Email has become one of the most frequently used form of communication but all too often, a message encourages the recipient to click on an included link. That link may well be an invitation to be scammed because the sender might be phishing for your personal data. (“Phishing” is defined as the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information. Email has become a popular tool for fraudulent activities designed to steal private information or plant a virus.
The inbox of any active email address has undoubtedly received a message that was sent by a scammer. It may have announced that you won something, requested answer a few questions or advised that your password is about to expire. (There are, or will be, other approaches to steal information or install a virus because the scam of the day changes frequently.)
In all cases, you’re advised to click a link which will take you to a web site where you can resolve the problem, collect your prize, or answer the questions that will save the world. These emails usually look completely legitimate, but even if they are, NEVER click a link in an email. PERIOD- until you verify the identity of the sender. If- and only if- you recognize the referenced web site as one at which you have an account, or you know is legitimate, proceed with caution. Your safest option is to ignore the link in an email and type the site address directly into your web browser. If there truly is an issue that needs your attention, or if you have in fact won a million dollars, there will be a notice with the relevant information. (You may need to sign in to your existing account if you have one.)
If an email is asking for a donation, follow the same procedure. NEVER clink a link in the email. Type the web site address into your browser IF you want to make a donation. In all cases, if you don’t recognize the site being referenced, delete the email and move on.
Keep in mind that it’s also possible that emails appearing to be from friends and associates may not be legitimate. It’s relatively easy for scammers to find the email addresses of people who communicate with each other and spoof a sender’s name and email address. Some scammers create a duplicate identity of a social media account and send out “friend” or “connection” requests. Their goal is for you to accept their request so they can gain access to your list of friends or connections.
If you don’t already have an anti-malware, anti-virus program on the device you use to roam the internet, install one. There are a number of good programs and I’ve found Malwarebytes to work extremely well. Such programs aren’t guarantees that you won’t get scammed, but they will catch known scam sites and block access. They’ll also monitor activity on your device and alert you if they find something suspicious.
Some scammers may be doing nothing more than collecting contact information so build a list for sending sales-oriented email. If a recipient opens the email, the scammer collects a fee. However, it’s just as likely that a scammer will use a collected email to send a virus, or to gain access to personal and financial information.
When trying to determine if an email was sent by a scammer look beyond the name that’s displayed. A common, an entirely legitimate practice is to create text in addition to an email address to be displayed in the “From” field. As an example, if your email address is JJ123@email.com, you may want to have your name as well as your email address displayed so the recipient knows who sent the email. If you included your name to be added to your sender data, the “From” field most programs would display ” John Jones <jj123@email.com>” as the sender. An unfortunate consequence of this practice is that scammers create names to mislead recipients as to the true identity of the sender, as shown below. The first example is an email as displayed on an iPhone. Note that only the sender’s name, not the actual email address, is displayed.
At first glance, this email appears to have been sent by the FedEx Delivery department. On an iPhone, if you tap twice on the name, (in this case “Delivery”) the actual email address from which the email was sent will appear. In this email, that actual address was info.wp82@lyoxemdo.com– obviously not a legitimate FedEx address.
When viewing an email on a computer, (depending on the email program) the sender’s actual address as well as the name may be visible, as shown below in the red circle. Notice a few other indications that the email is not legitimate.
If you don’t ship or receive packages through FedEx, UPS or other delivery service, you may not be aware of the company’s tracking number format. In that case, you can go to the appropriate web site such as www.fedex.com, www.ups.com and track the number provided in the email you received (you do not need an account with that company to track a shipment). When I tracked the number in this email, the response was, “No record of this tracking number can be found”.
Many scammers are located in other countries and their messages are often dead giveaways that their messages aren’t legitimate. Misspellings aren’t unusual in legitimate emails, but in this one, note that instead of “You’ve” they have written “You—ve”, which is certainly suspicious.
Another example of an email from a scammer that looks legitimate-
The indications that this email is from a scammer are:
There is no Costco logo- legitimate companies always include a recognizable logo as it’s a way to grab the recipient’s attention
CostCo in the “From” field is spelled incorrectly (the second “C” should not be capitalized)
The “From” email address is obviously not associated with Costco
An approach favored by some email scammers is a message announcing that you’ve won something or will get big savings if you answer a few questions. A few examples are below with “From” name and email address pulled out and magnified.
You may be wondering how a scammer got your email address and what they hope to accomplish. Regardless of stated privacy policies, there is virtually no privacy on the internet. Scammers have a number of tools at their disposal to find email addresses. They review social media profiles and data breaches and may even gain access to a company’s customer data base. They may also use an automated system to randomly generate addresses, after which they keep (and possibly share) the ones that didn’t bounce and discard the ones that did.
The examples above are just a few of the types of emails sent by scammers. What these and most others all have as a giveaway is a “From” email address that doesn’t fit with the “From” name. But even if a name and email address seem to match, stay vigilant and take precautions to prevent being a victim of a scam.
Be the first to comment