How to spot a phishing or hoax emails
Is that email offer really giving away all that cash? Has your friend really lost her suitcase and all her money and needs more cash? Hoax emails abound and sadly, it’s because many of us are the unsuspecting, all too willing to believe in freebies, prizes, and distress calls. Being able to spot the false email is an important part of being a good citizen and not falling prey to the online criminals who are all too willing to fleece you of your hard earned gains.
Email hoaxes are often termed “phishing”. This term refers to the instances where the scammer sends out a mass email to every address he or she has managed to glean by whatever method. The hope is that at least a few people will be gullible enough within that mass emailing to respond––and send cash or personal details.
Know what phishing scammers are after.
In a nutshell, they want cash or identifying information that can give them access to sources of cash. They hope that they can trick people into revealing sensitive personal information such as passwords to accounts, banking information, Social Security numbers, mother’s maiden name, date of birth, among others. Phishing scams are targeted to gather personal information in order to hijack your assets or steal your identity to open credit accounts in your name.
- Social media is another form of scamming. Fake Facebook, Twitter, etc. accounts can be used to present a front that seems genuine, only to disappear when the fraud has been committed, no traces left.
Spotting the hoax
Develop a set of red flags that tell you to be wary. Some basics that should set off your suspicions include:
- Bad spelling and/or poor grammar in an email claiming to represent a company, royalty, a prize agency, whatever.
- Unsolicited commercial or personal request email. Do you even know of this company or person? If the name seems unfamiliar and you don’t recall ever signing up to the company or sharing details with this individual, be suspicious upon receipt of such an email.
- Asking for money. Always start from the grounds that a request for money is to be treated with suspicion until proven otherwise. Perhaps your daughter is vacationing in the land of Grail and it’s not unknown for her to ask for more funds to fly home. But if you suddenly get an email from her claiming she has lost everything and needs thousands of dollars to bribe local officials, be wary; mass emails claiming such distress are not uncommon, using hacked email accounts.
- The email is full of promises to reward you. Promises of this type are rather personal; you should be very wary of such emails.
- The email is from somewhere you don’t live, like Nigeria or Singapore and you either know nobody there or it’s not the email of anyone you do know there. Put up your red flag.
Check the facts – every time.
The reason emails warning of silly urban legends spread so quickly is because people receive them from their trusted friends, and never imagine these smart, clever people could be fooled.
- Bear in mind that a friend’s or colleague’s email can be hacked and that the sender isn’t your friend or colleague but the hacker who wants something for nothing.
- In turn, don’t forward such emails yourself. Scams, threats, chain letter emails, etc., are illegal in many countries and not only is it bad netiquette to forward such rubbish, it could also put you on the wrong side of the law.
Set your mind at ease when it comes to a personal friend or family member seemingly in trouble.
If someone tells you that they’re a friend in trouble, offer to pay their costs direct. For example, if the “friend” tells you he has been mugged and has had his wallet stolen and needs funds to pay for the hotel, offer to ring the hotel direct and sort it out on their behalf. If the reply is “no, no, please make a wire transfer”, be very suspicious that this isn’t your friend but a fraudster on the other end.
- Be wary of any email request asking for wire transfers of money! If you are going to wire money anywhere in the world, deal with people face-to-face in reputable companies, such as when sending money from an auction house to another one, or sending money to a family friend who has already confirmed the details with you in person or over the phone. If you want to send money to a charity in this way, talk to someone in the charity’s head office (either in person or using a Yellow Pages phone link) and sort it out officially; you may even like to involve a financial or legal representative to ensure it is legitimate.
If you find the email is a hoax and comes from someone you know personally, immediately reply to the original sender to let him or her know.
Select ‘Reply all’ if appropriate, or suggest that the sender send an email to this effect. Remember to include a link to the site debunking the email!
When Not to Reply (Most Times)
If you receive an email requesting money or personal information in return for great riches, do not respond!
Responding to emails like this – or any type of spam – merely confirms your email account as an active one and can result in you getting a whole lot more spam. Forwarding an email like this to an anti-phishing website, like the ones listed below, can help stop or slow its progress.
If you receive an e-mail that appears to be from a company or website you do business with that asks you to input any personal information, such as your username, password or bank account details, do not respond to it or click on any links.
If you are concerned that there may be an actual problem with your account, navigate to the website yourself and log in.
- Do not copy and paste text or links from the email to your web browser. What you might be able to do if the link is live and you’re in an online email program, is hover your mouse over the link, without clicking and check the browser for confirmation of where that link will take you; if it’s not legitimate, you’ll soon see an odd address. This is simply more confirmation of your suspicions.
- Banks do not send emails asking for you to input personal information from an email link. They’re wise to the scams, so don’t fall for any such emails. Visit or call the bank if you’re worried and get reassurance from a teller or customer service officer (and use the Yellow Pages telephone number, not any number provided in an email).
