It seems that fraudsters are all over the Internet these days, and many of them spam us with messages that turn up in our email inboxes on a daily basis.
And they’re pretty good at producing some rather legitimate-looking, and fairly convincing messages too.
If you’ve been using the Internet for any length of time, you’ve no doubt seen a bunch of them.
These “phishing” emails usually claim to be from your bank, PayPal, Amazon, Facebook or some other online entity that has a legitimate reason for keeping your financial information on file.
The goal of these fraudsters is usually to get you to click a link in the email that takes you to a fake, but real-looking login screen for a website you actually do use.
Like the email itself, the fake login screen will look extremely authentic, complete with logos and often valid contact information. In fact, the fake site will often look virtually identical to the firm’s real website. But that’s where the similarities end.
When you try to log in to the fake site you’ll find that the login form doesn’t work. You’ll simply get a legitimate-looking error message after typing in your username and password – but by then the crook has already recorded your login credentials.
Once he has your login information the crook will log into your account on the real website and take you to the proverbial cleaners.
Countless people fall victim to these fraudulent emails every day, but you don’t have to be one of them because they are actually pretty easy to spot. Here’s how:
1 – The email will almost never be addressed to you directly. Instead, it will usually say something like “Hello, valued PayPal customer”. Sometimes it will simply refer to you by your email address.
In contrast, a legitimate email from a reputable company will almost always address you by your name.
2 – The content of the message itself will often use poorly constructed English, as if it had been written by a non-native English speaker (and in many cases it probably was since lots of these fraudulent emails originate overseas).
3 – You will be asked to click a button or link to visit the company’s website to either login to your account or update your personal contact info and/or credit card or bank account info. This is a huge red flag!
If you suspect that an email is fraudulent but you just can’t tell for sure, don’t click any links contained in the email.
The safest thing to do is visit the website directly (preferably from a known-good bookmark that you’ve used in the past) and log in to your account from there. If there’s something that truly needs to be updated, you’ll almost certainly be alerted to that fact as soon as you log in.
If you do happen to slip up and click on a link in a fraudulent email, I recommend that you do the following things, in this order:
1 – If the service in question supports it (and most legitimate online services do these days), enable Two-Factor Authentication on the account.
2 – Change your password on the account to a new password that’s easy to remember, yet very secure. This post explains how.
3 – Run a thorough malware scan on your Windows PC. If you have a Mac, scan your machine with Malwarebytes for Mac.
Bottom line: NEVER click on a link in an email that arrives from out of the blue, regardless of how authentic it looks.
ALWAYS visit the website directly from a known-good URL and log in from there, then check to see if you have any important messages or notifications that you need to read and take action on.