I don’t know about you, but lately there have been more and more spam emails getting past my filters and taking up my time. Some of them are funny, but some of them look scarily like real emails from real companies.
While you can just bin the emails or flag them as spam, it can be good occasionally to forward the offending missive to the company from which the email seems to be sent. Using contact information you have found yourself. Only yesterday I forwarded one off to Apple.
However, those pesky phishing emails, where the senders try to get information from you, or gain access to your accounts, are more than just annoying, they are criminal. This week I’m concentrating on information that will help you spot these potentially harmful emails, and details on how to report them. It may go a little way to help stamp out the spammers.
First, it may seem obvious but let’s have a look at…
How to spot a scam email:
One of the main ways a phishing scam gets your information is by asking for it, for example asking you to verify your password, card number or other personal details. A legitimate company wouldn’t do this. Do not give away your information… if you think the email may be legitimate contact the company yourself… go to their website, look for the ‘Contact Us’ area and use the information there to contact them. If the email is real they will be able to confirm it, and will not think you are bothering them… it’s always better to double check. Do NOT use any information from the suspicious email.
Bad spelling and atrocious grammar
Real companies, especially those big companies that are often targeted by the scammers, wouldn’t send out emails with bad spelling and grammar. They certainly wouldn’t use lots of capitals and multiple exclamation marks!!!!
If the email isn’t addressed to you personally, it’s also probably spam. Companies such as PayPal, Amazon and other large players will address you by name. If the email is from a small company, the chances are they will also address you by name. If in doubt, contact the company directly.
If the email has been sent to multiple contacts, and claims to be from a company either telling you of something mega important (but they need you to confirm by clicking the link, or give them your details) or that you’ve been chosen to win a prize, it’s also a scam. Check to see how many people the email has been sent to… even if they look real it’s probably a scam, and if they all start with the same letter of the alphabet you know it’s definitely a scam.
Newsletters you can unsubscribe from but never subscribed to
You will have probably received a few of these… you suddenly get newsletters (with lovely links) from companies you have never subscribed to. Do not click the ‘Unsubscribe’ link… even if it looks legitimate this will alert the scammer to the fact that your email address is a real one, and you’ll end up getting more spam.
Instead of unsubscribing have a look at the newsletter company that is being used. You can just flag the email as spam but, if they persist, mailing companies like Constant Contact and MailChimp have very tough anti-spam rules (believe me, I’ve used both to send out legitimate newsletters in the past). If you keep getting unsolicited mailings contact the providers (again do not click on any of the links in the newsletter) and tell them you are being targeted.
Danger, Help, I’m Stranded, Save the Kittens
If you get an email that pulls at the old heart strings, then it’s also more than likely a scam. The chances are your friend really isn’t stuck on safari without his mobile or wallet, there really will be no danger if you don’t reply to the email about someone in China wanting to register a domain name suspiciously like yours (this is a real scam, it’s amazing what a quick internet search will show up) and no kittens will be hurt if you fail to send them your phone number, account number and shoe size.
If you get an email that not only pulls at the heart strings but makes you panic… STOP. DON’T PANIC. That is what they are after. If the subject line or the first lines of the email have you panicking it is a scammer. They want to make you panic as that’s when most people leave reason behind and click on the ever so helpful link provided.
If your bank account had really been suspended why didn’t the bank phone? – and if someone from the bank does phone and makes you panic, that may be a scam phone call… tell them you will phone them back, put the phone down and (this is important) do NOT phone from the phone line you have just been using. Use your mobile if you’ve been phoned on your landline, or vice versa, and phone the number you find in the phone book, or on your bank’s legitimate website.
Anyway, I’m getting off the point. No legitimate company would send you an email that makes you panic. Ever. If you get an email that makes you panic, move away from the email and only go back to it when you are calm and can look at it objectively.
How to deal with a scam email:
First of all NEVER click on any of the links. Just don’t do it. Ever.
