How can I tell the difference between a fake e-mail scam and a legit e-mail from the companies that I do business with?
This question was answered on April 21, 2011. Much of the information contained herein may have changed since posting.
The recent security breach at one of the world’s largest e-mail marketing companies (Epsilon) means that we are all likely to start seeing very sophisticated e-mail scams referred to as ‘spear phishing’ appear in our Inboxes.
Phishing in general is an attempt to fool you into giving up sensitive information and most phishing messages are very generic in nature.
For instance, a general phishing scam would generally start with ‘Dear Valued Customer’ or ‘Dear XXXX User’ and appear to be from a company that you may or may not do business with.
This is referred to as phishing because the scammers cast a wide net to see if they can hook a small number of recipients.
Spear phishing means that the message is more personal and with a company that the scammers know that you do business with.
If you get a bank warning message from a bank you don’t do business with (general phishing), you are immediately suspicious of the scam; if you get a personally addressed message from a bank that you do or have done business with, you are much more likely to let your guard down and fall for the scam.
It’s nearly impossible to give you a black and white description of what will always identify these crafty scam messages, so the first rule for any warning message or request for updated info is to never click on any of the links that are posted in the message.
If the warning or request is legit, it will appear on your screen when you manually log into your account, so always open a web browser and type the address of the entity in yourself
After you log into your account, check to see if the same information is posted in the alerts, updates or messaging section of the site.
There are some real simple tip-offs of a ‘smelly phishing scam’ that you should always look for, nonetheless.
The first is poor spelling or bad grammar as many phishing scams originate in foreign countries They used to be very obvious in the past, but subtle irregularities (in grammar especially) are a sure tip-off as major corporations have the resources to review these messages for grammar and spelling errors before sending them.
(Here’s an example from a recent Bank of America scam message: “The entire activation should take only 5 minutes of your time Please complete the activation by now.”)
Another really big tip-off is when the posted link is different than the actual site that you will be taken to when you click on the link You can sniff these mismatched links out by simply hovering your mouse over the link (DO NOT CLICK ON IT) and checking the status bar (usually at the bottom left corner of the message in programs such as Outlook or any major browser such Internet Explorer or FIrefox).
Some mail programs may even pop-up a text window right next to your mouse cursor to show the true destination of the link.
One last word of advice: don’t forget to be on your toes with your smartphone For some reason, many folks don’t approach using their smartphones the same way they do their computers and fall victim to phishing scams more readily on their mobile devices (and the bad guys know this!)
About the author
Ken Colburn of Data Doctors on April 21, 2011