Spam/Scam Emails
What To Look Out For

Image

Email scams are such a pain – tricksters bombard our inboxes daily with spam, junk and fake emails to get us clicking on/downloading malicious links and files. It is a battle most of us go through every morning with our coffee, bleary eyed and annoyed. 

90% of the emails we receive are spam/scam emails, and most of us are fairly wise to what is real and what is junk. But what about those who are less tech savvy? How do they know which emails are genuine, and which are scams? As spammers get more and more switched on in ways to scare us into action, here is a list of scam emails that you are best to avoid at all costs.


Phising Scams.

They usually imitate a known brand and then try to convince you to log in to your account. They normally try to scare you with tales that a.)  your account will be terminated if you do not take action b.) someone is trying to make an unauthorised transaction using your account or c.) someone is offering a sizeable 'refund' or payment which you need to collect.

The spammers can sometimes pose as common household names such as:
Amazon Cancellation Scams
Paypal Security/Termination Scams
Facebook Alert Emails
Apple ID Transaction Scams
Bank Scams (HSBC, Lloyds etc) asking for personal information/login details/even credit card numbers.

Don't fall for scam emails just because they contain household names, or just because you might have an account with that company. 

Phishing means that the scammer is trying to obtain your sensitive data, to try and trick you into typing details into a fake login area. They keep this on file and then use it to access your various accounts.

If you see an email from any of the above, and they are asking you to login to check/prove/authorize something, it is more than likely a scam email.

Because the true companies such as Amazon/Paypal etc are wise to email scams, they will never ask you for your details via email. Do not click on any links from these emails – the scammers are very clever and will make their fake website look very much like the authentic website. They will also copy the style of the login page so you might not notice the difference. If for any reason you are not sure, ALWAYS check the browser to see if you are on the correct website, with the official URL i.e. only amazon.co.uk (not amazonuk.co.uk or www.amazn.co.uk or any other variation), or type the URL directly into the browser to login to your official account. 

Here are some examples of these kinds of emails, so you can keep an eye out for them.


Image Image Image

‘Free Stuff’ Email Scams

These types of scams are trying to offer you something that is too good to be true, such as a free car, free holiday, free vouchers, or even free money (the age old Nigerian Prince bank account scam is an oldie but a goodie).

They are normally in the form of ‘you have won a prize’ - thinking you'll be so excited that you'll click on the link (leading to a key logging virus or Malware/Spyware). Sometimes they can be as smart as pretending to be your bank, prompting you to log in to a fake area and even enter in bank details.

The purpose of these emails is usually to defraud you, or steal your personal identity.

NEVER click on any kind of link, or download an attachment, from a sender you do not trust. If it looks too good to be true, it probably is.


Image

Sextortion / Blackmail Scams

The email is written in a casual tone of voice, from a young 'hacker' type, with a direct threat. They detail that the computer has been compromised, and the webcam has been used to capture them ‘abusing themselves’ whilst visiting an adult site. The scammer continues to say that if a large ransom fee isn’t paid via Bitcoin within a few days, then they will release the mature (and very private) video to all of the contacts in the address book. 

The scam is obviously very slanderous and of a sensitive nature, and sadly this has scared enough people into actually paying these con artists their good money. Recent versions of these sextortion scams even detail an old password (that the user has used in the past), which can really scare people into paying the ransom. These passwords are usually over 10 years old, and taken from very old databases of emails and passwords that were result of old hacks. Of course, the scammers do not really have the video/access to your list. Instead, they randomly send this email to tens of thousands of innocent users, hoping to trick a few people into paying up.

Regarding the scam, Brian Krebs has said ‘It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked website.’

As with any scam emails, do not reply or respond, leave well alone, and don’t believe a word they say.


Image

Number 1 Page on Google/ Social Media Expert Scams/Your domain is going to expire/Your emails will be terminated Scams

I get a lot of my customers asking me about these sorts of spam emails. ‘I have had someone emailing me saying they can get me to the top of Google.’ Sadly, there isn’t a magic button to SEO, and people who are not tech savvy might believe these too good to be true tales of beating the system. The only proven way to get to the top of Google is to directly pay Google money for advertising your website (in the form of Google Ads). If there was a way you could instantly get to the top, wouldn’t everybody be doing it?

Scammers like this are hoping you’ll fall for the bait, and click on that link. They might use it to ask for personal details, or even offer you a fake monthly service to get you to the top of Google. Either way, at its best treat it as a cold call, as its worst treat it as someone who is trying to steal your credit card details.

As with any service, seek somebody who is reputable and who can show you proof of their work. The same goes for emails about domain expiration or email account termination – do not trust any of these UNLESS they are from your hosting/domain provider. For example, if you have a website with Simplysigns, ignore all emails about domains/renewals/email accounts unless they are from Simplysigns. Likewise, if you have a domain with GoDaddy, make sure you only pay attention to those emails from GoDaddy.

Always pay particular attention to who the email is from. Make sure you have an understanding of who your hosting provider is so you know who to expect mail from. This way none of their scare tactics will worry you. 


Image

Weight Loss Spam/Male Enhancement Spam

These two things appeal to our deepest insecurities – and this is why spammers have used them for over a decade. They might have even been some of the earliest examples of scammers trying to get us to click on links – either to extort money from us, collect our personal information, steal our credit card data or offer us bogus services.

It should go without saying that you should not click on anything these emails are offering – it is safest and best to just delete them.


Image

REMEMBER – THE BEST COURSE OF ACTION IS TO ALWAYS IGNORE EMAILS FROM SENDERS YOU DO NOT KNOW OR TRUST (NO MATTER WHAT THEY SAY).

NEVER CLICK ON LINKS FROM UNKNOWN SENDERS.

NEVER DOWNLOAD ANYTHING UNLESS YOU ARE EXPECTING AN ATTACHMENT.

NEVER BELIEVE ANY EMAILS THAT ARE OFFERING FREE GIFTS/MONEY/ITEMS THAT SOUND TOO GOOD TO BE TRUE.

For more information on how to protect yourself from scam emails, please visit https://www.getsafeonline.org/protecting-yourself/spam-and-scam-email/