If you suspect deceit, hit delete!

Recently, someone in Jakarta changed the details of my Paypal account. Adaline Alexander from Alabama purchased three songs on my iTunes account. And in a moment of madness, I bought an $800 Dell laptop for Loretta Lestrange from New York.

Of course, none of these things actually happened. But someone wanted me to believe that they had, to trick me into giving them my details. According to PayPal, “approximately 90% of all email sent worldwide falls into the spoof, phishing, spam, and general junk category.” So how do you spot a dodgy email?

The anatomy of a phishing email

A scam email annotated with pointers on signs to be aware of: strange logo, generic greeting, poor English, suspicious email address, disguised link.

Suspicious email address

​These emails often seem to come from a genuine organisation, but open the email and you’ll see differently. Forward (never Reply to) the email and, in the forwarded text, you’ll see something like From: [email protected] [mailto: [email protected]]. The address after mailto: is the actual sender of the email and is definitely not, in this case, PayPal. Some scammers are more sneaky. In the case above, the address is customer-service@paypal.email.com. The key is at the end: if there’s any text between the company name and the .com or .co.uk it’s a con.

Generic greeting

​A genuine company has your details so will personalise the email, addressing it with something like “Dear Ann”. The scammers often don’t have this information so will use your email address or a generic term like Valued Customer.

Alarming content

Do they threaten to close your account or cancel your credit card? Or make you think that someone’s made a large purchase in your name? These things are designed to scare you into responding. Don’t! Instead, go directly to the company’s website in your browser; if there really is an issue it should be flagged somewhere obvious.

Click here to …

A genuine company should never ask you to click a link to enter account details or passwords or to download a file to resolve an issue. Nor will they ask to verify an account using personal information (name, date of birth or address) or bank account or credit card information (bank name, card number or PIN). Never click a link in a suspicious email; you just don’t know where it will take you and it could potentially put malware on your machine.

Poor English

​Many scammers aren’t native English speakers so poorly worded or even nonsensical phrases aren’t uncommon. But do be aware that good English is not always an indicator of an authentic email. Often the scammers will adapt a genuine email from the company giving a very plausible result.

For more tips on how to avoid falling for a phishing trap, take a look at the Which? article How to spot an email scam.

Stay safe!






Leave a Reply

Your email address will not be published. Required fields are marked *