It could be you! But it probably isn’t.

Last month we looked at a few real email messages and unpicked some of the technical clues to watch out for:
• who sent the message?
• if I click the thing they want me to click, where will it take me?
But there’s often an easier way to spot a wrong ’un and that’s what we’ll be looking at this month, again using my own inbox for examples, with no technical mumbo-jumbo whatsoever.

Let’s begin with a message from a Mr hgdgd osndbds.

Really, Mr osndbds? That’s the best you could come up with? Your email wants me to believe you can connect me with the sum of $2,100,000.00 and that’s the name you’re going with? Well, actually no, because later in the email we find it’s really from:

Mr. Terry Moore
(Acting Manager of HSBC BANK, London United Kingdom.

Bonus point for just the one bracket, but still…

0/10 Must try harder.

Let’s move on…

Credit where credit’s due, they have taken the trouble to make it look like it comes from MBNA, but ‘Dear Customer’? No bank will ever send a message to Dear Customer and they will never ask you to click a button in an email to sort out a problem.
Speaking of which…

No introduction, not even Dear Customer. Just a big button labelled ‘Log in to Monzo’. Don’t.

One common factor in a lot of scam emails (and telephone calls) is that they will try to panic you into hasty action:

• Your payment for 16th Century Jewish bible is complete!
• Act now!
• Your machine is under attack!
• Your email/internet/bank account is about to be suspended!

It isn’t. Have a nice cup of tea and a Digestive. Then, if you’re still worried, contact the company directly – NEVER click anything in the email or give details over the phone and NEVER open an unexpected attachment.

Banking security

It’s probably worth noting a few dos and don’ts about online banking and security in general.

I always recommend having at least two email addresses, one for shopping, sharing and social, and one for family and personal stuff. That way, you can be notified (your phone or laptop beeps) when someone important contacts you, but your phone isn’t binging and bonging every time DFS have a sale. You could have a separate email address for banking, too, or just use the ‘family’ one, as long as you make sure to tick the box that tells the bank not to share your address and not to use it for junk mail.

I had a customer once who correctly deleted junk mail purportedly from every bank under the sun but happily clicked blatantly fake messages from Nationwide, because they were her bank.
It’s also worth pointing out that, of all the junk bank messages I’m listing here, none of them went to an email address that I actually use for banking, which is quite a big clue that something is not right…

Anyway, what’s next?

Let’s look at a couple of other things to be wary of:

Messages from people you know

I don’t have any of these in my inbox but I know someone who has. They appear to be from someone you know
Subject: Hi Beth

but contain a very short or unexpected message, like

Here, the golden rule is ‘If it doesn’t sound like the person you know, they didn’t send it’. A favourite trick of scammers is to steal someone’s email address book or contacts list and to send messages (apparently) from someone in the list to someone else in the list.

Sometimes it means Barclaycard get a message ‘from’ Nationwide but also (imagine it’s your contacts stolen) sometimes it means your brother gets a message ‘from’ your sister, and they are much more likely to click something they shouldn’t if they trust the person who sent it. A very popular example of this did the rounds on Facebook a while back. After all, if a friend sent you a message saying

“Is it you in this picture?”

would you be able to resist a little click?

If Auntie Flo always begins an email with ‘Hello Sweetie’, be suspicious when you get one that starts, ‘Hey Friend!’

It could be you!

It isn’t. If you ever receive an email telling you that you’ve won a lottery, the odds are very high that you haven’t. If you ever receive an email telling you that you’ve won a lottery that you didn’t enter, the odds are quite a bit higher. All they want from you are your bank and personal details.

Of course, if you actually do enter the lottery and you get an email from Camelot to tell you you’ve won, it’s worth going directly to the Camelot website and checking.

Or just give me the ticket and I’ll check it for you. You’re welcome.

In summary

In the past, viruses were an opportunity for bored geeks to show off to their friends but nowadays threats almost always exist to steal personal information and use it to part you from your hard-earned cash. Take your time, and don’t fall for their tricks.

Take care and stay safe.

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.