Kudos to readers who wrote me yesterday to make sure I was the sender of an email they found suspicious. (I was.) Here’s hoping that didn’t stop anyone from claiming two gigs of free cloud storage.
In case it did, here’s the link again. Turns out you’ve still got time, if you act today:
https://security.google.com/settings/security/secureaccount
When an email offer raises red flags (as mine did), there’s an easy and fairly new way to double-check its authenticity. I’ll explain below — but first, the context:
I had just noticed that Google, in observing “Safer Internet Day 2016” (February 9), was increasing Google Drive cloud storage for any account holder who would go through a simple security checkup. Two extra gigabytes for two minutes of your time.
We nearly all have Google accounts. We do if we use Gmail, YouTube, Google Photos, Google Docs, Android, or lots of other services. If we do, we also have a Google Drive squirreled away in the cloud. By default, that’s 15 gigabytes.
Fifteen gigs is a lot — but you’d be surprised how quickly you can fill it with today’s high-density digital stuff. So bumping it up to 17 gigs is worth two minutes.
According to Google’s blog, the two-gig bonus offer is good through February 11 (today). But I didn’t know that yesterday, so I sent out an email “quick alert” notifying readers of the offer. (I was afraid it would end any minute.)
This went to the blog’s subscriber list, but didn’t actually go through the blog. It didn’t contain the usual links and graphics. Some cautious readers were thus suspicious that the site and its mailing list had been hacked, and that the embedded link was a trap.
That’s a reasonable suspicion! I’m delighted some readers took the time to check with me to make sure the message was legit. I replied to each inquiry, and hope the replies were timely.
But in case I’m ever late in responding, there’s another way to check, using a relatively new web-search resource called “semantic search”.
Nowadays we get lots of “offers” and “requests” from scammers. They could be posing as me (or Amazon, or Google, or your bank, or some government agency). If you aren’t confident, here’s what to do:
Close the suspicious email. Then open a blank, fresh web page. If you like, use a different browser as well as a new page. If you want to be really thorough, use a different device altogether. Open a search engine tab using Google, or Bing, or Yahoo; I guess this applies to any of the Big Dogs.
Then type in an inquiry about the proposition using natural language. For example, you could ask “will Google give me free storage for a security checkup?” Or just use keywords: “safer internet day Google bonus” or “Google 2G reward for security check” or “Google bonus cloud storage offer” — or — or — just about anything.
That’s right: It barely matters how you phrase the question! That’s the “semantic search” angle. Google (and some other search engines) no longer need exact search terms. They analyze what you want, and do their best to respond appropriately.
This is new — and it represents a profound shift in the way the World Wide Web works. I grew my web feet during an era when computers only understood exact requests. Word sequence and spelling had to be precise, or no match. That’s still the thing to which I’m accustomed.
So I find it easy to forget that that isn’t needed anymore. Gone are the days when it wasn’t worth the trouble to search, if I didn’t know the exact phrase I needed.
If you use any of the phrases above (which I just made up randomly), they’ll call up pages and pages, from Google and a lot of big-name news websites, announcing the storage upgrade offer. But if it had been a hoax (as well it might), the same searches would have led to warnings from Snopes and other urban-legend debunkers.
Try the same thing with a known hoax. For instance, “will Bill Gates give me money for forwarding an email?” (Seriously, a few years ago, this was a $5,000 rumor making the rounds; probably still is!)
A few years back, semantic search didn’t work. Now that it does (and it’s only getting better), it’s way easier than before to check out suspicious emails like mine.
And I promise to do my best to make mine a lot less susceptible, in the future, to suspicion.
8 responses to “How to Verify Suspicious Email Offers”
On Thu, Feb 11, 2016 at 7:13 AM, David Sperry wrote:
Thank you for both the alert and the new information; got my two.
Great to hear it, David!
On Wed, Feb 10, 2016 at 8:56 PM, Patricia Visser wrote:
Thanks just did this!
Wonderful, Patricia. Glad to hear from you.
On Wed, Feb 10, 2016 at 2:46 PM, Mahin Pouryaghma wrote:
Dear Gary, is this really from you?
Yes, it’s really from me. Good call, though, to ask. It’s always important to be suspicious. That in itself is a more important security step than any “security checkup”.
Another way to check any suspicious offer is simply to go to Google and, well, Google it. You can web-search for “google safer internet day bonus” or anything at all similar — just make up a search phrase. Then Google itself, with no involvement from the email you are checking out, will steer you to links that either confirm or deny the reality.
On Wed, Feb 10, 2016 at 6:12 PM, John Kolstoe wrote:
Was this from you or a hack?
John, it was from me. Good call, though, to check. It’s hard to be too suspicious nowadays. You’re the second person to write me about this, so probably there are others wondering.
Sorry I was away and only now getting back to you. Glad in any case that you replied. If this had been a hack, this would have been my first notification, and time is of the essence there.
Either way, it’s easy to double-check “offers” like this using an independent channel. Using any web browser and any search engine, you can perform a search for some phrase describing the offer in question. For example, “safer internet day google bonus” will work. So will “google 2G storage upgrade offer”. Or “google security check upgrade”. Or anything at all — just make up a way of describing the offer, type it in, and scan the results.
Nowadays all the top search engines (certainly Google) use “semantic search” to try to understand the searcher’s intent, regardless of exact keywords. This recent development makes it easier than ever to find relevant answers, because a results page doesn’t have to contain the exact wording you typed in. It only needs to match the intent.
Be that as it may, enjoy your two-gig storage bump!