Detecting a Phish on an iPhone

In their obsession with simplifying the phone interface, the iPhone designers make it a bit harder to detect dangerous emails.

Here is an email claiming to be from “Humana Health” asking me to pay for my COVID-19 insurance, whatever that might be. The structure, layout, and English are convincing.

The mail software displays the name of the sender, “Kaylee,” but not her email address. We need to see if “Kaylee” is really sending this email from Humana. If not, this is obviously a phishing attempt.

How do we look at Kaylee’s email address?

While the iPhone has no built-in feature for reading the detailed email headers, we can at least retrieve a sender’s email address.

We click on the sender’s name to retrieve the email address. In the image at left, we click on the name “Kaylee.” It’s highlighted with the red arrow.

When we first click on the name, we may see the address display, but more likely the mail software will simply add a caret to the sender’s name, making it “Kaylee >”.

If so, click on “Kaylee” or the caret mark one more time.

Now the mail software displays a contact list entry. If the email is from one of your contacts, it will display that contact’s entry. If it’s a phishing email, the contact probably won’t be in your contact list (possible but less likely).

Look for the contact’s email address (highlighted with a red arrow). The email address is not from Humana. This is a phishing email.

Warning: an email might be a phishing email even if it carries a legitimate “From:” address. It’s a bit harder for spammers to send such messages, but the technology exists.