By Sandra D. Lane
It seems like phishing emails are doubling up this holiday season, or maybe I’m just getting more than I’m used to. Whatever the case, they’re in full swing and are out to get our hard-earned money as fast as they possibly can.
Phishing emails come in the form of an email (naturally) asking you to click on a link in order to update information. It’s called ‘phishing’ because it’s fake, as opposed to the real word “fishing”. True to the correct term of ‘fishing’, they reel you in with bait they decide you can’t resist with an email, and usually, the email itself is what I call an “Oh no!” email, which is one that causes both surprise and some dread. Once you click on the link they provide in the email, you’re immediately directed to a mock website that sometimes looks exactly like a real, genuine website.
Once there, you’re asked to enter your login and password to fix the supposed error in your account. But it’s not the real website, and the data you enter goes straight to the thief trying to get your credentials, your money, or even your identity. This can be done with any account you have online, from your utilities to your bank account – it’s all about making a buck. Or several.
Here is how to recognize phishing emails.
The way to spot phishing emails is surprisingly easy and just takes a bit of analyzing.
First of all, the return email address is typically a name of some sort combined with a very long string of numbers and/or letters. An example could be Targetnoreaplyservicecustomernumber09215firstname.lastname@example.org, and sometimes they don’t even give a business name in the return email address, just the extension.
Second, the email is either addressed to “Customer” or nobody at all. You’d think a business who emails you regarding your account would at least have, and use your name.
Third, grammatical errors. On one of the recent emails I got from “Netflix”, this was in the header: “RE: [Security Update] Reminder: We sent to update reset bill…” This makes no sense at all. I’ve noticed many of the emails have horrible spelling too.
Notice the “e” on the end of ‘method’ in the email, and who it’s addressed to. This is a phishing email, and they want me to click on the highlighted link to enter my “Netflix” credentials, which will then allow them to retrieve my payment method. The payment method is usually a credit card or bank account, but even if you use PayPal or another payment type, you can still get a phishing email.
If you pay attention to the body of this email, (which, in comparison, is a remarkably well-done phishing email) you’ll see a writing format that resembles the way Captain Kirk from “Star Trek” might speak. “However, we’ve..noticed…that the card associated with..your. Prime membership.” This type of grammar goes on throughout the email. And, of course, the “To:” address is messed up because it’s supposedly to “PayPal support” but is about “Amazon Prime” and landed in my inbox. And again, the word “method”, this time located at the top in the header of the email, has an ‘e’ at the end of it. According to Wiktionary, this spelling is German for “Method”. Interesting.
Four: There’s yet another way to tell if your email is real or just another phishing scam. Scroll your mouse over the link they provide – don’t click on it; just scroll over it. You should see some text pop up, and if the email is real, the text should be the URL (or internet address) of the company (example: email@example.com). If you notice with this email, that’s not the case, and instead it gives you some other place it wants you to go. You can see it where I scrolled over but did not click on “View Membership Settings.”
Fifth, they can bypass all that and go for your Cloud, a giant database accessible by any computer or smartphone. With the ability to get email on our phones, it becomes doubly dangerous, making it possible for someone to access a whole host of accounts through our email.
Again, we see the weird extension after the ‘iCloud’ name, the lack of customer name in the ‘To” section, and the grammatical errors in the body. And check out the time listed in the email: “October, 25 2019 PDT.” Last time I checked that was a date, not a time.
Be very careful with phishing emails so scammers can’t access your data.
These emails I’ve shown were all sent to me in the past 30 days. Thankfully, I don’t have my email account on my phone, I don’t pay for Netflix, and my Amazon Prime isn’t due in October. So, I knew they were fake emails and didn’t respond to them the way they wanted me too. But I did respond.
As noted earlier, each email will contain an embedded link that the sender has created, taking the receiver to a site the sender has set up for the scam. Don’t ever use it. That’s the first way of keeping your devices and information safe. These people prey on our laziness and our desire to hurry up to fix things so we can get on with life. Instead of playing by their rules, open your browser and enter the correct, known, site address yourself. If you don’t know the site addresses, use a search engine to find the correct one. Just type in the name of the company and you’ll find the site address link is almost always at the very top of the page.
Usually, not always but usually, the address is simple, with the name of the company.com. Netflix.com, Amazon.com, icloud.com, and so forth. Once you go to the site using a URL address that you enter yourself, or using a link that your search has provided, you can enter your login credentials if need be and you’ll know right away if the email you received is a scam.
Another way to know is to carefully read the email. Like I’ve shown, phishing emails usually don’t have your name listed as the recipient, the spelling/grammatical errors are usually atrocious, and a scroll with your mouse over the links in the email usually show an unknown website/URL. As well, know your due dates and the payment methods you use. If your payment isn’t due, you shouldn’t be getting notifications that your account is suspended, and if you don’t use Netflix, you shouldn’t be getting an email telling you your account needs to be reset.
So, in a nutshell, we need to continue being smart about our online communications, where we go, and what information we give away. Scammers are getting better at creating mock websites and fake emails. This doesn’t necessarily mean we should stop using online services altogether, it just means we should proceed carefully.