Spoof or fraudulent email often pretends to be from a well-known company, such as PayPal, eBay or even Sainsbury's, in an attempt to get personal information from you. People who send spoof emails hope to use your information, such as credit and debit card numbers or account passwords, most frequently to commit identity theft.
What can I do to prevent spoofs from affecting me, I hear you mutter? Well, because spoof, or 'phishing,' emails (and the spoof websites often associated with them) are deceptive in appearance it can be all too easy to get sucked in. However, they do contain content that reveals they're fake. The most important thing you can do to protect yourself is to spot this misleading content.
So what should you watch out for?
- Generic greetings. Many spoof emails begin with a general greeting, such as: 'Dear – insert company name – member.' Many will simply say 'Hi', 'Hello' or have a shorthand symbol such as :)
- Many convey a false sense of urgency. Most spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP.
- Fake links. The text in a link may attempt to look valid, but on clicking it you'll find yourself sent to a spoof address. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. If the link looks suspicious, don't click on it. And be aware that a fake link may even have a legitimate word in it.
- Use of the @ symbol within URLs. Fraudsters will often hide the true location of a link within the URL, and sometimes there will be an 'at' sign visible, which will help to pinpoint the actual destination of the link.
- Misspellings. Another common technique that has been used is a URL that at first glance is the name of a well-known company but on closer inspection turns out to be slightly altered. For example, www.microsoft.com appears instead as www.micosoft.com
Legitimate companies will not ask certain questions in an email. In fact they should never ask for any of the following personal information in emails:
- Credit and debit card numbers;
- Bank account numbers;
- Driver's licence numbers;
- Email addresses;
- Your full name.
How to prevent spoof emails from affecting you:
- Keep your security software current. Update your firewalls and security patches frequently. Consider using software from companies like Symantec and McAfee.
- Monitor your account. Check your account periodically to see if there is any suspicious activity. Change your password often and, if you think your security may have been breached, create a new password immediately.
- Use a unique password. Your password should be one of a kind, and not used on any of your other accounts. A good password contains letters and numbers and should be greater than six characters where possible. This makes it more difficult for people to guess it.
- Take action. If your information is compromised, get a fraud alert placed on your credit report.
- Report any fraudulent emails. Forward the entire email, including the header information, or the site's URL, to the company involved immediately. In other words if you received a scam email about eBay, you should forward it to them. Also consider forwarding the email to firstname.lastname@example.org, where the U.S. Federal Trade Commission (FTC) will place it into a database and use the information to track down and prosecute the scammer(s).
Finally, scammers will always play on their victim's paranoia or greed so remember, if something appears too good to be true it is (too good to be true)!