It seems that fraudsters and their fraudulent emails are all over the Internet these days, and many of them spam us with messages that turn up in our email inboxes on a daily basis.
And they’re pretty good at producing some rather legitimate-looking, and fairly convincing messages too. If you’ve been using the Internet for any length of time, you’ve no doubt seen a bunch of them.
These “phishing” emails usually claim to be from your bank, PayPal, Amazon, Facebook or some other online entity that has a legitimate reason for keeping your financial information on file.
The goal of these fraudsters is usually to get you to click a link in the email that takes you to a fake, but real-looking login screen for a website you actually do use.
Like the email itself, the fake login screen will look extremely authentic, complete with logos and often valid contact information. In fact, the fake site will often look virtually identical to the firm’s real website. But that’s where the similarities end.
When you try to log in to the fake site you’ll find that the login form doesn’t work. You’ll simply get a legitimate-looking error message after typing in your username and password – but by then the crook has already recorded your login credentials.
Once he has your login information the crook will log into your account on the real website and take you to the proverbial cleaners.
One step at a time
Countless people fall victim to these fraudulent emails every year, but you don’t have to be one of them because they are actually pretty easy to spot. Here’s how:
1 – The email will almost never be addressed to you directly. Instead, it will usually say something like “Hello, valued PayPal customer”. Sometimes it will simply refer to you by your email address.
In contrast, a legitimate email from a reputable company will almost always address you by your name.
2 – The content of the message itself will often use poorly constructed English, as if it had been written by a non-native English speaker (and in many cases it probably was since lots of these fraudulent emails originate overseas).
3 – You will be asked to click a button or link to visit the company’s website to either login to your account or update your personal contact information and/or credit card or bank account info. This is a huge red flag!
If you suspect that an email is fraudulent but you just can’t tell for sure, don’t click any links contained in the email.
The safest thing to do is visit the website directly (preferably from a known-good bookmark that you’ve used in the past) and log in to your account from there. When there’s something that truly needs to be updated, you’ll be alerted to that fact as soon as you log in.
If you do happen to slip up and click on a link in a fraudulent email, I recommend running a thorough malware scan on your Windows PC.
If you have a Mac, I recommend scanning your machine with Malwarebytes Anti-Malware for Mac.
Bottom line: NEVER click on a link in an email that arrives from out of the blue, regardless of how authentic it looks. ALWAYS visit the website directly and log in from there.