I’ve long ago had my email addresses pulled into every spammer, scammer and dot-con mailing list.  My addresses are old as I long ago registered my own domain so I could have whatever name I wanted and wouldn’t have to change my address ever again. Also, I’ve worked at a well-known internet company, so my employee accounts were targeted by determined social hackers.

When I’ve heard of people having their accounts hacked, it always seemed like it was someone new to the internet or new to being a specific target of hacking or scamming.  So at a certain point I used to give quick little orientation speeches to people when they joined my part of the company.  I was lucky when I joined, my office neighbor was very much helpful in answering my questions about strange message and emails. So, I passed it on.

So here I’ll start my series on how to spot fake emails.  I’ll probably start a different series on quick and easy ways to manage email in general, but that is a different topic.   This topic is about the unknown email that you’ve just opened.

  • Clue 1:  They don’t know your actual name.
  • Clue 2: They don’t seem to be very good at typing your language.
  • Clue 3: You’ve never dealt with their (claimed) company.
  • Clue 4: The From: address doesn’t show the (claimed) company URL
  • Clue 5: The “convenient link” doesn’t lead to the (claimed) company URL
Clue 1:  They don’t know your actual name.

This is just one of the biggest red flags to me.  Whenever you start an account with a bank, cable company, electric company, loan company, mail-order internet sales company, or the simplest free blog online,  you tell them your name.  They now know your name.  The simplest of programs can put that name at the beginning of an email that is address directly to you. (Maybe not in generic sales messages.)  My bank does it when they notify me of a problem (not too often thankfully), Paypal does it, AOL does it,   Amazon.com does it.

If they address you as “dear customer”,  or “VIP Member” or “Dear [first part of email address]”, they are showing that they don’t know your name.

(Don’t assume that knowing your actual name is proof of a legitimate email.  Hackers have evolved from “Phishing” emails with generic terms to “Spear Phishing” in which they get your name from the address book of computer infected with their virus, then send you a message with your real name in it.)

Clue 2: They don’t seem to be very good at typing your language.

Companies are usually very sensitive about their appearance and appeal to customers.  They put extra effort into sending clear messages with terms and phrases that are well-chosen.  They don’t usually send official emails with poor grammar or poor spelling.

Clue 3: You’ve never dealt with their (claimed) company.

Well, you’ve probably already gotten used to deleting these things.  If you never had an account why would they be bothering you?   If someone has stolen your identity and they are looking to collect on a debt, you will probably get a piece of paper in the regular mail.

Clue 4: The From: address doesn’t show the (claimed) company URL

Citibank doesn’t send email through gmail.com or hotmail.com.  But scammers do.

Clue 5: The “convenient link” doesn’t lead to the (claimed) company URL

Most email readers these days will show you where the link actually leads before you click it.  On my Mac, Apple Mail will show the real URL if you hover the mouse over the link for a second or two.  If they don’t, they will usually give you a “copy link” option when you control-click or right-click on them.   Then you can open a new window and paste them into the address bar or search box or paste them into a text file in another program.

Citibank won’t send a link to anything that doesn’t start with “www.citibank.com/”

NOTE:  if there is something between the “.com” and first “/”, then it is almost certainly bogus.  A “feature” of URLs is the ability to supply a user name.  So  www.citibank.com@anythingAtAll  is a trick because the “@” makes everything before it into a username for the stuff to the right of it.  There must be a slash “/” after the “.com”.   A legitimate company could make use of the user name for convenient links, but they won’t since its such a red flag for the rest of us and there are better ways to provide it after the slash.  (example: www.citibank.com/user=customername)

Tags: