PCWorld (USA)

How to spot a scam email or text

Don’t fall for messages and texts with these telltale signs.

- BY JOSH NOREM

The fact that you and everyone you know will receive spam and scam emails (and texts) for as long as they live should be added to the famous Ben Franklin quote, “In this world nothing can be said to be certain, except death and taxes.” Spam is constant and ever present, and you likely have a few hundred messages sitting in your spam folder as you read this. The very fact that we even need to have a spam folder tells us there’s a problem.

However, you are a savvy inbox navigator and a seasoned connoisseu­r of Nigerian missives. The problem is, someone in your family is decidedly not. Maybe it’s your mother or father, an uncle, or even a step-relative. Here’s some advice to keep them safe.

ALWAYS KNOW (AND VERIFY) THE SENDER

An email from someone you know suddenly arriving in your inbox with no warning is a red

flag. Typically, when we get email from our family or friends, it’s about a topic we are actively discussing, so when there is no warning of an incoming email, tread lightly; it could be a scam. If there is a link inside this email, then it’s almost always a scam. Hackers and ne’er-do-wells can sometimes take over someone’s email account and just start spamming all of their contacts with nefarious links that seem safe but that will plant malware on your system, or worse. Luckily, this tactic is easy to counter since you can just verify if the person you think sent the email did indeed mean to send it. A simple phone call or text will do, and if they exclaim, “What email?” then you know what to do.

It’s also important to point out that when examining these emails, don’t just look at the name of the sender. Pay attention to the email address. For example, I got a spam email from Facebook recently, which is obviously fake, but when I clicked the drop-down for the actual address and CC’D people, I saw the details below. Even your grandma knows that is fishy. Not to mention the address Facebookma­il750@gmail.com (1)—come on, spammers, try harder.

ALWAYS CHECK LINKS IN EMAIL

As a general rule, it’s safest to never click any links in emails, even if you think you know the source, mostly because you might not actually know the source (see above) and clicking links in email is how the vast majority of people fall victim to phishing operations (see the U.S. presidenti­al election of 2016 [ fave.co/3hyl4ys] for how disastrous this can be).

That said, if you are sure of the source, and you are confident it is not a spam or scam email, you can always check the actual link prior to clicking it, and the process is quite simple. Just hover the cursor over the link in the email, and a little window will pop up in the lower corner of your browser (usually on the left side) showing you what the actual link. For example, when I hover over this masterfull­y written article’s link on Pcworld. com ( fave.co/3nrv6cu), I can look in the lower left corner to see where it will take me. You might need to enable this preview window in your browser, so if you don’t see link previews, click View in your browser’s

controls and look for something called Status Bar or a similar name (2).

When hovering over what you think might be spam links, you’ll usually see some very strange URLS that are not typical (3), which usually means it’s spam, of course.

SPELLING MISTAKES ARE A HUGE RED FLAG

Spelling mistakes, odd punctuatio­n, and weird use of language are probably the easiest red flags to recognize. The majority of scam operations are run from countries far away, where English is not their native tongue, and hence you get stuff like this (4).

Sure, nobody is perfect, and email can be seen as a casual way to communicat­e at times, so even we have typos in our emails from time to time. But if you’re reading an email thinking the person had a stroke while typing it, you should mark it as spam.

BE WARY OF EMAIL FROM BIG COMPANIES

You will likely never receive an email from Facebook, Apple, or Google, unless you are paying for a service from them, so it could be an invoice for icloud, or Google Storage, or similar. They will not usually just email you out of the blue to let you know there’s an issue with your account. They will, however, send you an email

when a foreign device logs into your account, but hopefully that’s you on a new device, and not some nefarious person. You should have two-factor authentica­tion enabled on all your accounts for online services anyway ( fave. co/3co510t), so something like this should not be possible in the first place.

That said, there are exceptions that can be safe. For example, I recently got an email from Google asking me to add a second phone number to my two-factor authentica­tion setup (5), and since Google is usually smart about these things, it thoughtful­ly included a non-clickable link at the bottom if I wanted to copy and paste it myself instead of clicking an active link. That’s because, as we’ve said previously, savvy users know to be wary of clickable links. Most big companies will also write in their emails to you that they will never ask for your password over email.

One more thing to note: Typically, if you do get an email from a big company like Facebook, there will not be clickable links within the email. It’ll be just to inform you of something. However, if you are curious enough to follow up on it, do so outside the email itself. Open Facebook, or your Google settings, or your iphone, and investigat­e the issue there instead of through the email you received.

TEXTS ARE JUST AS DANGEROUS AS EMAIL

I’ll admit it, I have definitely been curious about a few texts I have received, which were worded like, “Your Amazon package is delayed. Check its status here.” Most of us have an Amazon package en route often enough for this type of message to be applicable, but more often than not, it’s a scam. Text messages are much more dangerous than emails because there’s not really a way to see where the embedded link is taking you unless you preview it, but not everyone knows how to do that. Smartphone­s have gotten smarter by displaying a preview of what is linked in a box with an image, but of course the scammers have found ways around this, so there’s

usually not a preview box. The best thing to do, in almost every case, is simply ignore the text and block the sender.

In the link above (6), you know it’s a scam just based on the URL alone, but what if the message is more sophistica­ted? What if they use your name, or say something in the message that is actually applicable to your life? The same rules apply to texts as they do to emails—if you don’t know the sender, do not open any links. Even if you know the sender, contact them to verify they are the ones who sent it. Either way, your life will not deteriorat­e in any noticeable fashion if you simply do not click the link provided (7).

SUMMARY

To sum things up, the vast majority of phishing and malware attacks are only successful if the target clicks on a link provided. While there are “no click” malware attacks going around right now, they are expensive for a third party to purchase on the black market, so they usually target high-level government employees, journalist­s investigat­ing corruption, and those types of people. Most regular people, will only get scammed if they respond to a mysterious message, whether it’s via email or text. So be safe, and do not click on links you get that seem fishy, no matter how curious you might be about it.

 ?? ??
 ?? ?? 1
1
 ?? ?? 2
2
 ?? ?? 4
4
 ?? ?? 3
3
 ?? ?? 5
5
 ?? ?? 6
6
 ?? ?? 7
7

Newspapers in English

Newspapers from United States