There are excellent spam filters running in the background of your web server and email software trying to keep unwanted emails out of your Inbox. However, there will inevitably be some that find their way through, mingling with the genuine messages trying to look legitimate. They seek to get you to call a phone number or go to a website with the goal of swindling you.
So, what are some of the warning signs in these malicious messages? Here are a few that I look for.
The “From” Field
Microsoft won’t email you with a Gmail address…
Who the email says the message is coming from can be misleading. There are to parts: the display name and the actual address. Often, a user just looks at the display name to identify who it’s from, but this name can be easily edited. Look to the right of the name where it’ll typically show the address in brackets.
A professional company or institution will use an email address from their company, not an outside source like a Gmail or Yahoo! account. Compare the display name with the actual email address. If they don’t jive, chances are the message is a hoax pretending to come from a legitimate business.
CCed to Other Multiple Addresses.
Confidential emails won’t CC 250 others about it…
No one said you had to be smart to be a scammer. Spam emails are often template messages being sent to hundreds or thousands of addresses at once. Sometimes, instead of Blind Carbon-Copying (BCC) the other addresses (keeping you from seeing who else is getting the same message) they will accidentally CC everyone, allowing you to view all the other addresses the message is being sent to.
An authentic company won’t CC others when discussing a private matter of a supposed account suspension or credit card purchase.
All your base are now belong to us…
Strange wording, severe grammar violations, and odd sentence/paragraph structure are red flags for an email that’s supposed to be coming from a professional source. Many mass-scam/spam emails originate from countries where English isn’t the primary language.
Doesn’t Address You by Name.
“Hello, Sir and/or Madam…”
Because scam/spam messages are often being sent out to thousands or accounts, they don’t actually know who you are. The message will typically give a generic salutation – “Hi there” or “Greetings” – without mentioning your name at all. Sometimes, they may simply address you by the first part of your email, parroting back what your address is.
Scammers/Spammers don’t know who you are, but a big company that you’ve provided info to should and will address you by name in legitimate correspondence.
Trying to Get You to Click a Link.
Just follow us into this windowless van…
Your account has been locked… Click here to unlock it. Your Amazon delivery was returned to us… Click here to request it back. We have an updated message for you… Click here to read it. Hundreds of dollars were charged to your credit card… Click here if you want to reverse this.
The end goal of the scam/spam is to get you to call a number or click on a link that will lead to you either providing them with money or access to your account.
Hovering over the link without clicking it will reveal where it’s trying to take you, generally somewhere other than the official website. Clicking the link may take you to a site that looks like the official one, and there in the middle is the request to provide your username and password. However, you’re not on the official site; and if you enter that information, you’ve just given your credentials to scammers.
The good news is that the good guys on the Internet eventually find these sorts of sites out, and web browsers will protect you from going onto them.
So, What Should I Do?
Think twice, click once…
There’s no point in replying to the message. Firstly, you can’t make them feel bad about what they’re doing. They’re like drug dealers: they don’t care, it’s just a business. And, secondly, at best replying will just inform the other side that yours is a valid email address that gets used. Prepare for even more messages to come your way.
Some email programs and sites give you the ability to indicate if the message is Junk/Spam. Clicking this will help them learn what is/isn’t spam and remove it from your Inbox. Otherwise, the answer is to just delete the message.
Shameless Plug for BRETT-TEK…
BRETT-TEK has helped innumerable clients who’ve been targeted by scammers. If you suspect your computer may have been the victim of scammers, we can help. BRETT-TEK can remove any software left behind and ensure your PC is sped-up, cleaned up, and running securely. Call today @ 780.349.BTEK (2835)!