TECH SUPPORT: Phishy emails, and how you can stay safer online

By Ken Richman - Teddington Web 30th Apr 2024

TECH SUPPORT is a column written by Ken Richman of Teddington Web to help you get your business online and to make a success of it once you are up and running.

Ever been caught out by a dodgy email? Or text? Don't feel stupid if you've been duped – I think everyone must have been at least once. 

We're all bombarded with so many emails and texts each day that we really have to keep our wits about us to avoid falling into some of the very sophisticated traps set by scam artists.

What do they want to achieve? Usually, they want us to click on a button or a link within the email. 

If we do so, we could be taken to a fake website that looks legit. When we enter our details into the fake site, we're giving the details straight to the scammer who will scurry off to the real site and do things we definitely won't appreciate, while posing as us. 

Clicking some of their links could also cause our device to become infected with malware (hackers could take it over). 

Sometimes, there will be an attachment as well as a dodgy link. Do not open the attachment! 

It could be software that will install itself on our device, steal all our passwords, or basically do anything the scammer wants.

Spotting a scam

The scammers' nefarious tactics change all the time and I can't guarantee that the following pointers will make you immune to all of their tricks – but it's a start.

Firstly, here are nine indicators that should set alarm bells ringing:

1. An email has been red flagged as suspicious by your email provider

Unless you have very good reason to think otherwise, trust your email provider's advice. They've seen it all before and are probably right. Pay attention!

Alerts like these can help you spot a scammer's email early

2. It's something to do with money

Anything to do with money should make those alarm bells ring-a-ding! Especially if it comes out of the blue. 

A friend or relative in need, a bank asking you to confirm some details, a prize you didn't know you'd won, a payment required for a postal delivery… anything money-related, big or small. Stop and check.

3. It isn't from who it says it's from

The sender's name in an email is easily spoofed. You cannot trust it at all. 

But every email is sent from a domain, and that isn't so easy to fake – but they will have a go. 

Check the sender's actual email address. The part after the @ symbol contains the domain. Check very carefully. 

Here are some genuine email addresses and some fake ones. Which ones could genuinely belong to Tide the bank? (Hint: their website is www.tide.co.)

  1. [email protected]
  2. [email protected]
  3. [email protected]
  4. [email protected]
  5. [email protected]

Here are the answers:

  • [email protected] – No worries, it's a good 'un.
  • [email protected] – it's a wrong 'un! There's a figure 1 where there should be an 'i'. 
  • [email protected] – Nope! A bank would never send emails via a free gmail account.
  • [email protected] – Nope! An attempt to fool you with some nonsense about security. The domain (the bit after the @ symbol) has nothing to do with the bank's domain tide.co.
  • [email protected] – Again, no. Even though there is tide in there, for it to have come from the bank, the part on the right-hand end must match tide.co

4. The message is desperately urgent

'You have to act straight away' – don't. Nothing is that urgent that can't wait a moment to carry out some checks. 

Scammers try to panic you into acting quickly, before you've had a chance to discuss it with anyone, or spot the flaw in their arguments.

5. It's too good to be true

We all know about those fake lottery ticket notifications. Pretty easy to spot. But how about this example that happened to me recently?

I advertised a fridge on Facebook Marketplace. The scammer replied via Facebook Messenger, asking if it was still available. 

I replied yes. They replied it's perfect, just what they needed, and they are totally happy with the price. 

Ding ding! Even though the price I was asking was reasonable, it is rare to have such an enthusiastic buyer who doesn't haggle on these sites.

They'd organise a courier to collect. I did a bit of research and realised this is the start of a scam where I'd be asked to pay the courier, possibly I'd be asked to make a small payment – and of course I'd have to visit a link and enter my bank details, or some variation of this. 

Delete delete delete.

6. Bad grammar

Now not everyone's writing is perfect, but scammers really should take grammar lessons because they let themselves down really badly. 

Bad grammar in an email purporting to be from a well-known company is still fairly rare, thankfully, so if you spot poor grammar or misspellings, take extra care.

Grammar mistakes are often deliberate, as it can help scammers save time by screening out more alert users. Some may also do it to appear more human or relatable, while others might be trying to avoid spam detection

7. Suspicious links

Lots of genuine emails have links embedded in them. 

For example, a theatre may include a link taking you directly to their ticketing platform. If you hover your mouse over the link or button, you should find that your browser will display the actual link. 

If the domain of the link has nothing to do with the company who sent you the email, beware. Scammy links often don't match the domain, or don't make sense – perhaps the link is for a totally unexpected country, like Russia or Japan. 

However, don't panic if there is weird-looking stuff on the end of the link following a '?' character. This may simply be tracking code that websites use to monitor where their visitors are coming from. 

Take this example: http://example.com/webpage-title/?utm_source=google 

Anyway, do at least check where the link is going to send you before you go there – if in doubt, don't.

8. It's vague

Scammers, unless they have chosen to target you directly, don't know much about you at all, because they are sending the same email to thousands of people. 

To get around this, they use generic, imprecise language, like 'the loan you applied for has been accepted…'

Another dead giveaway is guessing your name from your email address, hoping to get lucky as they don't know your full name. 'Hello djennings, how are you?' should ring alarm bells.

9. It's accurate!

 Despite what I just said, sometimes they will have you absolutely bang on. 

Imagine, the day before, you were talking to your bank about a loan and today an email arrives saying you've been accepted: 'just click on the link'. It seems it must be genuine! 

Well, that or the scam artists are simply relying on coincidence. They may send out 50,000 emails a day and are bound to get lucky with some of them. 

So, even if it's an email that seems to make sense, it could still be a scam. Check, check, and check again.

Reporting a scam

If you spot a scam email, text or phone call, you can help others by reporting it.

  • Emails: If you have received an email which you're not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): [email protected]
  • Texts: Report a suspicious text message for free by forwarding it to 7726.
  • Calls: Tell Action Fraud about a suspicious phone call by calling 0300 123 2040.

Lots more information on this bane of our lives can be found here.

Well, I was going to discuss security measures for your website this week, but due to space, that will have to wait until the next article. 

Meanwhile, happy scam spotting, and do head over to Teddington Web if you have any other web-related needs.

     

New teddington Jobs Section Launched!!
Vacancies updated hourly!!
Click here: teddington jobs

Share:


Sign-Up for our FREE Newsletter

We want to provide teddington with more and more clickbait-free local news.
To do that, we need a loyal newsletter following.
Help us survive and sign up to our FREE weekly newsletter.

Already subscribed? Thank you. Just press X or click here.
We won't pass your details on to anyone else.
By clicking the Subscribe button you agree to our Privacy Policy.