I’ve seen hundreds of emails that are trying to take my money, and I’ve had plenty of training on it. I’m not an expert by far. I know someone who is and the little bit I’ve learned from him just blows me away. But what I’m writing here is very basic. I hope it’s helpful.
1. It never ceases to amaze me, but one of the top tipoffs is the misspelling of words (or misuse of grammar) in the title. Today I got an email that said they “cant verified” my payment. They also asked me to “MAke” some changes to my account.
2. In the same way, watch for misspellings or improper grammar in the body of the email. Many of these emails are coming from people for whom English is not their first language.
3. Watch out for a sender’s email address that ends with something other than (or more than) the company name.com. Some are very obvious. You get an email from “Google” with the address icc.ep@lmnop.de and that’s a sure giveaway. But sometimes they get sneaky and give you something like info@payments.google.cn and if you don’t look closely, you might miss it.
4. Any reputable institution will at worst tell you to go to their website and check something. They should never tell you to click a button or follow a link to do it. And you should never click on links or pictures or buttons in an email that you don’t absolutely trust…
5. …even if you know the sender. Your friends can be fooled too. As a matter of fact, they may not even know that they’ve sent the email. I’ve gotten plenty of emails from friends whose accounts had been hijacked because they clicked on a link.
6. If the email has anything to do with a payment – if it requires you to log in to your account to change anything or correct something – treat it with extreme suspicion. Again – never access a site through an email link they send you.
So, what can you do? If you think you’ve got an email that is in any way legitimate, close it and call or write the institution through their preferred method of contact. Do not contact the institution through any means suggested in the email, even if it looks right. Go directly to the institution’s site (I would even open a new browser to do it) for any additional information. Like I said, some are pretty obvious. I’ve gotten plenty of emails from “Paypal” recently. I don’t do business with Paypal, so I know to delete them without much thought. But if I did have a Paypal account, and Paypal wrote me an email about a problem, it wouldn’t be hard at all for me to give Paypal a call.
It’s difficult enough navigating the internet under even the most innocent of circumstances. These guys make it worse by basically carpet-bombing – sending out thousands of these emails hoping to get one or two gullibles to do what they want them to do. Hacking accounts and spamming people is cheap. Get one person to bite and we’re talking thousands of dollars for pennies of investment. The best we can do is not make it easy for them.