I feel like I should be more skeptical, but my prayers have been answered and I got an email in my inbox saying I’ve won $2 million dollars from Microsoft. Is it real?
Microsoft isn’t in the habit of giving out money, whether it’s $20.00 or $2 million dollars, so your gut reaction of being skeptical is correct. In fact, no companies routinely give out money, grant awards or send prizes to people. Not only that, but even “treasure boxes” are illegal in the European Union so even that’s starting to look a lot like a scam too. Don’t be a sucker who’s scammed into this sort of thing, learn to put on your detective hat and closely examine your email with a trained and skeptical eye.
Let’s have a look at the email you received. First off, you can just apply the “smell test”: Would this company really grant this amount of money to someone and the notify them via email? Nope. So even before you get any further, it’s clear that this is a scam or at least a dumb prank.
Here’s a similar message I received that’s correctly categorized as “spam”:
Again, before you even go any further, does this seem reasonable that Microsoft would be giving out a $2 million award and that you’d win it without them even knowing your name?
But look adjacent to the “To” at the top of the message. See that tiny triangle? If you click on it you’ll get more information about this particular email (at least in Gmail. Other email programs have other tools to examine the header). Here’s what it reveals:
Again, putting on your detective hat, let’s look at this skeptically. First off, what’s with that From address? firstname.lastname@example.org? I’m 100% sure that if Microsoft were to send you anything legit, whether it’s an email reset link or a sales brochure, it would come from a @microsoft.com email address, not from Hotmail. Hotmail, as you might recall, is a popular free email hosting service where, yes, scammers set up email addresses just for specific campaigns. Like this one.
But where’s that To address too? The only reason it wouldn’t show up is because they’re sending this exact same email to dozens – or hundreds – of email addresses. This explains why the “Attn:” line is blank in the message too, but it also obviously fails the “sniff test”. Red flag, red flag!
Now let’s just have a quick glance at the listed contact info. The email address is @executivemail.co.za. .ZA is the domain for South Africa and if you go to that domain it bounces you to this Web page:
It’s a nice looking, albeit basic home page with news, adverts, etc, but it sure isn’t something that would be associated with even the most poorly executed Microsoft campaign, is it? Notice in particular the weather report info on the lower right in case you’re not sure where .ZA takes you: Weather for Johannesburg and Cape Town. That ain’t Redmond, Washington, Microsoft HQ!
Then there’s that phone number. A quick Google search on the phone number (you can do that!) reveals the truth in case you’re still a bit unsure:
If you’re curious, international dialing prefix +2 is the continent of Africa too. Did you really want to call someone in Africa (probably South Africa) to “collect” your “award”? I didn’t think so.
The long and short of this is that it’s up to you to keep yourself safe from scams. Just because something seems wonderful doesn’t mean it’s legit or real. Learn how to investigate and do some detective work online before you proceed with any email, phone calls, sharing any personal information, etc. This is true if it’s a letter in your mailbox, an email in your digital inbox, or an instant message from someone on Twitter, Facebook Messenger or similar.
Be careful out there. I hate reading about people ripped off by scammers…
Pro Tip: I’ve been writing about the basics of online safety for years. Check out some of my helpful articles to learn more about how to stay safe online.