Phishing the Uninitiated

What the Phish

A couple of days ago, after an immensely exhausting day at work, I came home to a screaming toddler and a five-year old who refused to stop talking. My exhaustion was further supplemented by a lively dinner which ended with me getting pasta in my hair and on the recently cleaned floor.

Bedtime that night felt godsent. I was tired and having a quiet house felt like a blessing. I used this pocket of silence to check my private email, with ears perked up waiting for my toddler to wake up for the first of six times he normally does in the night.

As I was scrolling down the list of eye-catching sales (Hello Sephora!) something else caught my eye. It was an email from a John Smith (nope they could not think of a more cliché name). Apparently a very rich highly influential banker from the UK was dying of cancer would like to distribute his wealth before his passing. He wanted to do this as he had no relatives and would like to reward me for my work in humanity. This raised a number of red flags. However, I was intrigued. I did do good work in humanity- I mean my kids are still alive, aren’t they?

Jokes aside, I knew immediately this was a scam email preying on unsuspecting, needy or even greedy internet users. I scanned the email for clues and found these typical traits in scam emails: –

  1. It contains a mismatched URL.
    Most times, the URL in these emails seem valid, especially to gullible old grandmothers. But if you were to look closely, the hyperlink address is normally different from the from the displayed address. This would have raised flags enough to the informed but those less exposed to knowledge of these scams will probably never even think to scan the hyperlink address much less be suspicious of it.
  2. URLs contain a misleading domain name
    How many times have we gotten emails with weird sounding names. Like seriously why would Mary of Sudan Bank have an email which goes like mary.brown@bankofsudan100.com? If she worked in a bank, I am pretty sure this bank would have invested some sum towards getting a more legit sounding domain.
  3. The message contains poor spelling and grammar.
    If an email comes in with poor grammar and misspellings, please mark it spam. Even if it isn’t a phishing email, mark it spam anyway because- bad English. I’m kidding. Unless you know the person emailing you, ignore it if it is saying things which are too good to be true in broken English and badly formed words.
  4. The message asks for personal information.
    No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number, if it does you need to change banks. It should already know what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
  5. The offer seems too good to be true.
    There is an old saying that if something seems too good to be true, it probably is. I mean really, why would a person you don’t know give you USD2 million when your own husband refuses to buy you a USD7 thousand handbag? If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
  6. You didn’t initiate the action.
    Last week I received an email claiming I had won the lottery. The only problem is, I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.
  7. You’re asked to send money to cover expenses.
    One tell-tale sign of a phishing email is that you will eventually be asked for money. They may be rich enough to give USD2 million to a stranger. But cannot afford to pay the cost of transferring this cash. They may use other excuses too like tax, fees or other similar costs. You may not get hit up for cash initially but the requests will come soon after.

Email scams like these are rampant. If you were to go to your spam/ junk inbox, you will likely be inundated with them. A well-informed person may not give these sorts of emails a second glance. However, imagine how an elderly person who just recently learned to use the computer may react to this? Or a young temp or junior clerk just embarking on their first job. A cash injection of these proportions are epic. They may just be gullible enough to fall for it.

 

So, if ever you do get a similar phishing email, remember these tips:

  1. Have a good spam filter. Virtually all major e-mail services do some basic filtering before messages hit your Inbox. Many e-mail clients, including as Apple’s Mail, also include filtering tools.
  2. Never click on a link in an e-mail message unless you were expecting it. This is especially true for e-mails that seem to be from your bank, online retailers, or PayPal.
  3. Don’t ever send sensitive information—especially account numbers, credit card numbers, and usernames/passwords—in e-mail replies. No legitimate site will ever ask you to do so.

At the end of the day the thing which ensures you do not get lured into this is awareness. Since phishing scams target the uninitiated, it is crucial that we ensure our society is well-educated and well informed of phishing and how it operates. By educating our society we can ensure the downfall of these scams and the rise of another, before we curb that too eventually.