Every year, in every developed country in the world, thousands of people fall for scams that originate from a single email. Some of these scam emails, such as the Nigerian prince emails, are well known and have been covered in the press extensively, but even so people are still tricked into sending their hard-earned money off to a stranger. Many people, who might otherwise think they are pretty switched on about these sorts of things, have fallen foul of email scams, which are becoming increasingly more refined.
A checklist to help anyone who is worried about the scammers to spot a suspect email message, both known scams and those that will undoubtedly appear in the future.
1 Spelling and Grammar
One of the easiest ways of spotting a scam email is by carefully checking the spelling and grammar it contains. There will often be multiple spelling mistakes, even in company names, which would rarely be allowed to remain in official correspondence from, for example, a bank or building society. If you see a single typo, that might be expected, but two, three or four errors in a single email should been seen as a clear sign of a scam.
Perhaps surprisingly, these spelling mistakes are often very much a deliberate tactic by the scammers. By including spelling mistakes, which could easily be weeded out by almost any document creation software (something certainly within the means of the scammers to do) they better target people who are either not as educated or not as careful and suspicious. These are one of the prime targets of a scam, but that doesn’t mean that just because an email is error-free, it is safe.
2 Disguised/Incorrect URL’s
Some scam emails want a reply, so that the scammer can begin a conversation and work the scam on you (asking for help or offering a investment opportunity, for example). Other scam or malicious emails provide links for you to click. They might ask you to visit a website for further details, or click on a link to your bank’s website to update your password. Any piece of text in an email can be made into a link, so just because the link text in the email says “Natwest Bank” or even “www.natwest.com”, that doesn’t mean it connects to the official NatWest website.
Luckily, every email client (the software you use to send, receive and read emails) will display the URL of a link if the mouse pointer is rolled over it without clicking on it. This will show you the actual address of the website the link will take you to when clicked. If this URL does not look right, or if it is disguised, you should definitely not click on it.
What do we mean by a disguised URL? The two URL’s below would both take you to exactly the same page of the website, but the second has been put through a URL shortener called Bitly.
This is one way a suspicious link could be disguised. There is usually no reason for a bank, government office, reputable website or other official body to disguise the URL in their links.
3 Low Resolution Images/Logo’s
Another fairly quick and simple way to spot a fake email is to look at the company logo or any other images that have been used. The companies that create emails for banks, government offices, insurance companies, etc., have ample resources and skills to make sure the images, and particularly the company logo, is a good quality image. If any of the images in an email look blurred or pixellated, treat the message with caution.
As with many of the other signs of a scam explained here, this on its own may not be conclusive proof. If, however, poor quality images, spelling mistakes and other signs all appear, it should set alarm bells ringing for you.
4 Requests for Personal Information
As a general rule, institutions such as banks, building societies and other financial service providers will not ask you to send personal details via email. Nor will they ask you to click on links in emails. If you are being asked to confirm passwords and login names in an email, or if you are asked to click a link to enter those personal details, you should be concerned. This also applies to things like date of birth, mother’s maiden name and any sort of account number.
With something like online banking, it is far safer to open a new browser window, navigate to your bank’s website and log in. Any messages sent via email will also show up in the messages within your account (if they are genuine messages).
5 Does it Seems Too Good to be True?
The old adage “If it seems too good to be true, it probably is” is applied in no better place than to emails from strangers offering cash rewards. These could be the famous Nigerian Princes asking for help getting millions out of the country (with you having to pay a comparatively small fee), or perhaps the offer of a unusually lucrative investment opportunity. There is no better target for a conman than someone whose greed outweighs their caution.
With any sort of email offering a cash reward or payout, you should ask yourself three questions:
1 Why are they asking me for help/offering me this investment? Surely there are better people to ask for help than a middle-aged housewife from Devon.
2 Are they asking for a payment from me up front (even a seemingly small amount)?
3 Is it too good to be true? If it sounds too good to be true, it probably is…
6 Generic Greeting
Almost any institution, financial, commercial or otherwise, that you have had any sort of dealings with in the past will have your details, and will almost certainly begin an email message with your correct name. Any message which starts with “Dear Sir or Madam” or something equally generic like “Dear Shopper”, that is supposedly from a company you have used in the past, is probably worth being suspicious of.
7 Unsolicited Emails
An unsolicited email should also set alarm bells ringing, particularly if it also displays some of the other signs detailed above. Competitions you have not entered, gifts from online stores you have never shopped with, or messages from banks you do not have accounts with can all appear in your email inbox, and all of them should be ignored or treated with caution. It is quite possible for companies you have never used to get hold of your email address and contact in the hope of getting you to visit their website (potentially for very legitimate reasons, even if buying email addresses is something to be frowned upon).
8 Vague Contact/Company Details
Emails from legitimate companies, and especially from banks, should contain a wealth of information, from business address and full contact details, to legal disclaimers and VAT numbers. Look out for PO box addresses, premium rate phone numbers or details missing that you would expect to see. It is also worth keeping an eye open for contact email addresses which don’t match the domain of the company supposedly sending the email. For example an email from NatWest Bank, with a contact email address of firstname.lastname@example.org.
9 Urgency to Act
The scammers want you to act quickly, without thinking too much so pressure tactics or even threats can be used. It can be worrying to see “Act now or your account will be closed” or “Final deadline before further action is taken”, but take a step back and think before you act. A reputable business is unlikely to act in this way, unless of course you have things like credit you have fallen behind on. Even so, it is always better to contact the company through its official website, or using a number on any official documentation you have, rather than clicking a link in an email.