Scammers / Spammers etc send out thousands of fake emails per day pretending to be legitimate companies with the hope that just one person will:
…phishing scams, Microsoft say are costing the world as much as $5bn a year. 1
“Millions of dollars are stolen on a daily basis, with absolutely no thought given to victims, who are losing vast amounts of money, homes, relatives, jobs and worse. Contrary to popular belief, it is not just ‘greedy and stupid people’ that fall for these scams.”2
No, phishing attacks come via social media messages, text messages, Whatsapp, Tweets, phone calls, voicemail, letters in the post and even door to door scammers.
Hover your mouse over a link (DO NOT CLICK IT) and you will often see a strange link format, e.g. this one from ‘BT’ today went to ‘https://gtsmashcomau-my.sharepoint.com/personal/chamma_gtsmash_com_au/_layouts/15/guestaccess.asp’ which obviously isn’t going to send you anywhere legitimate.
If you’re worried about a possible charge then don’t click the link but go to your web browser and visit the website in question (e.g. bt.com) and login to the account to check or give them a call (using their publicly found phone number not one from the email).
If you use email a lot then practice right-click copying all links and pasting them into your browser, this forces you to check links before going to them and is a great last line of defence!
This is fairly easy to forge / fake so don’t rely on this but for lazy scammers forgetting to spoof the ‘from’ address is a common mistake they make and easy to spot!
Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone3.
Always be skeptical – it sounds obvious but with the threat of legal action against you (a common trick) or outstanding bills for hundreds of pounds we can all quickly forget we don’t even have an account with the brands these scammers are pretending to be!
Yes, it’s a pain but it might help stop them, if you get an email you believe is fake find the phishing email address for the legitimate company the scammers are pretending to be by searching for ‘business name phishing’ and then forward the email on to them. Then report as spam in your inbox (the more people that do this the quicker spam gets blocked) and then delete from your inbox.
This allows you to quickly block an email address if you’re getting spammed from it – Learn about Alias Emails on our article
Also, ensure your main email password is using a unique password that doesn’t match any other service!
Emails from most companies will be correctly formatted, spelt and addressed directly to you and not ‘Dear Sir/Madam or Valued Customer’.
In the past, many banks have denied compensation/refunds if it has been as simple as you sending money to someone online via bank transfer.
Think twice before sending any money to anyone! Pay with a credit card for further protection.
If an email just so happens to coincide with something else happening in your life right now (e.g. home extension work you’ve recently been quoted for or your new car purchase etc) and it’s asking you to pay with bank information within the email always ensure these account details are correct by speaking with the original company/person directly! Be sure to find their phone number online via another device (e.g. your phones web browser connected on 3G not Wifi) or from previous phone records. Because, if a scammer has gone to the trouble to set up a fake email, bank details etc they can easily set up fake phone numbers or create malware that fakes your search results to show the wrong number!
A common trick is to make people think they’re about to have their ‘account suspended’, they’ve had an ‘unauthorised account access’, have ‘legal action starting’ against them or a ‘payment overdue’, all of these add a level of urgency which confuses your brain into clicking the links. Just take a second to think about it before you do anything!
Outstanding bill, please find attached invoice.pdf…. ring any bells? Often those .pdf files are actually ZIP folders containing all sorts of malware/viruses etc. Never open an attachment unless you’re expecting it!