Newsletter: November, 2015
12 Good Tips to Protect Yourself from Scams, Malware and Identity Theft by Fake Email
By Richard Patrick of LazrWeb Services | November, 2015
Each and every day numerous hacking, virus, malware and phishing emails arrive in the inbox of unsuspicious people all around the world. Some of these emails are so outrageous bizarre that they are obviously fake, while others can be simply convincing. With that situation, how can you tell the difference between valid messages and a phishing message? Unfortunately, there is not one program available that can filter out those bad emails from the good. However, there are a number of things that you train yourself to look out for. Here are tips that will help you discover and tell the good from the bad.
Mismatched URL(s)/links within the body/test of an email
One of the first things in an email to check are the links within the email itself. Most of the time a link in a phony email message will look real. But, if you move your mouse pointer over/on top of the URL or link, you should see the real linked address at the bottom left in Outlook. If the link or URL address is not the same, the message is most likely fake or malicious. Add them to your spam senders or send to spam folder.
Check on how your email reader (client) handles spam email and how it blacklists them to make sure you're dealing with and blocking those senders properly.
Misleading domain name in the link/URL
Those who do phishing scams count on their victims not knowing how the DNS (domain name service) naming structure for URLS/domains and how they actually work. The very last part of a domain name is the most telling. Here is an example: the domain name info.funnylink.com would be a sub domain of funnylink.com because funnylink.com appears at the end of the full domain name (on the right-hand side). Conversely, funnylink.com.baddomain.com would clearly not have originated from funnylink.com because the reference to funnylink.com is on the left side of the domain name, or the last part of the domain name, just before the .com. the domain in this example would be baddomain.com
I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.funnylink.com. Learn to open and view "options" (MS Outlook) to display the headers which will give greater detail about where and from who the email came from.
The email has poor punctuation, spelling and/or grammar in it
Whenever a branded company sends out a message to its customers or clients on behalf of the company, the message is usually reviewed several times for spelling, grammar, legality, and a host of other things, like; does it really make sense? So if an email message is rife with extremely poor grammar, spelling mistakes, logic or common sense mistakes and even missing spaces between words, you pretty much can be certain that it didn't come from an attorney, bank or credit union, and should be marked as spam.
The message requires a reply with a request to verify personal information
No matter how real an email message may look, along with a recognizable logo and all, it's always a bad signal if the message asks for your personal information. Your bank doesn't need you to send back your account number, and or user name and password. Your bank or the company in question, who you do deal with already knows what that is, and wouldn't ask you for it in any way in an email message. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
They do not address you by name
The email starts off by saying Dear Beloved, or dear client, or some other generic salutation that is not you in name. Right there it's a fake, phishing, malware or worse type of email. Companies you do work with will generally address you by your name, if not your full name. So add that to your stable of things to look out for and mark the offending email as spam and then delete it.
Things in the email are too good to be true
There is an old saying that if something seems too good to be true, it probably is too good to be true. Take notice when this occurs, it's probably a fake, phishing or malicious email.
If you receive an email message from someone unknown to you who is making startling statements and big promises if you send in $129.00 American for something that in reality, is worth a whole hell of a lot more, the message is probably a scam, deal with it as described above.
You didn't fill out an inquiry for their product or service
In other words the email is unsolicited, you didn't inquire about their product or service, and you certainly do not need what they are selling. That is just a distraction. Your thinking about the neat and cheap flashlight, or inexpensive stun gun or some other thing that somewhere in the back of your mind, you actually considered buying one time or another. And it's only $19.95. Not bad, so you follow a bad link in the email and it hooks you up to a server that immediately opens up unused ports on your computer to download more malware to do even more nefarious things. Be very, very careful.
You won the Lottery!!
Have you ever received an email telling you that you won a lottery? Got you excited didn't it. That's what they count on, getting you excited and ignoring common sense. You know you didn't play any lottery, especially a foreign one. Seriously, would a foreign lottery notify you that you won their lottery? No, they would never, just like here in the states, if you don't do your own due diligence to look up/check your numbers then after the required redemption time, your ticket is invalid. That's how they really make money. But seriously, there isn't a lottery in the world that would ever contact you to tell you that you've won the big grand prize. If you ever receive an email telling you that you have won a lottery or contest that you did not enter, you can rest assured that the message is a total scam.
You're asked to send money to cover expenses
One telltale sign of a fake, malicious or phishing email is that you will be asked for money. The approach might not happen in the initial message, but sooner or later the phishing/scam artists will likely ask you for money to cover expenses, taxes, fees, or something similar like that. They will require up front money to cover some kind of attorney or barrister expenses as a prelude to you getting some unbelievable deal or amount of money, like "240MillionUS", or some exurbanite amount like that. If that occurs, it's a scam. Notice the lack of spaces in the dollar amount? Scam!!
The email makes spectacular or knee-jerk startling statements
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam. An example:
You receive an official-looking email that was allegedly from a major US Bank. Everything in the letter seems completely legit except for one thing. The letter said your account had been compromised and that if you don't submit: two photo IDs, your account number, and social security number, that your account would be canceled and you assets seized immediately.
It is not legal for a bank to close your account and seize your assets simply just because you didn't respond to an email message. The links in the email are probably malicious too. Do not click or follow any links in these emails.
The message appears to be from a government agency
Phishing artists don't always pose as your bank. Sometimes you'll receive messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen. These types are meant to scare you into divulging your personal information, like social security number, bank account info, or worse. They sometimes contain links to official looking websites designed into faking you into giving up your personal information that will be used to steal your identity and or drain your accounts.
In the United States, government agencies generally do not use email as an initial point of contact. They use the USPS, the US Postal Service. Law enforcement agencies follow certain protocols. They don't engage in email-based extortion tactics. So these are also fake and should be marked as spam.
Your friend is in a foreign country, got robbed and needs immediate financial help!
This scam actually worked well for quite some time and seems to be making the rounds again: Your good friends are sending you an authentic looking email, explaining that they are in a foreign country and got robbed, or some other terrible situation where they lost everything, and need "money" to help them out. They have no money, passport, etc... again, startling statements. Stop right there.
Call your friend up on the phone. Oh, they are home and have no plans to travel, anywhere. If you would have responded to the email you could have gotten caught up in the scam, got malware installed onto your PC or worse - all of the above, because you wired money to someone in a foreign country and it isn't your friend at all, never is.
Something just doesn't look right
If something appears wrong or looks off and just doesn't look right - there is probably a very good reason why. It can be a generic salutation, like "Hey", "Dear customer", or even another name altogether, that a good first tip off to a fake email.
If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on or opening up or following any links in these emails.
© 2015 LazrWeb Services
© 2010 - 2014 LazrWeb all rights reserved