How To: Spot Scam Emails
Cybercriminals are crafty, and phishing is one of the most common traps we see people fall for. A play on the word fishing. Criminals use emails pretending to be a well-known organization to cast their “bait,” hoping the recipient will “bite” by providing them with the information criminal has requested. Often, these scams come in the form of emails claiming to be from a reputable company asking for your personal information. This can also happen over the phone, so be wary of any suspicious calls.
Keep reading or watch our video to learn more!
Parts of an Email
Let’s review the parts of this example email claiming to be from Amazon Prime.
At the top, we have the subject line. A subject should be just a few words to explain what the email is regarding.
Next is the sender’s information, this shows their email address and the name they provided.
And finally, the body of the email. The body can contain text, images, hyperlinks, buttons, and more.
Now, let’s begin looking for clues of a scam.
1. Check the sender’s email address
Cybercriminals may send emails that appear to be coming from legitimate institutions, but the email addresses they use usually have some irregularities that give them away.
For instance, this email should be coming from @amazon.com or some similar variation. Instantly we can tell that this email is not really from Amazon. Anything different should raise red flags and the email should promptly be deleted or marked as Junk.
2. Carefully check for spelling and grammar
Legitimate companies normally have multiple staff members to review emails for spelling and accuracy before they are sent. Malicious phishing emails usually contain spelling and grammar mistakes along with the wrong usage of words. As English typically isn’t their first language, most hackers are not capable of realizing their minor errors, so if you notice any, don’t hesitate to delete the email.
In this example they appear to use good spelling but there are some grammatical errors. Another giveaway is that they don’t refer to me by name, they used my email address. This is another common giveaway as Amazon and any other legitimate company would know my full name.
3. Ignore unexpected requests
Unexpected requests, especially those that ask for usernames, passwords, or other personal information, indicate a phishing attempt. A common one we see is a “Shipping Confirmation” or “Package Tracking” email, but you haven’t ordered or shipped anything. Or a company that you recognize but haven’t communicated with is suddenly asking you to download something or sign in somewhere.
In this example, the email is unexpected, as I know I pay for amazon prime annually, and I’m certain none of my cards are expired.
The hacker’s goal is for me to click the button. Clicking this button would take me to a web page where they can ask for and steal my Amazon account credentials and credit card information.
4. Check for a sense of urgency
Phishing messages usually come as an alert or notification about some critical issue that needs your immediate attention. This effectively creates urgency, but it’s usually an attempt to scare you into clicking on a fraudulent link or downloading malicious software.
In this example, they give me 24 hours to cause urgency and encourage me to act impulsively.
5. Double-check hyperlinks before you click
Before clicking on any hyperlink in an email, hover your mouse over it to see where it leads. If the URL differs from what appears in the message, don’t click on it!
In this example, when I hover over the button they provided, the actual link appears in the bottom left-hand corner. If this email was from Amazon, it would take me to a website that uses their domain, amazon.com. Clearly, this link is trying to take me elsewhere.
As you may have noticed from the screenshots, thankfully, this email example had already been marked as Junk by Outlook, my email provider. Therefore, it is not advised to go browsing through your junk folder.
Keep your eyes peeled, and don’t click any links if you’re ever in doubt. Instead, go directly to the website of who they claim to be and sign in. If your account has a problem, it will warn you when you log in. If the email is from a local company, stop in to see them in person.
And as always, don’t hesitate to reach out to us for support. Whether it’s spotting a scam or recovering from one, we’re happy to help with all your technology needs.