Saturday, 18 October 2014

How to recognise scam e-mails

Scam e-mails come in various forms. One type tempts you to click on a link which appears to go somewhere safe, but which actually takes you to a site you’d prefer not to visit. 

Even if an e-mail appears to be from someone you know, do not accept the links as genuine unless you were really expecting them, and they pass these tests. 


Recently I received a suspicious e-mail. Although apparently from Facebook Administration (which was already enough to alert me) the actual “From” e-mail address was notification+wysjdtqzmh@facebookmail.comAnything with a random string of letters, or where the “From” name is quite different from the underlying e-mail address should make you suspicious. (In fact Facebook does send e-mails with an apparently random string of letters.) 

Sometimes – if you are only looking at the header – that should be enough to make you delete the message. However, if you wish to check further, and are reading the whole e-mail, check out any other links.


The e-mail said: “Follow the link:” which may look ok, but when I hovered my mouse over the link (as you can do - but don't click) the actual address it was pointing at was something like: http://217.123456.2/~radjan/deviatexxx.html. (I've added some x's to make sure no-one goes to a scam page.)

Seeing that they were quite different, I deleted the e-mail as it was obviously a scam.


Another way of recognising an e-mail as a scam (especially the ones apparently coming from a bank) is to spot glaring errors in grammar or spelling. 

Much as I dislike bankers, I suspect they know how to use a spellchecker! Twice recently I have received e-mails which asked for my “baniking details”. Another one to delete! 


Having written the above, I then received a very professional-looking e-mail again seeming to come from Lloyds. They had obviously read my comments, and avoided most of the mistakes I have mentioned. 

There were still some errors in the grammar (and I don’t have a Lloyds account) but the most obvious aspect was that the e-mail took me to a website where I could input personal information. 

Although this looked like a Lloyds' website, it wasn't. 

This is a Mirroring scam, where the website you are seeing looks and acts like the bank’s website, but it is actually passing your information to a third party! 

How do you know? Well, no bank will e-mail you asking you to input personal information.

The apparent website is a folder on your computer. In fact the website said “We'll never direct you to the log on page from an e-mail” which was effectively what the e-mail was doing! 

As a last piece of sophistication the page had real Lloyds telephone numbers and a link to a Lloyds page saying “How can I tell that this site is secure” !!

For advice on scams and computer security, give me a ring.

No comments:

Post a Comment

© Copyright 2013, 2014 Cameron Somerville Web Designers Toolkit Websites