Ask yourself the right questions!
If you receive an email and you are suspicious about it, the best way to identify if it’s a scam or not, is to ask yourself the right questions.
Why am I getting this email?
Nefarious emails are not designed for you specifically; they are baits that are supposed to appeal to a broad audience: with over 1 Billion Facebook users, chances are that a high percentage of people receiving an email from the social network, do have an account therefore will pay more attention to an email pretending to come from Facebook.
So really, why are you getting an email from Bank of America when you don’t have an account there or why are you getting a UPS delivery failure email when you’re neither expecting a package nor have you been left a delivery attempt notice on your door? Scammers know that people can be naive and lower their guard when dealing with trusted brands.
Do they know who I am?
Big companies and brands will ALWAYS personalize their communication with you by putting your name or username in the body of any messages they send you: eBay will always start their emails with your username, Microsoft always uses your first name somewhere; this is for your safety.
So if you see an email without personal details in it like a Facebook email without your name or one from UPS without your address, more than likely, this is not an email sent by these companies.
Are there any files attached?
Companies will NEVER send an email with an attachment out of the blue; as a matter of fact, when support for companies are planning to send you an electronic communication with a file attached to it, they will always ask for your permission beforehand. So if it has a zip file attached; in 99.9% of the cases, it’s a spam.
The phishing scam email above raises many red flags:
The WhatsApp branding is inconsistent and wrong. The email sent at 9:30AM is for a voicemail received 8 hours in the future. The email sender has a domain name that is in no way, shape or form, tied to WhatsApp. The link goes to some website in Belarus. There’s no personalization be it about me, my account, or the contact, in my friends list, who supposedly left me a voicemail. And best of all: I do not even have a WhatsApp account!
Does this email look legitimate?
It’s all about branding and consistency; most malicious emails make blatant mistakes that billion dollars companies don’t (WhatsApp was bought by Facebook for $19 billion). So again it’s about answering simple questions: is there a logo from the brand? Is it the current logo or an older one? Are the colors the right ones?
In the example you can clearly see the lack of a WhatsApp logo and the inconsistencies in the spelling of the company’s name (with and without a space).
Who is sending this email?
One of the fastest and easiest way to identify an evil-intentioned email is to look at what is the email address of the sender: the label attached to an email can say anything but the sending address email cannot lie. In every email client you can display the full header which displays more details than just the incoming message’s label; in this case, why would a WhatsApp notification come from Mail2Gold.com instead of WhatsApp.com?
Where does the link take me to?
Emails on their own are harmless: if you don’t open the attached zip file or don’t click on the link, nothing can happen to you or your account. So one of the important things to know is where does a link take you without clicking on it; that’s where “mousing over” is an important concept: when you mouse over a link it will display the url that is about to be opened; in outlook it will show you the url in the tooltip next to the mouse cursor; in a web browser email client, it will show you the link at the bottom left of the browser window.
Knowing where a link goes is also very important as your destination might spoof the real website; so let’s say you’re getting a malicious email claiming to be Paypal; when clicking you might end up on a webpage that’s an exact clone of the Paypal login page; however, that login page is a fraud that’s hosted on a server somewhere else; looking at the url before clicking would tell you this is not the genuine Paypal.com but some random website in Eastern Europe or who knows where.
In the example below; the “listen” button from the fake WhatsApp email is pointing to a domain name .com.br which is registered in Belarus and that obviously has no affiliation whatsoever with WhatsApp.
What are the known patterns from the alleged sender?
This is a little more subjective but every big company has a very rigid email notifications format and they stick to it, so if you get an email from Facebook or UPS that is quite different from the ones you’ve received in the past; this should raise a flag that it might not be a genuine email from these brands.
In doubt, search online!
If you’re unsure about an email you received, asking online will always yield results: if it’s a scam, you’re not the first person who’s ever got that email and you’re not the last who will get it; therefore, you will more than likely find online articles warning you about particular emails going around. As much as the internet is a wild place, there is a strong online community who takes the time to warn its fellow internet denizens of the evils spread on the web.
Time to have fun at scammers’ expense:
What happens when someone being scammed is trolling the scammers?
Better safe than sorry
This sounds very obvious but when malign notifications prey on our fears, it’s often difficult to take a step back and think for a minute. If you’re getting an email claiming that your account has been hacked or its password changed; it is necessary to stay levelheaded before proceeding.
The best way to proceed is to go directly to the website or social network mentioned in the email and login to your account as usual. Just so we’re clear “going directly” does NOT mean clicking anything on the email; we’re talking about opening a web browser and typing the regular known address of the online property.
This is vital on a mobile device where some important details can be easily hidden: for example, finding the sender’s email address or figuring out where a link might take you.
Unmasking a fraudulent phishing scam email isn’t rocket science; it just necessitates to take a moment to look and see if any red flag is being raised; and if so, dismiss the email.