WEBVTT 00:03.626 --> 00:30.162 [Automatic captions by Autotekst using NB Whisper. May contain recognition errors.] I use Outlook as an example. OK, let's begin. First example is HBO. Famous and beloved to many. Here is an email from HBO Nordic, they say. But yes ... Firstly, we see that it has a rather strange sender. And if you look closely, you will see that there is a space that should not be there in the text. Only for you. 00:30.162 --> 01:00.043 Then you also see that there is a big letter in the middle of the text. Very strange subject field. Badly written. This seems very cheap. NOK 15. A little too cheap. Then it says 'hello' without a name. And HBO knows your name, so it's very common for them to put your name in the email if it's real. They don't do that here. So there should have been a tie. It is not. 01:00.043 --> 01:14.616 If you keep the mouse pointer above the link in the email, you will see that it does not point to the spy, but to georgegray.pw. So, this is fake. 01:16.357 --> 01:33.131 Here we have an example of an email from Post Nord. From the package service Post Nord, where they say that there is a problem with a package for me. Have I ordered anything from Post Nord or not? It is worth thinking about. 01:33.131 --> 02:00.503 Here they say that I must do something to gain access to what I have ordered. And then it says that this email is not from PostNord, but from info.at-william-tolkan.host, which is a completely different place. Clear sign of a fake email. Nor is it there with my name. They should have had that if they had sent me a package, because then they know my name. 02:00.503 --> 02:30.247 Slightly strange formulation. Get access to package data here. What is package data? Data about package - very English way of saying it. And another thing, then. Is this called the company PostNord or PostNorden? What is the real name here? Here they mess with what the company is called. And if you then keep the mouse pointer over the link at the end, the link does not point to PostNord, but to Williamtolkan.host, which is somewhere else entirely. 02:30.759 --> 02:54.172 Again - fake email. This is an example of an email from the workplace, from where I work, which claims that it comes from UiO, where I work. It is also quite common that you try to pretend to be a workplace. And here you try to get people to click on a link. 02:54.172 --> 03:11.988 To update or validate the information. Then we look after it a little more carefully. Here is a strange sender. It comes from PedroRomero.uclm.es in Spain. 03:11.988 --> 03:29.104 It is not sent straight to you. It has been sent to many recipients. Then it says, ".Dear email user." No name. Such an email from Ujo would come to me with my name. For sure. Here it would say St?le. 03:29.104 --> 03:49.548 And then there is a bit of a strange use of language here. Here it says 'for all e-mail users'. Very strange way to say things. Lots of English sentences in such fake emails. Yes ... Weird choice of word. 03:49.565 --> 04:18.780 And preferably that something will happen. If you don't do this right away, you'll lose your email account. So we're trying to make you scared and think that you better do as we say. Otherwise things can go wrong. It's a kind of threat, then. And here is an English address in the email. A real email would not contain that. It would be a Norwegian address term. 04:18.780 --> 04:42.432 So again, if you hold the mouse pointer over the link ... One link actually points correctly. But where it says 'click' here, which many can consider doing because they are scared, then the link will point not to UiO, but to uiono.webley.com. 04:42.432 --> 05:09.701 Weebly is a place people can create websites in, which is widely used for such fishing. So this is not ugly. And the probability here is that if I click there, then comes to a website that looks like the job's email. Or website for email reading. And then you are tricked. Because they like to try to copy a website from e.g. where you work. Once again fake email. 05:11.869 --> 05:27.910 But many e-mails are real, and they have quite a few other characteristics. Now I'm going to show examples of two that are real, and what are signs of that. This one is from PayPal. Here we see that it comes from ... 05:27.910 --> 05:43.592 It is possible to explain it. So the fact that that field is a field with PayPal in it, is not necessarily a sign that it is a real email, but it can be an indication. 05:43.609 --> 05:59.514 But they know who I am. And that email is not just sent to a random address that is mine. It is sent to me because they know my name is St?le. And it is a good sign again, then, that it is a correct recipient. 05:59.514 --> 06:28.985 But you can be more sure if you then ... Yes, you can also see here that this is a real logo, which is identical to the logo of the websites. It can also be falsified, of course, but it is also a good sign. The language in the email, it is well formulated. It is grammatically correct. It is well written. There are no strange translations, e.g. So someone has thought that this is a traditional company. It's a good sign of that. 06:28.985 --> 06:55.708 But to be sure, you can always keep the mouse pointer over the link. And see where the link points. It points to paypal.com. And it is PayPal. You can also check to be sure. Write it into a website and check that you end up with PayPal. So this is a real email from PayPal. 06:58.370 --> 07:08.148 Another real email is from the Tax Agency. They are exemplary when it comes to sending e-mails in the right way to their recipients. 07:08.166 --> 07:33.985 Here we see that the From field, i.e. the Fra field, says the Tax Agency. The sender can also be forged. So the fact that it says the Tax Agency there is not necessarily a sign that the email is real, but it can be a sign. It has been sent to me. Full name, both in heads and in content. So these people here know who I am. It is quite clear. 07:34.002 --> 08:02.381 But the coolest thing of all is that there is no link in the email. You can't do anything wrong here. The tax authority tells me that the settlement for the tax is ready. Log in to see the content. You have to go to their website yourself. And then there is no way to falsify a link. This is how more people should do it, to avoid people getting used to clicking on links. This is just a message. Go check your tax. 08:02.398 --> 08:07.500 Real email. That's how it should be done. No links.