What is a fraudulent email?
A fraudulent (spoof) email pretends to be from a well-known company, such as PayPal or eBay or a bank, in an attempt to get personal information from you. People who send spoof emails hope to use your information - such as credit and debit card numbers or account passwords - to commit identity theft. People can then pose as you and conduct business in your name.
Spoof, or "phishing," emails - and the spoof websites often associated with them - attempt to appear like the official company web site. However, they contain content that reveals they're fake. The most important thing to do to protect yourself is be able to spot the misleading content.
9 ways to recognise fake (spoof) emails
- Generic greetings
Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
- A false sense of urgency
Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorised transaction has recently occurred on your account, or claim PayPal (or whatever other legitimate company) is updating its accounts and needs information fast.
- Fake links
Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
- Emails that appear to be websites
Some emails will look like a website in order to get you to enter personal information. A reputable company never asks for personal information in an email. More on this later.
- Unsafe sites
The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
- Deceptive URLs
Only enter your password on the official secure company web pages. These begin with https://
- If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word "PayPal" somewhere within its address it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
- Never log in to secure web sites from a link in an email. Always log in to your secure web sites by opening a new web browser and typing in the URL manually.
- Misspellings and bad grammar
Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. These kind of mistakes also help fraudsters avoid spam filters by taking advantage of the way the filters process the text in the e-mail. Incorrectly spelt e-mails and poor grammar confused the filter and cause it to pass the e-mail on to you.
- Pop-up boxes
Reputable companies will never use a pop-up box in an email as pop-ups of these kinds are not secure. Only pop-ups spawning from the official sites can be considered safe.
Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment in a fake e-mail. It could cause you to download spyware or a virus. Reputable companies will never email you an attachment or a software update to install on your computer.
Questions legitimate emails will never contain
Legitimate emails from reputable companies will NEVER ask for the following personal information in emails:
- Credit and debit card numbers
- Bank account numbers
- Driver's license, passport or social security numbers
If you receive a spoof email the safest thing to do it to delete it immediatley. Under no circumstance should you click on ANY of the links or graphics in the email. Just delete the whole message.