Deceiving without Lying

I got this letter in the mail.

If you look at the reply envelope, you’ll see that there is no identification of the company that is sending this e-mail out. Look to the right, where I’ve let a bit of the outer envelope show. It shows a quite correct statement of penalties for obstructing mail delivery. It’s not particularly relevant, but whatever. At the end, in smaller print, we note that this is not from the government..

At the bottom of the pink sheet, we see a note that this is not “affiliated with or endorsed by any government of Medicare program.” Another statement that is likely quite true.

With the “NATIONAL RESPONSE CENTER SENIOR BENEFITS DEPT.” the intention is to keep the recipient from thinking of this as a ad for life insurance, which it is, and to suggest that they are being informed of benefits already earned (Medicare, Social Security), which they are not.

I wouldn’t post this normally, but I did for two reasons:

1. This is aimed at the elderly, and there are many actual benefits available. There are many organizations and government agencies that do work to provide information about actual benefits. Because of that, someone else can slip in deceptively and imply that they are such a group, while making sure that they don’t actual tell any lies and have all the disclaimers available.
2. Most of my readers will find this particular mailing trivially easy to analyze and dismiss. In the modern world, you are assailed much more commonly by e-mail, something many of you are much less skilled at evaluating. You need to apply the same sort of logic. How does a reputable company go about introducing you to its services? Does the e-mail you’re looking at look like and function like that sort of introduction? If you look carefully at the e-mails you receive that are legitimate, especially those from businesses with which you have a relationship, you will more likely recognize when someone is playing around.

It’s possible for people to spoof the sender of an email. That means they use a name or an e-mail address that is not theirs. It is much more difficult, but nowhere near impossible to place false data in the actual record of how the e-mail was transmitted. I have nonetheless had friends receive e-mails that purported to be from me. I got them to forward the e-mail to me and I was able to check that it was indeed not sent from the appropriate server, and just my name was faked (not even the e-mail address in a couple of recent cases).

Just like someone could type my name on a piece of paper and forge my signature, so they can fake that information on an e-mail. Or they can fake yours. They can do this without hacking your account. Your information is easy to access.

They could, for example, extract my address from the picture above, but that is ubiquitous on the web. I blacked out my zip code, but anyone who wants it already has it. My point here is don’t assume that simply showing the right return information makes it certain the e-mail is correct. If you have any doubt—and please take enough time that you’d notice—then confirm with the sender before following any links or opening any attachments. A huge percentage of the fraud problems on the internet would be abated considerably by this.