Inside Tricks of Email Scammers Revealed
by Mike Leahy
Email scammers are a crafty bunch. Their objective is to get you to divulge confidential information: your passwords, Social Security number, credit card information, and so on.
Obviously, you’re not going to just hand that over -- which is where the crafty part comes into it. These fraudsters have a whole host of tricks up their sleeves to appear legitimate and to fool you.
In this article, I’m going to reveal how their scams work and show you exactly what to do to protect yourself against them.
How an Email Scam Works
This nefarious game of masquerade that criminals engage in is what’s known as “phishing.” And the way most email phishing scams work is a scammer will send you an email that looks just like an email that you might receive from your bank or an online merchant.
Their messages often take on an urgent tone, and they demand that you provide personal information. Typically, they’ll request that you “update” your information by clicking on a link in the email. When you click on this link, you’ll immediately be taken to a Web page that looks just like the Web page of a bank or merchant, etc., that you’re used to.
There will be a blank form for you to fill in, and once you do that and hit submit, not only will you have just transmitted all your personal information to the scammer, you’ll probably have also just downloaded malware and spyware onto your computer without even knowing it.
Telltale Signs of a Scam Email
How do you know if the email you’ve received is a scam? There are numerous giveaways.
If it features an offer that’s too good to be true, it probably is. You know: the kind that promise “free” stuff, money, or amazing “work from home” opportunities.
Poor spelling and grammatical errors are other signs you might be dealing with a fraudster. If the graphics or formatting of the email appear a little “off” or inferior, that’s another tell. A surefire way to confirm your suspicions is by working out who, exactly, sent you the email. If it’s from an unexpected email address, it’s probably a scammer.
For example, if you receive an email with a “From” line that states “Capital One,” most of the time you can see who actually sent the message by simply ‘hovering’ your mouse cursor over the “From” line (but do not click it).
A message box should appear either below the “From” line or at the bottom of the email showing the actual email address used by the sender. In this case, the correct sender should be something like email@example.com. If, however, it’s instead firstname.lastname@example.org, that’s the clue you need to know the email is not really from the bank.
The “hovering” trick also works with links in a message. If you hover over a link that says, “Click here to go to the bank’s secure website” and it gives you a message that the actual site address is something random like www.udd.cl/form.php, you know someone’s trying to scam you.
Although hovering is a useful tool, you still need to be diligent. Scammers know that people don’t usually pay close attention to website addresses, and so what they do is register website addresses that appear similar to legitimate websites, but if you look closely, you can tell they’re fake. For example, if you receive an email (with an urgent message that your account has been suspended) from www.pyapal.com instead of www.paypal.com, would you notice? How about from www.bank0famerica.com? Did you notice that the address is actually “bank(zero)famerica”? Often, we read what we expect to see, and phishers take full advantage of this.
Also, keep in mind that if you want to determine whether a website is legitimate or not, you should read its website address from right to left. An example will help clarify. Take two different websites:
www.accountalerts.bankofamerica.com and www.bankofamerica.accountalerts.com. Which website will connect you to Bank of America’s real website?
Well, by following our rule of reading right to left, accountalerts.bankofamerica.com will take you to Bank of America and bankofamerica.accountalerts.com will take you to Account Alerts (which could be a scam website).
Best Practices for Safe Email Use
A financial institution or reputable merchant will almost never out of the blue request your personal information through an email.
If you’ve been registering an account online for, say, an online store, and at the end of it, you hit submit and then receive an email from that online store that includes a “click to confirm your account” type link, that should be safe to click on because you’re receiving it just seconds after interacting with the actual website.
But if you receive an email unexpectedly from some online store or bank and you’re not certain of the sender’s veracity, you should not click on the link if the email message is directing you to do so.
Also, remember that banks and reputable merchants will not send you attachments in their emails. Attachments, just like links, can contain malware or spyware, so you don’t want to open these.
So in summary, do not open links or attachments unless you verify their sources. Even then, it’s generally not recommended, because phishing techniques become more sophisticated daily. Instead, contact your financial institutions and merchants the old-fashioned way -- directly -- by phone or through their secure sites. i.e., type in their address into your Internet browser.
Now that you’ve learned the inside tricks of email scams, put your knowledge to the test by taking a phishing quiz! You can find a free one here.
Mike Leahy is an attorney in Annapolis, Maryland, and a Certified Information Privacy Professional (CIPP/US). Mike can be reached at email@example.com or via his LinkedIn profile. © 2015 by Laissez Faire Books LLC.