Is this email legit?

The sophistication of scamming emails has increased.   This article will hopefully help you protect yourself.

How to identify a scamming email:

  • Has this person ever sent me spam before? Is there a sudden barrage of nonsensical spam emails from this person (an indicator that their email is hacked)?
  • If the email tells you to open an attachment, you should not do this.  Only open attachments you know are coming to you.
  • If there is a link in the email, hover your cursor over it (but do not click it!). This often reveals that the real location the link will take you is a (phishing) website you have never even heard of.

  • Is the email mentioning recent natural disaster or similar headline events? Scammers watch headlines carefully to monitor for anything causes people distress; it is a way of setting up fake charities to ask for funds that only ever help the criminals involved. This includes links to fake websites and PayPal accounts (again, don't ever click).
  • If you do click the link to go to, say, an online banking website, check to see if the address says 'https' or 'http'. Almost all banking websites will use 'https'. If you are still not sure, go to the actual website by opening a new tab and typing its name into your search engine. Compare the 2 addresses.
  • If you get an email from a friend who lives close by, or who you can contact by phone, ask them if they sent you that email. Even the best phishers haven't found a way to direct calls to them and perfectly imitate your friend's voice!
  • Think back and ask yourself: Did I physically enter my name into this sweepstakes? Did I make an airline reservation?   Did I order something? If you think you "might" have open a new browser window and TYPE the web address of the company that you know (don't copy the link in the email)
  • Is there a threat of immediate detrimental action if I don't respond with personal information? Threats by email are illegitimate, do not deserve your attention but may need to be drawn to the attention of police or anti-scam officials. Remember, you have done nothing wrong––the scammer is the one doing that.
  • Genuine charities, fundraisers and the like never ask for bank account details or wire transfers. They'll have their own legitimate websites with secured "https" in the URL line. Use a search engine to get to such sites, or drop in or call the charity to get the web address.
  • Some e-mails are scareware. They announce requirements to appear in court or attempts at debt collection pending legal action by the collector or an attorney. Does the message address you by full name or first name only instead of Mr. (last name here). Does the message seem to address no one by name , as though it were a form letter? Does the alleged collection agency give a phone number that they can be reached at or only a link to which you are directed to give a credit card number or other personal info. Is the court located in a state that you know you haven't visited ever or anytime recent? Subpoenas or orders to appear in court always come by snail mail. Debt collection attempts will always be from the company that you knowingly did business with. If a collection agency or attorney is involved, you are always contacted by phone, never e-mail.
  • Is someone you know suddenly "abroad" and "in trouble" (wallet stolen, passport missing, arrested) and need money to get them out of trouble.   It's most likely a hoax - especially if they insist on a wire transfer!

Why do these email exists?

 Email hoaxes are often termed "phishing". This term refers to the instances where the scammer sends out a mass email to every address he or she has managed to glean by whatever method. The hope is that at least a few people will be gullible enough within that mass emailing to respond––and send cash or personal details.  In a nutshell, they want cash or identifying information that can give them access to sources of cash. They hope that they can trick people into revealing sensitive personal information such as passwords to accounts, banking information, Social Security numbers, mother’s maiden name, date of birth, among others. Phishing scams are targeted to gather personal information in order to hijack your assets or steal your identity to open credit accounts in your name.  They may also be attempting ransomeware (such as Cryptolocker) where they use a virus (in an attachment) to encrpyt all of your files (documents, photos, music) - then demand money to unscramble them.

Other tips to protect yourself.

1.  Use strong passwords (see this article) in your emails as well as your financial accounts.  This will help to prevent someone from using your email to scam others.

2. Banks and financial companies will never-NEVER-ask for any information from an email.   

3.  No network, bank, or website employee will ever need to ask you for your password.   (even to "fix" something.   They have test accounts for that purpose)

4.  Get an email with just an attachment from your friend.   Call them and make sure they really sent it before you open it.