I get these in my inbox daily! What drives me crazy is that it must be profitable and someone is falling prey or it wouldn’t continue. I decided to share this little masterpiece (I am sarcastic there in case you missed it!) and explain a bit on how to spot a phishing email.
What is a phishing (pronounced fishing) email? It is an email where a third party (someone we don’t know or do business with) sends you a message disguised as a second party (someone we do know or do business with) in an attempt to get you to provide personal information, like your bank account number, social security number or credit card information. If you give them information, they can go shopping on your dime.
In this example, someone is pretending to be Amazon in hopes I will push the little button and give them my password for Amazon. Then they can access my account, place an order and have it delivered to their door. In actuality, they send it to someone else’s door and watch for delivery, then nab it. That way it can’t be traced to them and someone else gets the blame. UGH!
So how do I know it’s not from Amazon? The fact that I don’t have an Amazon account would be a clue. But let’s say I do. Notice in the greeting they do not address me by name. It says, “Hello, From Amazon!” If this were a message from Amazon, and I had an account with them, they would address me by my name, “Hello Mrs. Sarcastic!” That is your first a big clue. The next clue would come in the form of grammar. Amazon and other financial institutions hire people and pay them good money to write grammatically correct messages. In this example, the first sentence states, “You have entered wrong password for many times.” I think a fourth grader would be able to correct that grammar. Let’s see if the second line is better! “As our security measure, we need more informations from you.” Are you seeing the pattern here? If the grammar is poor, it’s a fake.
So what can you do if you get these emails? My first advice, “DO NOT CLICK ON ANY LINKS.” There are two ways to handle the emails.
- One is to be proactive and attempt to help the organization that they are pretending to be. This helps to protect others who may not be as savvy about the email as you are. If this is the route you chose, contact the company (In this case, I would go to Amazon.com and search for their phishing department. When I put the words phishing email into their search engine, directions come up telling me to attach the email to another email and send to “firstname.lastname@example.org” It tells me they take it seriously. Then leave it up to them to find out who is using their name and potentially causing harm to their customer. Delete the email from your account.
- The second option is to just delete the message from your inbox and be done with it.
I find some companies to be very happy to get the information and give me every indication that they are working to stop it. They have departments that seek out these creeps and shut down their organization. Other companies seem to be less appreciative. I like to give them the option to deal with it and I choose not to do business with anyone who doesn’t take it seriously. The sad part is even after being shut down, these folks turn right around and set up other scams. And they set them up because they are successful in enough instances and enough people fall prey to them that is it profitable. I feel obligated to do what I can to stop it.
Steps to protect yourself:
- Do not open any links in an email that you do not expect. I even question friends before opening their emails if I have something without an explanation.
- Do not reply to any unknown emails, this includes unsubscribing to the email. It’s better to block them.
- Even if you suspect the email is valid, do not reply to the links. Go directly to the website of the institution you do business with and make your adjustments from there. Do not click on a link from an unknown email.
- Report suspect emails to the company they are posting as
- If you do fall prey, contact the “real” company immediately and let them know. Change your password and add additional security to all of your accounts.