A quick analysis of a suspicious email...

This other day, I received the email below that is a good potential “phish” example.  It was suspicious to me because I didn’t expect it, and it has the big “Activate your account” button on it, which always makes me nervous…

I hovered my mouse over the “Activate your account” button, and it showed this URL:

https://click.secure.castlighthealth.com/?qs=e44686b30557b0270415b9d9b54f0dc364469df8a750e6b8e9211d38a52bf60f7eabf3c8b5a4501c
 
Hmmm….doesn’t match calperscompare.com.  Not sure about this one.  However, I noticed that the email spells out the actual website, so I could manually enter www.calperscompare.com 

Before doing so, however, I entered www.calperscompare.com into one of my favorite URL checking sites, URLVoid.com .  It reported no reputation concerns with the website (0 out of 29 is good :).

I then manually entered www.calperscompare.com in my browser, and the site appears legit.  To be double-sure, I searched for “Calpers Compare” on the calpers.ca.gov website, and it checks out.

Hope you enjoyed this example of investigating a suspicious email as much as I did!  ;)