Spam emails are rife at this time of year, so you need to be on high alert to avoid being a victim of such cyber crimes. Like Brussels sprouts, spam emails can look very appealing and innocent, so we understand why many people are tricked by them each year. However, when you do know what to look out for, you can spot the signs of email forgery much more easily. Below are some of our top tips to stay data safe this Christmas.
If for example, an email was supposedly sent from cariadmarketing.com, but the ‘from’ address was something like firstname.lastname@example.org, you may on first glance believe this to be a genuine correspondence even though it clearly isn’t the same domain name and it even ends with .co.uk. This can be a good indication of whether an email is spam but is by no means a way to determine if an email is from a trusted source. Spammers can mask the email address with a method called spoofing, so you may think it’s genuine when it isn’t. How irritating!
It’s ridiculously easy to impersonate a company’s name in a spam email, as it requires absolutely no proof of ownership whatsoever. Anyone can pretend to be someone else by the ‘from’ name, so don’t believe that the director of some obscure lottery fund has just decided to give you $86,000 based on the name alone, or any form of proof for that matter! And don’t be fooled by follow up phone calls either…
By this, I mean the salutation of the email. If you have received an email greeting you with “Dear valued customer” or “Howdy partner”, it’s probably because this sender has absolutely no idea who you are and is trying their luck. Emails from a trusted source will likely have your information on record and will know who you are. Be warned though Jim, this information isn’t hard to find either, so don’t take this as a way of proving authenticity.
Never click on links from emails asking you to validate, login, enter your details, send money or anything else that requires you to provide personal information. Most trusted companies will ask you to go to their website yourself in order to do something that involves your personal data. It’s therefore best practice to navigate to the official websites from Google and find the page that you’re being directed to.
Always hover your cursor over links before clicking them to reveal the URL. The URL of the link will be displayed in the bottom left corner of your screen (on desktop) so you can see if it belongs to the official website before clicking it. On mobile you should be able to hold down on the link to preview it. Be careful though, hackers are very sneaky and usually make the URL look very similar to the real one. So you have to use these detective skills before clicking anything. As said above though, you’re better off just googling the real website and finding the relevant page that way to be safe.
Spammers will often try to rush you into taking action based on the fear of something bad happening if you don’t do what they’re asking. This scare tactic is disguised in hundreds of different ways and will make you second guess yourself multiple times throughout the email. If you ever feel uncomfortable or scared by such an email it’s most likely spam. Of course, if you know you’ve been stealing the work toilet roll for the last two months and you receive a stern email from your manager with photographic evidence of you walking out the office looking like the Michelin man, it’s likely this is a real email.
Don’t trust attachments from anyone unless you’re expecting to receive them. If you’re unsure, give the person a call to confirm that they did in fact send it to you. You might look slightly paranoid, but at least you are showing that you’re serious about data security. If you get an email from your boss asking you to pay an invoice and you have had no verbal communication with him or her, or any idea what it’s for, it could well be a spam email. Attachments could be loaded with harmful computer viruses too, so always have anti-virus software on your machine and opt for an email provider like Gmail which has a built in attachment scanner. Don’t leave it to Russian roulette.
Spelling mistakes and typos can sometimes be a dead giveaway that the email is not genuine. Trustworthy emails are usually proof read multiple times by professionals, so it’s rare they will include such mistakes. If English isn’t the spammer’s first language, they can sometimes make grammatical errors you can spot a mile off. So always read emails carefully to ensure they that actual do making sense (see what I did there?).
If the company logo or other imagery is blurry or pixelated, it could be a sign that spammers just found the best ones they could get their hands on. Reputable companies will ensure that logos and images display crisp and clear, so don’t overlook the finer details. In addition, if the company branding doesn’t look quite right and the formatting is off, it could be another good indication that the email isn’t genuine. These warning signs can be more difficult to spot to the untrained eye, but they can be a strong red flag if you notice them instantly.
Ever get those emails that give you the amazing news that you’ve just inherited a shed load of money from your long-lost uncle in Timbuktu? Surprisingly people still actually fall for these scams. If you are one of those people, unfortunately you’ve obviously been at the Christmas Bailey’s already and no longer saveable by the tips in this article. I hope not though, for your sake.
For more information on how to spot scams and phishing emails, please see the government website.
You can also report them to Action Fraud.