how to spot phishing emails — analysts find 'glitch in matrix' after email timestamp shows delivery three years before it was sent
A routine security sweep at a mid-level tech firm in Columbus, Ohio, has uncovered what one lead analyst is calling a “true glitch in the matrix” — an email that appears to have been delivered three years before it was sent. The message, a classic phishing attempt disguised as a password reset alert, arrived in employee Sarah Lin’s inbox at 3:14 p.m. on Monday. But the email’s hidden metadata reveals an impossible creation date of August 12, 2021, with a timestamp showing it was sent from a now-defunct server that Google decommissioned in early 2023. “I’ve seen phished links, spoofed headers, and even emails sent from the future due to time zone errors, but this is the first time I’ve ever seen a message that claims to have existed before its own sender even had an internet connection,” says cybersecurity researcher Dr. Amelia Reyes, who was called in to investigate. The company’s IT team has since quarantined the email, but not before Lin nearly clicked the link because the “odd date” made her think the message was “too old to be dangerous.” Experts say the anomaly highlights a new vulnerability in how phishing lures are crafted, using corrupted or recycled metadata to trick even cautious users. “This isn’t just a bug — it’s a warning,” adds Reyes.