Email phishing scams are nothing new, we’ve been hearing about them practically since the public protocols were implemented in 1996.
An email scam can come in many different forms and flavors but pose a real risk regardless. Personally and commercially, “social engineering” scams cost us over $1.3 billion per year as a society. these email scams have actually tripled in count in the past three years.
Take a look at these seven common tips experts often tell us to watch for!
1Mismatched Addresses, URLs, and Branding
Branding isn’t just something that helps a company sell a product or service. It also plays a role in identifying a product or service — and any communication — as genuine.
If anything doesn’t feel right about the way the branding looks or if it is inconsistent with what you’ve seen before, check online to see if there’s been a rebranding. If the quality isn’t good, or it’s pixelated, it’s a good indication that the email is a scam of some kind.
Similarly, the links in the email are easily checked. If you right-click and select “Copy link address” and paste it in a text editor, you can see the destination of the link. Another method is hovering your mouse over it, and looking in the bottom left of your browser at the destination.
On the matter of URLs, make sure it matches what you’ve seen in the past. An example would be if you get an email from what looks like Google but it goes to Google.info.org you should be suspicious.
Before you have verified the identity of an email sender as legitimate, you should never click on anything in the email, since it could be malware, ransomware, or a virus.
2Misleading Naming Convention
Each email has a display name as well as an address. The display name shows a name the sender has chosen, such as “John Smith” in the sender. However the address could have a domain name of “goog1e.com” where the “1” visually looks like an “l” at first pass.
Many authorities have a published book that outlines how powerful this attack can be. Something like [email protected] has mislead millions of people over the year, to opening and clicking on links in malicious scam emails.
Another thing to watch out for is the way an URL is structured. For example, “info.domain.com” means the “info” part belongs to “domain.com.” Sometimes, however, scammers cleverly hide their fake domain in plain sight with tricks like “domain.info.com” with a domain of “info.com.”
It’s important to know that whatever comes before .com, .gov, .org, .io, .edu, etc. is the domain name. The “dot-letter-letter-letter” suffix for Domain Name Servers (DNS) is to properly sort internet and email traffic.
3Confusing Grammar or Spelling
Many of us struggle with wording things in a way that expresses our feelings, ideas, and intentions. This is different from bad grammar and spelling which is just plain wrong.
These kinds of errors indicate foreign scammers trying to pose as a US-based company. It’s unlikely that a large company vying for your trust in a legitimate market will make simple errors on a grade-school level. Many of these artifacts come from poor translations or misunderstandings of common expressions or words from non-native speakers.
Be careful though, as with the Goog1e example, different font families will hide some of these indicators. A 1, a lower-case l, and an upper-case “I” can sometimes look identical depending on the font.
4Requests for Personal Information
If you receive an email asking for personal information like a PIN, a credit card number, social security number, and so on, it’s a dead giveaway as a scam.
No legitimate source will ask for security questions or passwords, or identifying information like birthdays and PINs through email — especially unencrypted email. Especially not without your initiating the conversation. Rather, they would ask you call in to an official and publicly listed support line or ask you to supply a one-time code during online chats.
5It’s Too Good to be True
If you’ve won a prize for a lottery or drawing you never entered, it’s a guaranteed scam. Usually at the bottom of such emails you’ll see outdated copyright information and other inconsistent information. Anything trying too hard to look “official,” including using the word “official” is a good sign of a false prize
6You Didn’t Initiate Anything
In the same vein as not winning a prize you never entered for, if you receive a one-time code without initiating it, don’t use it. Instead, for whatever service you got the one-time code or password, it’s best to go to the URL for that service or product and reset your password manually.
Whether it’s for security questions for a prize, if you never had a relationship with the organization or you never asked for an OTP, it’s likely a scam.
7Looking for Processing Fees
This kind of scam falls into the “money mule” scam, where you transfer money to a client or supplier. In return you’ll get a job.
You may be told to send money to collect a prize. This is never how it works, and even if you do receive a check, it’s probably a fake or stolen check you are now in trouble for.
If you are using a dating site and someone has sent money to you, never send money back. It’s also almost always a scam that has landed many a potential suitor in hot water.
In Summary — It’s an Email Scam if It Makes You Uncomfortable
In almost any situation that you have to do a double-take or extra time to figure out a normally simple operation, assume it’s an email scam. These are only seven of many more tricks that scammers use to trick you out of money or into performing an action on their behalf.
At Vermont Republic, we’re always on the lookout for new trends like this in business, finance, and even education. We’re here to help you hold onto your lifestyle.
Want to know more? Keep browsing!