This is something that I feel rather passionate about. The people who create scam emails or phishing as it is known, like to prey on the vulnerability of those who ‘don’t like to say no’, or ‘love helping people out’. They have trained themselves up to lure people into a false sense of security, only to pass on a virus to you, steal your identity, or even clear out your entire bank account. This is a serious problem. The scammers are becoming better and better at making their emails look legitimate in order to get what they want, so we need to get better at preventing them from doing so.
Examples of popular scams or phishing are that you have won money, someone wants to donate money to you, an account has been blocked and needs re-activating, a strange looking payment has been confirmed or someone wants to share pictures with you and offers you a link to view them.
I have listed 10 ways in which you can recognise a fake, scam email from a legitimate one:
1. Check the email address
Checking the email address is one way to spot a scam email before you even read any of the content. Long, complex emails that don’t read well are likely to be a hoax. Is the email relevant to the content or the company who you received the email from? Does it include a mix of random letters and numbers? Have you received a legit email from them before? Do you recognise it? Ask yourself these questions before you even look at the content of the email.
2. Is the email addressing your name?
“Dear valued customer”, “Dear friend”, “Dear loyal member”. These are just a few of the introductions we see on emails that is a giveaway to a scam. Legitimate companies would almost definitely refer to you by your name. That said, scammers are becoming clever in finding out your name or even your nickname. If they find your email address, this may be linked to your Facebook account, where they can then find out information to make the email look like they know you much better than they actually do. So even if the email refers to you by name, this doesn’t necessarily mean it’s legit. If they don’t refer to you by name, don’t give it the time of day!
3. Look but don’t touch
Do not click on any attachments! It is rare that a legit email will include any attachments for you to download. If they wanted you to take a look at something it would usually be in a URL address contained in the email. If this is the case, check the URL and hover over to view the hyperlink. Do they look legitimate? Are they recognisable? If they are complex and not relative to the content, do not click on them.
4. Check for misleading / mismatched URLs
Leading on from the previous point, check any URL that is given in an email. Hover over and see if you can see where the URL will take you if you click it. Does the destination address match the text in the email? If they are totally different, it is likely to be a scam. The text in the URL should be clear as to where it will take you e.g. www.domainname/your-account not www.domainname/676dtv87fv87fdtv8sd76v576.
5. Check for spelling mistakes / poor grammar
Professional companies would not send out an email with spelling mistakes or poor grammar. Emails that have such errors are a sure sign of a scam email. Some big errors will be easy to spot but some you might have to look a little closer to find. Look out for improper use of full stops and capital letters, commas etc. Legitimate emails from real companies will check time and time again to ensure there are no such errors present in their emails.
6. Legitimate emails never ask for personal information
Real companies are likely to already have your personal information stored in their database so will never ask you for anything personal like your address, telephone number, bank details etc. Scam emails often try to get names and addresses from people to try to steal their identity. Or install a virus in the form of a link. Don’t let them do this to you.
7. Check for aggressive language e.g “Account blocked“ or “Do this now!”
When you go into a department store, the employees won’t be heard saying, ‘buy this now!’ or ‘do this now!’ Nor will you be rushed you into taking immediate action. They won’t be doing this in email either. Aggressive language, urging you to take action immediately is a giveaway to a scam email. The trick is to make you feel threatened by something and make you feel that something needs to be fixed right away. Leading you to click a link or attachment that initiates a virus.
8. You didn’t initiate the action
If you are being told that you have won a competition that you didn’t enter, this is a scam. To authorise a payment to someone you didn’t initiate, this is a scam. Confirm payment details for something you didn’t ask for, you guessed it, it’s a scam. You should think carefully if you have initiated whatever it is that is contained in the email.
9. Check for names, companies and telephone numbers.
If the email has been signed by ‘John Smith – Marketing Manager’, do a little research to check if he is an employee of the company you have received the email from. Do this away from the email in your web browser. Check for telephone numbers and see if it is a legitimate number for the company. Check to see if they have a website and cross reference any information given. We should be careful however, as email scammers can also create fake websites to make the whole thing look legit. Google the company name to see if they have been found as a fake company with a fake site. To check the owner and host of a site you can go to https://www.whois.net and type in the domain that is given in the email. You can then maybe check with the hosting provider to see if they have come across any suspicious activity from that website.
10. Don’t believe everything you read
Don’t take everything you read as the truth. Start to question everything you see and read. It’s better to be over the top with security than slack on security. Most things that are too good to be true, usually are!
Can you spot anything fishy about this email?
Here’s what you should have noticed
1. Check the email address! – The email address doesn’t match the name of the company.
2. Is the email addressing me by name? – No, i am referred to as a ‘member’.
3. Did I initiate the action – No, there is no reason why is should need to confirm my billing address.
4. Are you urged to take action? Yes, I am urged to change my address within 48 hours or my account will be blocked.
5. Aggressive language – “Your account will be deactivated”. Say no more.
6. Spelling / grammar – “If you did not confirm it until 48 hours” Incorrect grammar. Also unreadable text in the footer of the email. This is code that shouldn’t be visible and a professional company wouldn’t make such text visible.
Here is an example of a legitimate email from PayPal:
They refer to me by my name. This email gives me no reason to believe it could be a scam.
So what can you do if you spot a scam email?
- If you spot an email scam, adjust your email settings and add the email address to your junk, spam or blocked folder. Doing this will prevent them from bothering you again.
- Install security software to work in conjunction with your email security to spot the scam emails. Security software is a must, as i’m sure you are already aware.
- Report them, here are a few addresses where you can report scam emails:
Most emails you receive will be legitimate with no harm intended. The purpose of this article isn’t to scare you or to make you never check an emails again, but to educate you into spotting the scammers who want to cause you problems. Share this article with your friends and family and help put a stop to email scams!