Find out who really sent the email
Sometimes it’s obvious just by looking at the sender’s address, however if it isn’t that obvious you can usually expand your email settings to ‘Show Details’ (sometimes just ‘Details’ or ‘Expand’). The real sender’s address should show up in the details, or in the ‘Reply to’ area if there is one. Also be suspicious if the sender’s email is left blank. Do not click on the address link.
If the email says it’s from the Bank of England, but comes from Barry485 then you know something fishy is going on.
Check the URLs
Again, do NOT click the links. Hover your cursor over the links and look to see where they go. You will either see this as a pop up over the link, or in the bottom sidebar of your browser window. A scam email will have a link going somewhere totally different to where the link is supposed to go.
If the link you are supposed to click on says ItsReallyAllOk.com but when you hover over it it says WeAreGoingToTakeYour Cash.com you know it’s a scam. But if the ItsReallyAllOk.com link takes you to ItsReallyNotAllOk.com or Barry485.com even if it doesn’t look totally suspicious it’s still a scam as it’s taking you to a destination that is different from the one you are going to click on.
Beware… some of the links may be real, or look real… don’t rely on just one link. If one link looks right hover over more, especially the ones that you are meant to click on. Just don’t click on them.
Report them or bin it
When you are confident that you have identified a scammer you can simply delete the email if you want. Your friend won’t be stranded on safari, you won’t miss out on that multi-million pound Spanish lotto win (that you never entered in the first place) and the kittens will not be killed to death. You can flag it as spam before you delete it, then delete if permanently from you computer and you can sleep well.
However, companies like to know that people are using them to try to scam people. If you can find the company’s contact information on their legitimate website, you will often find instructions for forwarding phishing emails. It may be tricky, but it’s usually there.
Another way to report a phishing email is to forward it to your email provider. As it can be difficult to locate the information quickly I’ve done the legwork for you with the most used providers.
Below you will find details on how to report scam emails as of 17th April 2015
(information found via the company websites)
Forward the email to email@example.com
If you prefer, you can also provide additional information before sending the email.
The company has put together some examples of common spam emails here: http://mail.security.aol.com/suspicious-emails#gallery
The help page for BT is here:
If you receive a phishing email that seems to be from BT, forward it to firstname.lastname@example.org
Google’s support page is here:
Report the message as phishing by:
- In Gmail, open the message you’d like to report.
- Click the down arrow next to ‘Reply’ at the top-right of the message pane.
- Select ‘Report Phishing’.
Hotmail, Outlook, msn.com, and live.com
Microsoft’s help page is here:
In Outlook.com, click the arrow next to Junk and select:
- Junk (for routine unwanted email).
- Phishing scam (for email that is trying to trick you into giving out your personal info, for example passwords, bank info, or your Social Security number, or to steal your money).
- My friend’s been hacked (if you start getting junk email or phishing from a sender you would normally trust).
With iCloud addresses you can manually report messages as junk by forwarding a message as an attachment to email@example.com
Their support page for helping manage junk mail is here: https://support.apple.com/en-us/HT203524
Apple also has a nifty way of cutting down on spam spent to your main email address – by using an email alias for online registrations, mailing lists and buying online. It’s different to having lots of separate email addresses, you can find out more on their website. https://support.apple.com/en-us/HT202316
If your provider is TalkTalk (Tiscali) you can find out how to deal with phishing scams here: http://help2.talktalk.co.uk/phishing-scams
Or follow the steps below to report phishing emails:
- Open the message and either click Action at the top of the screen, followed by View message source, or click Show Header in the blue message details heading.
- A new window or drop down section will open to show the full sender information. It’s really important that you send these details to TalkTalk, as it helps them trace the sender.
- Right click on the text and click Select All. Then right click again and click copy. Paste this into a new email and send to firstname.lastname@example.org
- You’ll usually get an automatic email to confirm they’ve received your report, and they’ll look into the issue as soon as they can.
Yahoo has a comprehensive page to help you report spam:
This list is by no means exhaustive, but I hope it helps you stay one step ahead of the scammers and gives you a little peace of mind.