Chesa Keane, an Associate member of Global Travelers, is a long-time consultant in many aspects of IT. As members of a virtual Rotary club, we are all, by definition, on-line to various degrees. Chesa continues her excellent series on escaping internet scams, this time with advice on identifying fake messages.
One of the most common ways for a scammer to find you and bring you in on their scam is through email. Today I found out that I bought a new iPhone for $1,293.26 billed through PayPal. Great. Now if I had been looking at iPhones recently, I might have been tricked because I do have a PayPal account. But I don’t use it for purchases. And I did not buy a new iPhone. I recognize the phishing attempt for what it is. But normally what happens is that even though we know this, when we see our name on an invoice for something we know we didn’t purchase, the most common response is, I need to fix this. Now!
Here are some interesting statistics:
- Phishing emails are the #1 most common cybercrime in 2022.
- There were 25% more reported phishing attempts in 2022 than in 2020.
- Forty-one percent of all fraud attempts were made through text or email in 2022.
Pretty discouraging, right? Why the increase? Probably because the scammers are becoming increasingly sophisticated as the language is more convincing and the offers are more realistic. So, let’s pay attention. Set aside your emotional response and think before you act. I want to focus more closely on this scam tactic.
How to identify a phishing email or text
Generic Greetings
Instead of Dear Chesa, it might say Dear User or Hello, PayPal Member. These are suspicious and bells should start going off. PayPal for example, will always use your full name as listed in your PayPal account. If you have been reduced to User, it’s not real; it’s not PayPal.
Attachments
The biggest issue with attachments is that they definitely will contain malware if sent by a scammer. In fact, your habit should be to question – and NOT open – any attachment from someone you do not know. Legitimate businesses may send you an email with an attachment, but if you are not expecting something from a specific company, do not open it. Generally, they will advise you to go to their website, login and look for the message. Do not automatically click on the link either if you are unsure of the legitimacy of the sender.
Urgency stirs emotions
In sales, one of the standard techniques is to indicate that if you don’t do respond now, you will miss out on the offer. It’s an emotional way to get the person being sold the product to overcome their hesitation. It works very well in a phishing email. Use this approach: if the deal is real and the offer is legitimate, it doesn’t have to happen immediately. But the phisher is giving you a clear signal.
Requesting personal and sensitive information
No legitimate business would be asking for your social security number, birthdate, bank account information, etc. It just isn’t done. When you see these requests, DELETE the email and move on.
Poorly written message
If the email/text is filled with grammar errors, typos or uncommon phrasing, it was probably written by a non-native English speaker. This is another in-your-face clue to watch for.
Fake links
If you have managed to stir up some suspicion and doubt, don’t let that fake URL link fool you. If the business name being used is familiar to you and you want to check whether this email is real or not, go directly to your browser and enter in the main/home page URL of the business and check out your account directly. In other words, do NOT click on any email link if you are even mildly suspicious. Just because you read https://bankofamerican.com doesn’t mean that the underlying URL will go to Bank of America. No legitimate business, especially a business in the financial arena, will ever offer a URL to click on.
Fake phone number
Phone numbers – even if you can find that number under the CONTACT US link at the business website – can be re-routed to the scammers back room and they will play the part once you call them. Call the number you find online directly before they call you. Once they call you, they can deliberately send you where they want.
Phishing catches even the most astute online person. If you find out immediately after you click on the link, answer their call or call their number, or download the attachment, you need to contact your bank used in this fake transaction and report it to the company that a phishing email went disguised as their business. For example, if the scammer used PayPal, you could report it [email protected]. Most legitimate corporations offer the same route for reporting.
I hope this level of detail on phishing keeps you safe. Always be cautious. It is up to you to pay attention.
Looking for more? Read Chesa’s informative articles about Internet scams
- Introducing our Escaping Scams Series
- Escaping Scams #2 — Email is not always your friend
- Escaping Scams #3 — Tech Support Scam
- Escaping Scams #4 — Credit Card Reader Scams
- Escaping Scams #5 — Why We Get Scammed
- Escaping Scams #6 — If It Seems Too Good To Be True
- Escaping Scams #7 – Spoofing
- Escaping Scams #8 — The Heart Can Lie (Catfishing)
- Escaping Scams #9 – When Your Identity Is Actually Stolen
- Understanding the Internet #1 — Browser Hygiene
- Understanding the Internet #2 — What’s a VPN?
