More often than not, our email providers’ spam filters will catch an email scam and keep it out of our inboxes.
But, occasionally, one will slip through.
We are starting a series of articles aimed at helping you recognize and avoid online scams. This is our first one that was submitted by our oddest oddball, Gabriel.
An email scam slips by Gmail spam filters
Gabriel was trying to enjoy his afternoon when, suddenly, his phone alerted him of an incoming email. He checks the subject line to see he has “won Facebook funds.” Presumably, adverting credits.
Normally, this would set off alarm bells. However, a lot of digital advertisers have been giving away small amounts of advertising during the coronavirus outbreak.
So, Gabe opens it and realizes he is reading a scam email.
What did he see that alerted him to that fact?
What he saw
Here’s the email in question with everything Gabriel noticed wrong.
We’ll go from left to right here to explain what it is that should raise eyebrows.
First, email@example.com could be a real email. However, that’s the “name” of the sender. Taylor, if that even is his real name, typed an official-looking email into the name section of his email account to hopefully slip it by everyone who gets this email. The actual email is coming from firstname.lastname@example.org. Eventbrite is another company that helps people organize and sell tickets to events. That’s another red flag.
Taylor probably set up an empty event and uploaded his email list to the event to send out an email to the “attendees” and the Eventbrite email address is what helped the email get through spam filters.
Then, to make things even more sketchy, the reply to is clearly a personal email. Facebook would never have a personal email be the reply-to address.
You’ve heard the saying, “If it’s too good to be true, it probably is,” right? Facebook has a lot of money, but giving away $520,000 to someone on a whim is probably a lot. Especially when they didn’t enter a contest or anything. Also, why the additional $20,000, Taylor?
Also, let’s pop up to the intro. Dear who? What happened here is they forgot to add the token that automatically brings in the first name of the addressee.
Finally, outbreak is one word. Not two.
How to spot an email scam
If you get an unexpected email in which you’ve won something or will involve you making a payment, look it over.
It may look real and use a well-known business’ name and graphics. But that’s the method of phishing. the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Here’s what you need to look out for:
- Companies won’t request your sensitive information via email
- Companies usually call you by your name in emails
- Emails from the real company will use their domain in emails. Such as Mark@Facebook.com
- You’ll rarely, if ever, see a typo in an email from a legitimate company
- Unsolicited emails with attachments are a red flag
- Again, if you’re getting something huge in return for something you don’t remember entering it’s probably a scam
What if I responded or gave them sensitive info?
If you simply replied to the email, you’re likely fine. However, if you clicked a link or gave them sensitive information such as a credit card number, social security number, or something like that you need to take measures to protect yourself.
If you think you gave a scammer important information, go to IdentityTheft.gov. You’ll get specific steps to take based on the information you gave the scammer.
If you clicked on a link or opened an attachment that downloaded harmful software, run a scan with your computer’s antivirus software.
After you’ve protected yourself, forward the email to the Anti-Phishing Working Group at email@example.com. Then, report the phishing attack to the FTC at ftc.gov/complaint.
Do you have a digital scam you want us to do an article on?
Now, it can’t be something like Amazon sent you “Twilight Breaking Dawn” DVD instead of “The Notebook.” While that is incredibly unfortunate, that’s not we’re talking about.
It needs to be someone intentionally deceitful trying to get you to send them money or sensitive information. You can send it to firstname.lastname@example.org.