Some Simple ways to spot a scam email
Scammers are getting smarter, they go to great lengths to try to trick you into clicking their emails by appearing to legitimate. Having worked as a web developer for many years, I have watched these emails grow in sophistication. A few years ago it was quite easy to spot fake emails, but as the scammers have become more “expert” in hiding their scams even the most astute expert can fall prey to these emails, usually when our minds are on other tasks and we click through thinking the email is real when in fact it is not.
In this article I am going to teach you how to spot a scam using this email that came into my inbox
At first glance this email looks legitimate. It has the right logos, and at the bottom of the page it looks like the right physical address, and uses the right colours for an email from this organisation. The creator has gone to great lengths to make the email look official, and if you were skim reading they could easily catch you out, which is exactly their tactic — catch the reader when they are busy and not looking closely, however when you dig deeper it becomes very apparent that this is not legitimate email.
Starting from the top of the page, the very first place to check for scam emails is the FROM: field. There are three very quick things you do to validate that the sender is who they say they are.
- Check that it is not from yourself — if this email was from a legitimate email it would be from the organisation that is sending it.
- Check that the FROM line makes sense, I have included some of the more obvious examples below:
Firstly “Your receipt from Apple Subscription” — the wording is not what you would expect from an Apple Subscription, for example my iCloud receipt is headed “Your Subscription receipt from Apple.” Correct use of English is an easy way to spot scams.
Secondly make sure that the email address matches the organisation that is sending the email. Look at the information after the @ sign. In this case it is reading as app.co.nz whereas if the email really was from apple then the sender address would be @apple.com.
Thirdly check by hovering your mouse over the email address if it just has words for the sender name (thankfully newer versions of email software now display both the name and email address in the FROM line). Many scammers use words only in the sender from address as a way to disguise who it is really from. If you hover your mouse over the sender email address it will reveal the “Actual Sender Email Address”, if it does not match then it is a scam
This example is very easy to spot as being a scam. As well as having a non anz.co.nz email address, it says my ANZ account is on hold, and I do not have an ANZ account.
Often many scam emails can be eliminated from just checking out the senders credentials. If the sender checks out there are still some very basic checks that you can do to make sure the email is legitimate.
In the body of this email there are several items that ring alarm bells. While this receipt on first glance looks valid, the alarm bells are:
- I did not recently make any purchase for $34.99
- I would never subscribe to Fishing News — I am not an avid fisherman
- It says this was purchased from “Boots iPhone” — again something I do not recognise.
You can validate this is a scam by doing nothing and checking your credit card transactions in a couple of days. Alternatively you can check the links in the body of the email by hovering your mouse over them.
In this instance the Manage/Cancel link does not go to apple.com, when I hove my mouse over the link it is very obvious that the email did not come from apple.com
Usually in instances like this it is a good idea to forward the email to the organisation that is being mis-represented so that they can make other users aware of the scam. If you google “suspicious email businessname” you will find that they have an email address specifically for receiving information about scam emails. Apples is reportphishing@apple.com.
Next step is delete the email
The final way to ensure you keep yourself safe online is to never visit official sites from a link in an email. For example if you have an email from your bank, do not click the links in the email — go to your browser and type their address in directly — do not copy and paste, if you type the address you can ensure you are going to their real site.
I hope you have found these tips useful. Stay safe out there. My general rule of thumb with scam emails is trust your intuition. If your gut tells you there is something not quiet right with the email, usually you are correct. Delete it!