SPAM, SCAM or PHISHING

SPAM, SCAM or PHISHING ?

I don’t know about you, but these days, I am quite careful at looking at all the emails I receive to make sure I am not a victim of spam, scam, phishing or viruses etc. There are increasing numbers of “dodgy” looking, and some increasingly quite genuine looking, emails arriving constantly in my in-box each day so one has to be very careful to look at them before clicking on any links for example to make sure that you don’t end up downloading anything nasty onto your PC.

Some are fairly obvious, such as numerous emails from HSBC (or other banks) telling you there are problems with your account when you don’t even bank with them ! But others can be quite convincing and need much closer scrutiny before you click on any links in them.

If the sender is asking you to fill in any of your personal information, bank details or passwords etc then this should start alarm bells ringing !

A few tips

In order to try and identify if the sender is real and to establish how credible their company is, I would suggest you do the following. Ideally do all of them (and more if possible):

• Look at who sent it ?  Do you know, or recognise, them or their company ?
• Have you received emails from this sender before ?
• Were you expecting an email from this sender ?
• Is it from a business email account (e.g. name@abusiness.co.uk) or a free web mail account (e.g. hotmail, gmail, yahoo) ? If it was sent from a legitimate business account, it is less likely to be spam or malicious but you still need to be careful.
• Hover your screen cursor (the little arrow or hand) with your mouse over any links in an email (but don’t click) and see what they look like (e.g. you can generally see this in the status bar at the bottom of your email tool window). If the web address is the same as the sender’s email (e.g. email from name@abusiness.co.uk and web address is www.abusiness.co.uk) then it is more credible but typically in dodgy email it will look nothing like it (e.g. it might be something like:  http://ux.ed120.net/r/OBVC96H/GJBU/CE9T7/39J/T7E/MG/h). Unfortunately, sometimes the details of the link can be hidden so if you can’t see anything when you hover over the link, this is probably also grounds for suspecting something is not quite right.
• Don’t open any attachments you are sent with the email.
• Look at the senders web site address in their email and type it into a new browser tab (or window) – don’t click on any link to it directly in the email as it might take you somewhere different. Take a look at the information on their website and see how credible they look. For example, do they have their office address included, a landline telephone number rather than just a mobile number? Do they include their company registration details and VAT number (if registered)?
• Google the sender and their company and see what you can find. If it is dodgy, someone else may already have published details about it.
• Give the supposed sender / their company a call and see if they actually sent it.

I realise this can be quite a bit of work to do but think about the implications if you do get scammed or your PC, or even worse your entire network, gets infected.

Hope you find this useful and it helps reduce the likelihood of getting caught out.