Remember that speed is your enemy.
It is better to be slow in responding than to be fast in replying and lose it all. When your suspicions are raised, take time away from the email to talk to a trusted person, check online websites for information about scams or even call the police for information.
Hoax-Proofing Yourself and Your Family
Do your best to react with care and wisely.
Help your family to also spot the signs of hoax emails. And let friends know if you suspect they have been hacked or have unwittingly forwarded on spam or hoax emails; that way, you all learn together.
Learn to identify spam.
- Both you and family members can shield yourself a lot more by asking the following questions of every email you receive:
- Has this person ever sent me spam before? Is there a sudden barrage of nonsensical spam emails from this person (an indicator that their email is hacked)?
- If the email tells you to open an attachment, you should not do this. This is especially so if the attachment name ends in .pif or .scr.
- If the email is from a ‘free’ email account (hotmail.com, yahoo.com, etc.), and you don’t know the sender, treat it with great suspicion.
- If there is a link in the email, hover your cursor over it (but do not click it!). This often reveals that the real location the link will take you is a (phishing) website you have never even heard of.
- Is the email mentioning recent natural disaster or similar headline events? Scammers watch headlines carefully to monitor for anything causes people distress; it is a way of setting up fake charities to ask for funds that only ever help the criminals involved. This includes links to fake websites and PayPal accounts (again, don’t ever click).
- If you do click the link to go to, say, an online banking website, check to see if the address says ‘https’ or ‘http’. Almost all banking websites will use ‘https’. If you are still not sure, go to the actual website by opening a new tab and typing its name into your search engine. Compare the 2 addresses.
- If you get an email from a friend who lives close by, or who you can contact by phone, ask them if they sent you that email. Even the best phishers haven’t found a way to direct calls to them and perfectly imitate your friend’s voice!
- Think back and ask yourself: Did I physically enter my name into this sweepstakes? Even if you think you “might” have, why aren’t they phoning you? Call the company direct, using the Yellow Pages phone directory, not the email contact details.
- Is there an offer of free money in exchange for personal information? Money doesn’t simply appear from nowhere. Be very reticent to part with personal information or to see free money being dangled before you.
- Trust your gut instinct. If it feels weird, don’t reply. Sleeping on it is a wise response––in most cases it’ll go away because you’ll be one of the many who did not take the bait.
- Use your browser’s anti-phishing facilities (Firefox and IE both have them). That way, even if you do follow a link in a phishing email, the browser will warn you if the site is fraudulent.
- Some scammers use graphics and e-mail addresses to make you believe their e-mail is from a legitimate site. Again, always navigate to the site in question on your own (namely, do not click on their live link, instead use a search engine to find the site––even then, see the next tip).
- Check both the ‘To’ and the ‘From’ lines. If they both have the same address/person/name in them, it is a phishing email/scam.
- Is there a threat of immediate detrimental action if I don’t respond with personal information? Threats by email are illegitimate, do not deserve your attention but may need to be drawn to the attention of police or anti-scam officials. Remember, you have done nothing wrong––the scammer is the one doing that.
- You are not a bad person because you didn’t follow that charity link to help the devastated. You are a proactive person protecting your interests so that you can provide charitable help through trustworthy channels that actually do exist. Do not let guilt techniques get the better of you.
- If you feel threatened, do not stew in worry. Contact the police, anti-scam authorities or, if you’re a minor, tell your parents or school authorities. They will determine whether or not it’s an overreaction but it’s much better to be reassured than left frightened.
- If you’re tired, don’t check or read emails. Not only will your mental reflexes be less than optimal, you’re more likely to fall for sob stories and great deals when you’re sleepy. Since you’re also unlikely to be able to answer any work or personal emails sensibly, getting some decent rest is a better response than allowing yourself to fall for a scam!
- Getting fooled by an email warning of some new crime or promising free money can be more than embarrassing––it can also be dangerous if you get involved in something underhanded or your identity is stolen.
- Genuine charities, fundraisers and the like never ask for bank account details or wire transfers. They’ll have their own legitimate websites with secured “https” in the URL line. Use a search engine to get to such sites, or drop in or call the charity to get the web address.
- Some e-mails are scareware. They announce requirements to appear in court or attempts at debt collection pending legal action by the collector or a solicitor. Does the message address you by full name or first name only instead of Mr. (last name here). Does the message seem to address no one by name, as though it were a form letter? Does the alleged collection agency give a phone number that they can be reached at or only a link to which you are directed to give a credit card number or other personal info. Is the court located somewhere that you know you haven’t visited ever or anytime recently? Subpoenas or orders to appear in court always come by snail mail. Debt collection attempts will always be from the company that you knowingly did business with. If a collection agency or solicitor is involved, you are always contacted by phone, never e-mail.