Every day hackers and fraudsters send millions of fraudulent emails to millions of email inboxes worldwide. Whilst some of these emails are obvious frauds riddled with grammar and spelling errors, others can be much harder to spot. You may have seen our previous post on the relatively new Business Email Commerce (BEC) fraud if you haven’t already click here to find out more. If you have read it you’ll know just how scarily convincing this new type of fraud can be.
So how can you tell the difference between a fraudulent message and a genuine message?
Here are some handy tips on how to spot a fraudulent email:
The address of the sender doesn’t match the website address of the organisation they’re claiming to be from.
- Simply roll your mouse over the sender’s name to reveal their true address.
The email uses a generic name when addressing you such as “Dear customer” instead of your name
- Even if the person contacting you knows your basic details (name, address, etc.), it still doesn’t mean that they’re not a fraudster.
- Remember it’s very easy to find out basic personal info with the use of social media or a search engine.
They present a sense of urgency urging you to act immediately
- Using words like “ASAP” or “act quickly now”.
- Remember a genuine bank or trusted organisation would never force you to make a financial transaction on the spot and would never ask you to transfer your money into a “safe” account.
There’s a request for personal information
- This could be bank details, your name, address, card details, pin number, etc.
- Always question uninvited approaches for your personal information.
- If you do receive an email and you’re unsure whether the organisations request is genuine or not, contact the company directly using a known email or phone number.
There are spelling and grammatical errors
There’s a website link to a site which may seem like the proper address of the organisation they’re pretending to be from
- However, it may have one character different or contain other characters such as letters or numbers.
- Never be tricked into giving access to your personal or financial details by clicking on hostile links within a fraudulent email.
- NEVER automatically click on a link within an unexpected email or text.
Unfortunately, there isn’t just one key feature to look for when identifying a fraudulent message, which is why this list contains so many features.
When it comes to fraud it’s important to stay in control. If you’re ever not sure or feel uncomfortable with any unusual requests for personal or financial information, or simply have a gut feeling that something isn’t quite right it is always best to stop the discussion promptly. You can then contact the organisation through the channels you trust such as their certified website, phone number or number on the back of your payment card.
Here are some examples of the types of fraudulent emails we have encountered:
Your bank or organisations you deal with should never:
- Phone and ask for your pin or full banking password, even by tapping them into your phone keypad
- Ask you to transfer money to a “safe” account for fraud reasons, even if they say it is in your name
- Ask you to withdraw money to hand over to them for safe-keeping
- Send someone to your home to collect cash, PIN, cards or cheque books if you are a fraud victim
- Ask you to purchase goods using your card and then hand them over for safe keeping
Remember if you do find that you’ve received a fraudulent message the vast majority of banks and organisations have a scam team that deals with investigating suspicious emails and messages and working to take down the hackers or fraudsters behind them. We would therefore highly recommend that you forward any messages to the bank or organisations fraud team in order to help stop the fraudsters from being able to scam more people.
All this information and more is available through the government’s Take Five To Stop Fraud initiative – https://takefive-stopfraud.org.uk/