Although it also offers the possibility of making changes manually, it all looks highly suspicious. Should I believe it, or is it a phishing attack?

A It can be desperately difficult to tell genuine messages from bogus ones.

If you are uncertain, visit your ISP’s home page and you should readily find a matching news item or release covering the same ground. In your case, this may be related to changes that your ISP has made to their email service, under the guise of a new service based on Google technology. Details of the modest tweaks to mail client settings are given in their support pages, and should be straightforward to implement in Apple’s Mail and other Mac clients.

With the widespread use of iPhones and iPads, most ISPs now provide easy instructions for setting iOS Mail up to use a service. If they do not provide explicit instructions for Mac apps, then you may find the iOS instructions helpful.

If you had been unable to confirm this on your ISP’s website, do not click on links in a suspect email, which could take you straight into the arms of a scam or hack, but contact the support desk. If it is genuine, they will certainly know about it, and may be aware of recent scams too.

You may also get valuable clues from inspecting the source of the message, particularly its headers, and the embedded link. There are several tricks which can be used to disguise a malicious link and make it look safe. If you are not entirely happy, don’t click on it.

Updated from the original, which was first published in MacUser volume 26 issue 19, 2010.