By Bill MacLennan, CEO of Your Computer Hero
I received a very tricky email the other day. It appeared very official, stated it was from American Express, and asked me to violate one of my sacred rules for email hygiene by asking me to kindly “take a moment to confirm I received my card,” offering two links, one to confirm online and the other to confirm through an ap.
Never, Never, Never trust a link in an email unless:
- I know the sender personally
- I am expecting the email
- I have inspected the senders entire email address for validity.
After investigating the email and contacting the fraud department at American Express, I have concluded that it is a legitimate email. However, in a climate where phishing and social engineering scams are growing increasingly savvy, it amazes me that a large company would send out such an email. Most don’t.
Therefore, I continue to advise against ever clicking on these links or any other link in an email like this, no matter how legitimate it may seem. You have little to gain and much to lose if it turns out to be a scam. If it is a matter of activating a new credit card, there is always a phone number that comes with the actual card. Card confirmation may be required, as the subject line in the email indicates, but clicking a link in any email like this is certainly not. Please beware of ANY email you receive that appears to be from a large company that asks you to click on it.
Having said this, let’s explore a few basic characteristics of scam emails as we commonly see them today. Again these scams grow more sophisticated and legitimate looking by the day. I think it makes sense to share what I look at with these, I have included a screen shot of an obvious scam for reference here.
The #1 Tool in the scammer’s toolbox is GETTING YOU TO PANIC! It is not always what you see in an email, but what you feel. Scammer’s know that your ability to reason goes down exponentially when you are emotional. If they can find your panic button, it will lead to you divulging private information like your social security number and/or credit card numbers. If you are panicked by something you see in an email, stop immediately, take a breath and fact check using another source.
You can see in the “Capital One” example that the subject line says, “Account Locked #80485612857’” this is designed to get you panicking. This also applies to scammers who may call on the phone. The latest has been another wave in scammer phone calls where the caller announces that there are warrants for your arrest. Don’t get swept away in panic. Always, always, always verify any statements made over the phone or email with another source.
A couple more points of interest on the Capital One example:
- Always note the entire email address.in this case it’s firstname.lastname@example.org. If I go to Capital One company the URL is actually capitalone.com, not “georgia.gov,” and not “funstomp.online.” There is obviously something fishy here.
- You will also often see misspellings or grammatical errors in these types of emails.
- One last point of interest is the simplicity of the email format and the use of the logo. The logo looks a little pixilated in the email, like it was copied from the website and pasted into the email.
The above 3 points are pretty obvious, but you would be surprised at the number of people who get duped, probably because of the emotionally charged nature of emails like this.
If you ever have a question about the legitimacy of an email, or if you are inundated with scam emails like this, we can help you by enabling email filtering and security software. Our tech heroes are standing by to answer your questions.