It can be daunting seeing news stories of people falling for scam emails and suffering a great financial loss because of it. If you know what to look for, they can be easily avoided. Here are some tips from Millennium on how to spot a scam email...
Tip 1: Never trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “Santander” the email may look something like the picture below. Since Santander doesn’t own the domain “secure.com,” DMARC will not block this email on Santander's behalf, even if My Bank has set their DMARC policy for Santander.com to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.
However this tip won't work all the time; often cyber criminals will send their scam emails from what appears to be a legitimate email address, this why it's important to know several different things to look out for, looking at just the email address won't necessarily tell you if it's a fake email.
However this tip won't work all the time; often cyber criminals will send their scam emails from what appears to be a legitimate email address, this why it's important to know several different things to look out for, looking at just the email address won't necessarily tell you if it's a fake email.
Tip 2: Look but don't click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in the website address directly rather than clicking on the link from unsolicited emails.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often address you with your first and last name.
Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. Legitimate banks will also never ask for your PIN number or your full password. You will only ever be asked to give up a few select characters of your password.
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
