How to Spot a Phishing Scam Email!

26 Feb How to Spot a Phishing Scam Email!

It’s becoming more and more difficult to avoid email phishing scams these days, even for the most tech savvy people.

While I don’t consider myself super tech savvy, I know enough to generally keep me safe from malware or dangerous email links, but I have to admit, I’ve almost been duped lately on a few scams in particular. That’s why I felt it would be helpful to share my tips on how to avoid falling victim to an email phishing scam.

Here are a few things to check out before clicking any links or downloading any attachments —

First, check the email address and suggested links without clicking them.

You can’t simply look at the email address provided because it can be faked.

This email looks to be legit, but you have to open the email to see the address before you know it’s a scam.

In order to really see the sender’s email address, you have to hover your mouse (don’t click!) over the email address to reveal the actual email address.

You should quickly be able to tell what is a legit email address and what is not (usually a jumble of random letters). I don’t have a visual for you, but recently I received an email from “Apple” with a “no-reply@apps.apple.com” email address but when I hovered my mouse over the address, it was a crazy jumble of letters. That was the first clue.

You can do the same for suspicious links – hover your mouse over it and in the lower left corner of your internet window, a link will show. If it’s legit, it will look normal – if not it will be a random jumble of letters.

A client of mine was worried that their emails from Netflix were scams but I assured them that Netflix is merely sending suggestions for new TV shows (and they will do this daily if you don’t update your email preferences).

I watch a lot of comedy on Netflix, so here they are suggesting a new comedy special I might like. Notice the legit email address for Netflix.

Second, check for grammar and misspellings.

Often these scams are written by people whose primary language isn’t English. Though they use Google Translate to try to make their emails make sense, the grammar and spelling are sometimes off and should be a dead giveaway!

Something else you can be aware of is what the footer of a legit email looks like compared to that of a fake one. For example, I live near Apple headquarters in Cupertino and I know the address. Most of the fake emails use a foreign address (in the UK or Australia). This isn’t always a dead giveaway where as the email is.

Third, be wary of what they are asking for.

Your bank, PayPal or Apple (for example) would never ask you for specific information over email or to reset anything unless you’ve logged into your account on your own. And unless you’ve just asked to reset your password, never click on a link in an email that asks you to reset your password.

I highly recommend setting up two-factor authentication for the majority of your sensitive accounts. This means that in addition to you logging in with your username and password, the site will also send you a 6-digit code to you via text to enter in. These may seem like a hassle but they are your best bet for keeping your information safe!

Finally, if you aren’t sure, do some investigating.

In one email from “Apple” they told me that my account was recently used to purchase an app and they wanted to make sure it was legit. First of all, Apple doesn’t do this. They just send you a receipt for something purchased and it’s on you to report if it’s not something you purchased.

I went into my iTunes and checked “recently purchased” and didn’t see the game they mentioned. I then went to search for that game in the app store to double check that I hadn’t purchased it (there would be a button saying “open” instead of “get” or a purchase price if I had actually bought it). That game doesn’t even exist on iTunes – so clearly it was a scam.

Also their math didn’t add up. They showed that the app was $99.99 (I don’t know ANY app that is that much; not only a red flag but of course that price is high enough to freak people out). They then showed the tax was $0.99 for a total of $99.00. Clearly they did the math wrong – subtracting the tax instead of adding it (more proof this is coming from outside the US; our tax system is confusing to most countries).

Another way to investigate is to google the scam and see what comes up. I’d be willing to bet that 99% of the time, the email is a scam. BUT….

Ask a friend

I recently received an email from a friend asking me to click on a link and vote for bands I’d like to see at a music festival. While she was in that business, and I recognized the other people she sent the email to, I didn’t want to click on the link (which appeared to be legit after hovering over it).

Instead I forwarded it to her and said “Hey, is this a legit email? I’m nervous about clicking on something that could be a scam.” She wrote back immediately saying it was legit. Now, if her email had been hacked, it could’ve gone wrong, but I was safe in this instance. I could’ve also texted her to make sure it was legit.

Report suspicious emails

Apple allows you to report suspicious emails by forwarding them to reportphishing@apple.com
Other businesses may have a similar email address, or you can try to forward it to them using a different email address (you may have to search on their website for a customer support or tech support email address; or Google it).

Pay it forward

If you happen to receive an email from a friend’s account that includes a suspicious link, screen capture the email and then send it to them in a new email or text telling them that it appears their email has been hacked and that they should change their password. You could forward the email to them but then you would be forwarding an active scam link, so it’s best to just alert them.

I hope this blog has helped you to see the warning signs of these potential scam emails that might be flooding your inbox.

If you have a question or comment, you can leave it below in the comments. Stay cyber safe!