Recently, I’ve had a few people forward some spam and “phishing” (trying to get unauthorized information from you) e-mails that they have received, and I am saddened to report that the bad guys are getting better at this. While your e-mail program or computer might have good software to block these, the people who have chosen these unseemly activities as their pastime are working hard to make what they send you believable.
As we enter into this holiday season, both work life and home life can get busier and we are more susceptible to rushing through e-mail and thus are more vulnerable to these attacks. Becoming a victim to one of these can be just what is needed to derail us from where we truly want our focus to be, and it can even take money away from us that we could have chosen to be generous with.
Here are some questions to ask yourself that may help you determine whether an unusual e-mail is real or a scam:
1.) Is the e-mail from a company that you normally have accounts or activity with? If not, and they want information, forget it. Likely this is illegitimate, but even if it is real, they don’t have a right to your information or to get it this way.
2.) Always look for grammar, spelling and punctuation. These e-mails often come from other countries and are sent by those who don’t have the best grasp on the English language. Big companies normally have people who do nothing but check the grammar, spelling and punctuation on e-mails that go out to customers. If you see bad grammar, over or under-punctuation, or bad spelling, toss the e-mail.
3.) Check the sending e-mail address. The e-mail may appear to say it’s from “Citibank”, for instance, but look deeper into the actual address that initiated the e-mail. You can usually do this by clicking on it or by setting up a blank reply e-mail to see where it goes). If the sender has an e-mail address that begins with something obscure and/or ends in @yahoo.com or @hotmail.com, or ends in something even less well known, you are looking at a phishing (or scam) e-mail.
4.) The main way these e-mails can get you is by getting you to click on a link within the e-mail, so when in doubt, DON’T. Sometimes these links will open up into something that looks like the company’s website but is just window dressing to try to get your information from you. If in doubt, go directly to that company’s website (without using any links in the e-mail) and log into your account that way, or send them a customer service e-mail asking them if the e-mail is legitimate.
If you’d like to do more reading, check this out: http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
If you get one of these, just delete it. If you have extra time (and for extra credit), send a copy of it to the company who’s being imitated so they can alert their other customers. And then pray for the people who sent it.
Great post, Nick. Additionally, most email interfaces have a feature where if you hover over a link, you can see where it points. Take my domain name, for instance: stevestechspot.com. If you expect to be directed to stevestechspot, stevestechspot.com must appear AT THE END of the URL in the link. Scammers will provide links like stevestechspot.suspicious.com. Also, when you get to the destination to which the link points, always check for a security indicator in green, and an indication that the website matches what you think.