Despite taking steps to prevent phishing emails from getting through to you, you will most likely end up receiving at least a few. It is therefore very important that you know how to distinguish these emails from legitimate messages.
The first question to ask yourself is whether you initiated contact with the company or person who emailed you. Even if you’ve heard of or done business with the sender or the entity they claim to represent in the past, if you didn’t contact them first about the specific issue dealt with in the email, it may be a scam. As a member of a couple of work-at-home mom forums, your Crime Editor has received emails purporting to offer job opportunities. The most recent one I received, advertising a secret shopper “job,” contained the name of a well-known mystery shopper organization, which I had never contacted for any reason. The organization’s website made mention of phishing emails being sent out in their name.
Next, check the sender. Viewing the header of your email will often reveal an originating address that clearly has nothing to do with the company or person from which the email supposedly comes. The reply address may also be different from the originating address, but still have nothing to do with the actual company. My email listed the mystery shopper organization as the sender, but had originating and reply addresses that had nothing to do with the organization at all. In fact, the organization is worldwide, and the reply address was in the Czech Republic-sort of odd that an American would reply to that country rather than a North American email domain, isn’t it?
Improper or missing salutation is another tip that your email may not be legitimate. My email had no greeting at all. Other scam emails may open with “Dear *name of company* user.” This is a popular salutation for PayPal phishing emails. PayPal states on their website that any correspondence that originates from them will use your full name in the greeting, never “PayPal user/customer/accountholder/etc.”
Many scam emails contain horrendous grammar. The secret shopper email I received contained this sentence: “You can make $200 everyday , depends on how fast you able to take up your work.” As you can see, fellow crime buffs, this sentence is not quite up to snuff.
Clickable links are also commonly found in phishing emails. Never click on these! They will not take you to the site they appear to, but instead to a usually very well done duplicate site designed to record your login information. The phisher then uses the information to access your account with the actual website.
Finally, don’t fall for the outlandish promises. No one in Nigeria is going to give you $50 million USD because they are your long-lost relative. Even if I didn’t have one of the most common surnames in America, it still wouldn’t be true. The foreign royal in exile (or his widow) doesn’t need you to get his money out of his war-torn home country, either. And if you didn’t buy a lottery ticket, you didn’t win the lottery, especially one from outside your home country.
So you’ve identified that email as a phishing attempt-now what do you do with it? Click the links below for parts one and three of this series!