thread HOWTO: Spot phishing emails in Archived Discussions (Read Only)

HOWTO: Spot phishing emails

ryanwanner — Mon, 12 Apr 2021 16:11:57 GMT

Hello all! Recently a fellow seller got an email about Negative Feedback and was a little concerned about it. He forwarded the email to me, and it definitely looks like a phishing email! Since I haven't seen the phishing emails hit the feedback emails yet, I thought it would be best to show you what to look out for:

Ok, lets take a look at this:

It's not in the screen shot, but the email was all wrong. All feedback emails come from feedback@messaging.squareup.com. If it doesn't have that email address, it's a guaranteed phishing email.
On the subject line, it says Square Customer and does not have the four digit ticket number at the end of the line. A valid feedback email will say A customer left you positive/negative feedback (#xxxx)
Right below the From/To line, there is no instruction line. A valid feedback email will say Reply to this email to respond to your customer
This one is subtle: Note that the background color on the feedback text is different from the background of the email. Square's emails will have the feedback text in white with a light grey background everywhere else.
View this dispute is designed to make you panic a little and click on it. The real emails will say Respond in this blue button.
Between the dispute button and the address, a valid email from Square would have a Purchase Overview section saying how many items were bought, on what date, and at what price. There is then an option to preview the receipt.
Speaking of the address, Square isn't based in Tuscon. In fact, the legit emails only have the Copyright line at the bottom, not their address.
Unsubscribe? Another way for them to get you if you didn't click on the dispute button. If I click this, I won't get any more phishing emails, right? Wrong.
Lastly, I'm pretty sure that Square can afford their own email servers and won't need to send free email from Hubspot.

So what do you do if you get one of these emails?

First and foremost, do not click/tap on any of the links and buttons in the email. If you do, immediately run a virus check on your computer, and for the love of all things holy, don't enter any identifying information in any of the screens that pop up.

Next, forward this email to spoof@squareup.com so their legal team can go knock some knees together.

And for the record, here is what a valid feedback email will look like:

Stay safe, sell a lot, and don't give any of your money to these filty phishers!

Re: HOWTO: Spot phishing emails

isabelle — Mon, 12 Apr 2021 16:14:45 GMT

Thank you for sharing @ryanwanner! ✨

Re: HOWTO: Spot phishing emails

dabblrscre8ions — Fri, 23 Jun 2023 13:56:07 GMT

Thank you for the thorough details, @ryanwanner. I found one of these messages in my spam folder today (see image). It has a couple of the elements you said would be in a valid Square email (the "Reply to..." instruction and the "Respond" button). Because Square does have a team in San Francisco, that address they provided could be legit. But the one thing they didn’t (couldn't?) fix was the sender's email address; it's from a personal address, not the Square Messaging one you mentioned.

Re: HOWTO: Spot phishing emails

ryanwanner — Fri, 23 Jun 2023 15:38:49 GMT

@dabblrscre8ions No. Never reply to any email that looks right that doesn’t come from messaging.squareup.com

In the last four days I received two emails to my spam folder that looked just like a Square email but came from a private address. This is how they get you.

In your example, it was for a negative feedback. Whenever I get emails like this I always log into my dashboard from my bookmarked link and check the feedback section. My emails were about disputes this time: I did the same login check and discovered there were no disputes.

NEVER click on a link from an email, even if it does come from a verified square address. Log into your dashboard and check there. It’s the safest way.